All ISC CCSP certification exam dumps, study guide, training courses are Prepared by industry experts. PrepAway's ETE files povide the CCSP Certified Cloud Security Professional (CCSP) practice test questions and answers & exam dumps, study guide and training courses help you study and pass hassle-free!

Domain 3 (Cloud Platform & Infrastructure Security)

3. Virtualization and Storage

Hello guys. Let's start. The next one is virtualization. We have already discussed it in the first domain one. But let's try to understand once again. Types one and two of hypervisor So usually there is a physical server; here it's a blade server, okay? And on top of the server, we're installing an ESXi hypervisor version six, five, or whatever the most recent one is. And on top of ESXi, we are installing OS, OS, and OS. Data centre virtualization is enabled by the applications—or apps—that can be installed on top of the operating system. Usually, there is desktop virtualization or application virtualization. Another one is like having a server. This is a type 1. We have a server, and on the server we have been installing an operating system. It could be anything. It could be Windows 10 or 8. On top of it, we are using a type II hypervisor.

VMware workstations or HyperV are examples of this. HyperV is available in both hypervisors, here and here, and can be installed directly on top of the server. On top of this, we are installing OS, OS, and OS. As a result, the second two are not recommended for the Claude or other because they are a direct operating system attack on it. It can bring everything down. But this one is preferable. However, there are type 1 and type 2 hypervisors, and virtualization is available. So the next one, the attack, is there. What attack is there? Here they are all connected. Operating systems are connected with the switch, a virtual switch, or a software-defined network (SDN). The issue here is that an attacker could attack it and cause it to VM hop. So one operating system should not communicate with the other. Actually, they are all on the same network. So you have to create some sort of private VLAN. Assume this operating system is owned by Organization One. This is not XYZ's; it belongs to someone else. This belongs to someone else in a data center. So they all should be in a private room. They are all logically connected to the virtual switch. But they should all be on a different VLAN issue. Interval attacks, also known as VM hopping, can be facilitated by virtualization on a faulty hypervisor.

And once your virtual machine is stopped, okay, on your server, this is your server, and this is your ESXi. And there's a VM. If your VM is operational, it can be accessed as a file on another computer. And you can access it and start it. As a result, a third party could potentially access a stopped VM's file system. So the first obvious issue with any type of storage is storage. So to provide, we need to use Raid. Okay. As a result, Raid is a critical redundant array of independent disks. As a result, there are fundamental levels for the read zero in rate zero. There are two disks. So when a user gives anything to the computer, he will write one block like A-B-C-D-E-F. In this level, the writing speed will be fast and the reading speed will be fast because, whatever computer is working, there are two drives that are working. But in this case, if this drive fails, the data on it will not be useful. So there is no backup plan. During the raid, one comes across what is also known as "mirroring." Mirroring means when a user gives work to a computer, it's stored at the minimum level the hard drive requires too. So it stores in the following order:

A block, B block, C block, C block, mirror. So if this hard drive fails, no problem. Add one more hard drive here, and they will synchronize. We have a backup, although we already have a backup. So data is copied from OneDrive to another application with the same metering. But what if you only have one disc and need another? So you'll need two terabytes in total. So the rate of five is successful. Again, this user is storing it in the following manner: "This is your minimum of three required drives: two and three." As a result, A and parity AB are equivalent. So A, V, and a backup of these two And then again here, AB, and the backup is AB, and then again AB, a, b. So in this case, if any one hard drive fails, you add a new hard drive, and they all have synchronised backups, so there's no data loss. But if the two hard drives fail, there is a problem. In that case, we use six parity and six double parity, like double and double backup systems. Then again, it was successful. We use red 10. In red, 10 is basically here; it is going here, and again, it is divided. Here is disc one and a copy of disc one. And here is disc two, an exact copy of disc two's combination of raid one and zero. So if this drive fails, we have a backup. If this drive fails, we have a backup. Okay, so both fail.

Then, in addition to the rate, we should always have some other backups. As a result, CSP will provide you with storage in the form of a Blob file or storage. The client will then gain access to it through the use of an API. storage object, where object files are stored with additional metadata. Technically, object storage can implement redundancy as a way to improve resilience by dispersing data by fragmenting and duplicating it across multiple object storage servers. So if you are storing something on one server, it should replicate it on the other servers. Maybe three copies, four copies, five copies, or up to 16 copies. When you update a file, you may have to wait until the change is propagated to all applicants before requesting the latest version; it should replicate it on all of them, and only you will be able to access it.

4. Management Plane

Hello guys. This one is now the management plane. Management plans allow the administrator to remotely manage any or all of the host. So remotely managing all the hosts The key functionality of the management plane is to create, start, and stock virtual machine instances and provision them with the proper virtual resources, such as CPU memory, permanent storage, and network connectivity. So this is your physical server. You have installed Hypervisor on VMware ESXi host six five or six seven, and then you go to the machine. You installed client software here. VMware client software, they should be connected either directly or with the help of a switch.

So, from here, you can create multiple operating systems, and for each operating system, you can assign a specific RAM CPU and hard disc drive, and you can install VMware client software on any of the machines. You should be able to create, delete, or give resources to the machine via a wide area network, a VPN connection, or other means of connectivity. So the management plane is the most powerful tool in the cloud infrastructure, which integrates authentication, access, control, and logging with monitoring. So that is the good thing. Apart from that, from here you can monitor things like which operating system is under load, how many people are accessing those resources, and so on. You can also have a web-based system, which allows you to go anywhere in the world, open your browser, type the name of the server, and enter authentication. Machines can also be used to create V-Centers and other cloud computing systems. Risk management is the setup, process, and structure to systematically manage all risk to the enterprise. So risk management and risk analysis are there. So, starting in the next slide. Thank you.

5. Policy and Organization Risk

Hey guys, let's start with policy and organisation risk. Policy and organisation risk are related to the choices that the Claude service consumer makes about the Claude service provider. So understand that they are related to the choices that the cloud service consumer makes about the service provider. So some of the consequences of outsourcing Its services are the most popular, locking out customers who have invested heavily in governance but are unable to implement required controls, posing a compliance risk. The fourth factor is provider exit. Another risk is that they will fall short of your expectations in terms of performance, operability, integration, and security. So what's your realization? Is there resource exertion now that risk breakout snapshot and image security and spread has reached risk number one? Is there control failure isolation, insecure or incomplete data deletion control conflict, loss, and software-related risk? Legal risk is the biggest risk.

Jurisdiction is there. Law enforcement is there, and licencing is there. Legal risk collar computing introduced an external service provider, compromising the guest's identity. API compromise attacks on provider infrastructure and connecting infrastructure So those are the claw attacks. So, consumer strategies highly recommend that you implement multiple layers of defence against any risk and multiple controls for the consumers, okay? There should be an additional control to catch the failure of the first control, compensating control equally for a control that directly addresses a risk. If one backup to backup, three backup failures should be compensated for by something else: continuous uptime. This implies that every component is redundant: your cooling system, your electricity, your servers, your network, your storage devices—everything should have a backup plan. If one physical server fails, the operating system should replicate it to another one so users can access it.

So if your one storage drive fails, you should have a double application point so users can keep accessing it, okay? It enables individual components to be updated without disrupting the cloud infrastructure, which is the point here but should be there and 24 x 7, so as the risk is 24 x 7 automation of control on the technical level, control should be automated as much as possible, ensuring their immediate and comprehensive implementation. So, access control must be reconsidered because new technology and a new service model have been introduced in computing. Depending on the service and deployment model, are the responsibility and actual execution of the control canaries within the cloud service consumer and the floor service provider both okay? So the multi-tenant nature of the claw vulnerable to data loss and malicious attacks. Computer or floor access, cage or rack access, access to a physical server or host hypervisor, virtualization guest operating system VM access, developer access, customer access, database access, right vendor access, remote access, and application and software access are all listed as access control building components. So we'll begin with that.

6. Business Continuity and Disaster Recovery

Hey guys, my name is Mukes Singh, and we are learning CCSP. And here is domain number three. In the domain, three people are learning about risk audit mechanisms. The purpose of a risk audit is to provide reasonable assurance that adequate risk controls exist and are operationally effective. So, what exactly is the risk that this book examines? The Claude Control Metric Server is used as a framework by the Claude Security Alliance to enable collaboration between cloud service consumers and cloud service providers. on demonstrating educated risk management.

So what is the risk, the level of the risk, and the effectiveness of the risk management by doing the risk audit on both sides? So in the cloud environment, what is important is BCDR (business continuity and disaster recovery). These are the two important keys here. Business continuity needs to be there, and if any disaster happens, there should be a disaster recovery plan. So how on earth does Claudelike keep your server working? So, in one sense, Claude, you are using one specific server service provider, which is a cloud service provider. So if this server fails, you should have another server in the same organization. That could be an alternate solution. Usually, the service provider does that.

So if any of his machines fail or anything happens, there is a backup to ensure business continuity or register recovery. There's one global service-consumer primary provider here. If this is failing, another one is there, and you have another you are using; here it is an ISP, and you can create a connection to the one service provider, and you can have another service provider. As a result, if one service provider fails, you have a backup or an alternate service provider. So your business could continue to operate, or suppose there is a disaster, such as a fire, natural disaster, earthquake, or machine failure. So you have an alternate backup plan for business continuity to be there. So BCDR planning number one is data and processing. Second is the current location of these assets, the network between the assets and the sites of their processing, how fast it will synchronize, and the actual and potential location of the workforce and business partners in relation to the disaster event. So there you have it.

7. Business Continuity and Disaster Recovery Planning Factor

Hello, guys. We learned about this BCDRplanning factor data and processing the current location of assets as well as the network between the assets and the site in the previous slide. e site. Thprocessing itscessing and potentialtential location So the next important one is recovery sites and recovery service level. RSL, so let's talk about a critical factor for all network administrators: clock security. Theity the first one isRTO RTO is an abbreviation for Recovery Time Object.

RTO is a measure of how fast you need each system to be up and running in the event of a disaster or critical failure. So, if a failure occurs, how long will it take to tell you how quickly it occurred in months, weeks, days, hours, and seconds? So you'll see 99.7 or 8 or 9% of the time as you take inventory for all the various systems. It is important to realise that not every system needs to be up instantly, and you should take the time to prioritise each system according to its respective time.

So if your disaster happened, you should know that these are the first priority, second priority, third priority, and fourth priority to make up. So, request the next recovery point and specify how much data you can afford to lose as a company in terms of time. So how much data can your company afford to lose? It is measured again in months, weeks, days, hours, minutes, and seconds. Unlike RTO, you may have RTO that applies to all systems due to governmental regulation or contractual obligations that may force this differently and RTO for each time.

So after we make it up, prioritise the data, and do everything, RSL is a recovery service level. For many of you, this will be something new. However, it will help you contain costs as you move forward. RSL is expressed as a percentage ranging from 0% to 100%. The amount of computing horsepower required during a disaster is determined by the percentage of your production system that is available. So how much power do you need to make all the CPU systems, servers, hard drives, and everything else up and running? If you are a manufacturing facility, then you have been collecting shop floor data and shop burn dawn. You will only need a fraction of that collection, and that is none of our business.

Let's get back to the slides here. These are the three occasions when BCDR (business continuity and disaster recovery) has been effective on the points listed below. Is the data sufficiently valuable for additional strategies? What is the required RPO? That is a tolerable amount of data loss, regardless of how much your company pretends to lose or is willing to lose in terms of the required RTO.

That is what makes the inevitability of business functionality tolerable if your systems are done for however many minutes it is tolerable what types of disasters are included in the analysis. Does that include provider failure? What is the necessary RSL for the system covered by the plan? So those are the effective points: one benefit of having business continuity, disaster recovery, and a collegial environment is that we can go beyond the geographical boundary. So, guys, this is the end of domain three. Thank you very much for your patience. We will be moving soon to domain number four. Thank you.

ISC CCSP practice test questions and answers, training course, study guide are uploaded in ETE Files format by real users. Study and Pass CCSP Certified Cloud Security Professional (CCSP) certification exam dumps & practice test questions and answers are to help students.