Domain 3: Cloud Platform and Infrastructure Security
3.1 Comprehend cloud infrastructure components
- Physical environment
- Network and communications
- Compute
- Virtualization
- Storage
- Management plane
3.2 Design a secure data center
- Logical design
- Tenant partitioning
- Access control
- Physical design
- Environmental design
- Heating, Ventilation, and Air Conditioning (HVAC)
- Multi-vendor pathway connectivity
- Design resilient
3.3 Analyze risks associated with cloud infrastructure
- Risk assessment
- Cloud vulnerabilities, threats and attacks
- Risk mitigation strategies
3.4 Design and plan security controls
- Physical and environmental protection
- System, storage and communication protection
- Identification, authentication and authorization in cloud environments
- Audit mechanisms
- Log collection
- Correlation
- Packet capture
3.5 Plan Disaster Recovery (DR) and Business Continuity (BC)
- Business continuity (BC) / disaster recovery (DR) strategy
- Business requirements
- Recovery Time Objective (RTO)
- Recovery Point Objective (RPO)
- Recovery service level
- Creation, implementation and testing of plan