# Domain 3: Cloud Platform and Infrastructure Security

# 3.1 Comprehend cloud infrastructure components

  • Physical environment
  • Network and communications
  • Compute
  • Virtualization
  • Storage
  • Management plane

# 3.2 Design a secure data center

  • Logical design
    • Tenant partitioning
    • Access control
  • Physical design
    • Location
    • Buy or build
  • Environmental design
    • Heating, Ventilation, and Air Conditioning (HVAC)
    • Multi-vendor pathway connectivity
  • Design resilient

# 3.3 Analyze risks associated with cloud infrastructure

  • Risk assessment
    • Identification
    • Analysis
  • Cloud vulnerabilities, threats and attacks
  • Risk mitigation strategies

# 3.4 Design and plan security controls

  • Physical and environmental protection
    • On-premises
  • System, storage and communication protection
  • Identification, authentication and authorization in cloud environments
  • Audit mechanisms
    • Log collection
    • Correlation
    • Packet capture

# 3.5 Plan Disaster Recovery (DR) and Business Continuity (BC)

  • Business continuity (BC) / disaster recovery (DR) strategy
  • Business requirements
    • Recovery Time Objective (RTO)
    • Recovery Point Objective (RPO)
    • Recovery service level
  • Creation, implementation and testing of plan