upto 50% Off Upgrade your Skills with our Special Offers! JOIN NOW X

Domain 1: Architectural concepts and design requirements

The “Architectural concepts and design requirements” domain from the CCSP certification curriculum, has 19% weight age in the exam. This CCSP domain broadly tests a candidate’s design and security skills in context to the cloud environment and focuses on the following objectives:

  1. Understanding of cloud computing concepts
  2. Describing cloud reference architecture
  3. Understanding of security concepts in context to cloud computing
  4. Understanding of design principles for secure cloud computing
  5. Identifying trusted cloud services

Let us take a deeper look on the objectives of the “Architectural concepts and design requirements” domain of the highly valued CCSP certification:

  1. Understanding of cloud computing concepts

The primary objective of this domain is to tests whether the candidate has an understanding of cloud computing concepts. The CCSP exam expects the candidate to have an in-depth understanding of

  • Cloud computing definitions (ISO/IEC 17788): provides an overview of cloud computing along with a set of terminology and definitions. This document helps all types of organizations including government, non-profit, and commercial who are planning to move their services to the cloud.
  • Cloud computing roles: Cloud computing roles can be classified as:
    1. Cloud service customer:An organization/individual who uses the cloud services
    2. Cloud Service Provider: A company that provides cloud services to the cloud customers
    3. Cloud Service Partner:A company that supports cloud service provider services and works alongside the cloud service customers

This domain evaluates the know-how of the candidate of the above-mentioned cloud computing roles.

  • Key cloud computing fundamentals such as:
    1. On-demand self-service
    2. Computing capabilities like server time and network storage can be provisioned)
    3. Broad network access
    4. Multi-tenancy
    5. Rapid elasticity and scalability
    6. Resource pooling
    7. Measured service should be noted these terms are defined more broadly in the NIST 800-145 document.
  • How to build block technologies such as virtualization, storage, networking and databases
  1. Describing cloud reference architecture

The second sub-objective validates the knowledge of candidates in:

  • Cloud computing activities(ISO/IEC 17789, Clause 9)
    The ISO/IEC 17789 document defines cloud computing architecture definitions, reference architecture concepts, user view, functional view, relationship between user view and the functional view among other concepts.
  • Cloud service capabilities such as types of application capability, platform capability, and infrastructure capability
  • Various cloud service categories namely:
    1. Software as a service(SaaS)that stands on the top of the cloud stack
    2. Platform as a service (PaaS)that lies in the middle of the cloud stack
    3. Network as a service(NaaS)
    4. Cloud compliance as a service(CompaaS)
    5. Data science as a service(DSaaS)
    6. Infrastructure as a service(IaaS)that lays at the bottom of the cloud stack
  • Cloud deployment models including public, private, hybrid and community
  • Cloud cross-cutting aspects such as interoperability, portability, reversibility, availability, security, privacy, resiliency and more
    The cloud portability and interoperability functions in conjunction. Portability refers to the shifting of a new ventures of a business to the cloud. Interoperability is the ability of the venture moved to the cloud to work well with business’son premise components.
  1. Understanding of security concepts in context to cloud computing
    The next sub-objective tests a candidate’s core security competencies in cloud computing that revolve around the basic understanding of security concepts.The candidates are tested on:
  • Cryptography:(e.g. encryption, in motion, at rest, key management) Security is paramount when data is stored in a cloud. Cryptography plays a crucial role in safeguarding the data. Certified security professionals are expected to have far-reaching knowledge of encryption to be applied to data in motion and at rest. Candidates are expected to be familiar with
    • Access control
    • Data and media sanitization (overwriting, cryptographic erase)
    • Network security
    • Virtualization security(e.g., hypervisor security)
    • Common threats and security considerations for different cloud categories such as SaaS, PaaS, IaaS
  1. Understanding of design principles for secure cloud computing
    The sub-objectives of this domain also tests the understanding of the candidates on the design principles for secure cloud computing by focusing on:
  • Cloud secure data life cycle that involves the six stages of data management including creating, storing, using, sharing, archiving, and destroying
  • Cloud-based business continuity and disaster recovery planning. Candidates are expected to know the difference between the business continuity and disaster recovery and anticipate the ideality of cloud based business continuity and disaster recovery
  • Cost-benefit analysis. The cost-benefit analysis is done to evaluate the feasibility of cloud design if implemented.
  • Functional security requirements such as portability, interoperability, vendor lock-in
  1. Identifying trusted cloud services
    When the critical data is moved to the cloud, it needs to be ensured to fulfill certain conditions for instance how to find a perfect cloud service provider etc. The last sub-objective validates the candidate’s know-how to identify trusted cloud services on the mentioned pointers
  • Certification against criteria
  • System/Subsystem Product Certifications
    To know more about CCSP domains and certifications exam details and curriculum, keep reading our upcoming blogs. Visit https://www.infosectrain.com/ to check for CCSP certification and training schedules and details.
AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst
Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train.
TOP