(ISC)²

Certified Cloud Security Professional (CCSP)

(CCSP.AE1)/ISBN:978-1-64459-187-1

This course includes
Lessons
TestPrep
Hands-On Labs
Certified Cloud Security Professional (CCSP)

Create new career opportunities by being CCSP certified with the (ISC)² Certified Cloud Security Professional course and lab. CCSP study guide covers the CCSP exam objectives and offers hands-on learning experience in topics such as Data Classification, Cloud Data Security, Cloud Application Security, Operations Management, and many more.

Here's what you will get

(ISC)² CCSP certification validates a candidate's advanced technical skills and knowledge required to design, manage, and secure data, applications, and infrastructure in the cloud using best practices, policies, and procedures established by the cybersecurity experts at (ISC)². (ISC)² Certified Cloud Security (CCSP) certified professionals will have the required knowledge and skills to manage cloud security.

Lessons

12+ Lessons | 165+ Quizzes | 85+ Flashcards | 108+ Glossary of terms

TestPrep

125+ Pre Assessment Questions | 3+ Full Length Tests | 125+ Post Assessment Questions | 375+ Practice Test Questions

Hands-On Labs

37+ LiveLab | 00+ Minutes

Need guidance and support? Click here to check our Instructor Led Course.

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • Overview of the CCSP Exam
  • Notes on This Course's Organization

Lessons 2: Architectural Concepts

  • Cloud Characteristics
  • Business Requirements
  • Cloud Evolution, Vernacular, and Models
  • Cloud Computing Roles and Responsibilities
  • Cloud Computing Definitions
  • Foundational Concepts of Cloud Computing
  • Related and Emerging Technologies
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 3: Design Requirements

  • Business Requirements Analysis
  • Security Considerations for Different Cloud Categories
  • Design Principles for Protecting Sensitive Data
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 4: Data Classification

  • Data Inventory and Discovery
  • Jurisdictional Requirements
  • Information Rights Management (IRM)
  • Data Control
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 5: Cloud Data Security

  • Cloud Data Lifecycle
  • Cloud Storage Architectures
  • Cloud Data Security Foundational Strategies
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 6: Security in the Cloud

  • Shared Cloud Platform Risks and Responsibilities
  • Cloud Computing Risks by Deployment Model
  • Cloud Computing Risks by Service Model
  • Virtualization
  • Disaster Recovery (DR) and Business Continuity (BC)
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 7: Responsibilities in the Cloud

  • Foundations of Managed Services
  • Business Requirements
  • Shared Responsibilities by Service Type
  • Shared Administration of OS, Middleware, or Applications
  • Shared Responsibilities: Data Access
  • Lack of Physical Access
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 8: Cloud Application Security

  • Training and Awareness
  • Cloud-Secure Software Development Lifecycle (SDLC)
  • ISO/IEC 27034-1 Standards for Secure Application Development
  • Identity and Access Management (IAM)
  • Cloud Application Architecture
  • Cloud Application Assurance and Validation
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 9: Operations Elements

  • Physical/Logical Operations
  • Security Operations Center
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 10: Operations Management

  • Monitoring, Capacity, and Maintenance
  • Change and Configuration Management (CM)
  • IT Service Management and Continual Service Improvement
  • Business Continuity and Disaster Recovery (BC/DR)
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 11: Legal and Compliance Part 1

  • Legal Requirements and Unique Risks in the Cloud Environment
  • Potential Personal and Data Privacy Issues in the Cloud Environment
  • Audit Processes, Methodologies, and Cloud Adaptations
  • Summary
  • Exam Essentials
  • Written Labs

Lessons 12: Legal and Compliance Part 2

  • The Impact of Diverse Geographical Locations and Legal Jurisdictions
  • Business Requirements
  • Cloud Contract Design and Management for Outsourcing
  • Identifying Appropriate Supply Chain and Vendor Management Processes
  • Summary
  • Exam Essentials
  • Written Labs

Hands-on LAB Activities

Architectural Concepts

  • Capturing Network Traffic
  • Creating a Virtual Machine
  • Using an Asymmetric Algorithm
  • Installing Ubuntu Using Server Manager
  • Using a Symmetric Algorithm

Design Requirements

  • Using Windows Defender
  • Creating a Demilitarized Zone
  • Configuring a VPN

Data Classification

  • Displaying Metadata Information
  • Creating a Standard ACL
  • Enabling an Access Control List

Cloud Data Security

  • Building IPSec VPN
  • Configuring RAID 5
  • Generating a Symmetric Key
  • Generating an Asymmetric Key
  • Observing an MD5-Generated Hash Value
  • Observing an SHA-Generated Hash Value

Security in the Cloud

  • Performing a DoS Attack with SYN Flood
  • Performing a MITM Attack
  • Using Social Engineering Techniques to Plan an Attack
  • Installing Web Application Proxy
  • Performing a Credential-Based Brute-Force Attack
  • Taking a Full Backup
  • Taking an Incremental Backup

Responsibilities in the Cloud

  • Setting Up a Honeypot on Kali Linux
  • Configuring a Firewall for Inbound Rules
  • Removing Unnecessary Services
  • Using the Event Viewer

Cloud Application Security

  • Authorizing a User
  • Examining File Permissions
  • Conducting Cross-Site Request Forgery with Low Complexity
  • Attacking a Website Using Cross-Site Scripting (XSS) Injection
  • Conducting IP Spoofing

Operations Management

  • Verifying RAM Usage
  • Checking Disk Capacity
  • Using MBSA

Legal and Compliance Part 1

  • Completing the Chain of Custody

Exam FAQs

To qualify for this cybersecurity certification, you must pass the exam and have at least five years of cumulative, paid work experience in information technology, of which three years must be in information security, and one year in one or more of the six domains of the (ISC)² CCSP Common Body of Knowledge (CBK).

USD 599

Multiple choice

The exam contains 125 questions.

180 minutes

700

In the event that you fail your first attempt at passing the CCSP certification, ISC2's retake policy is:

  • If you don’t pass the exam the first time, you can retest after 30 days.
  • If you don’t pass a second time, you can retest after an additional 90 days.
  • If you don’t pass a third time, you can retest after 180 days from your most recent exam attempt.

Three years