Complete coverα.geof
every domα in on the new
CCSPexαm -
Ideα 1 as both a study tool
αnd αn on-the-job reference
-
-
Filled with practice exam
questions αnd answer
explanα tions
Covers informαtion, softwαre,
αnd cloud computing security
|ALL- IN - ONE
CCSP@
Certified Cloud Security
Professional
EXAM GUIDE
Daniel Carter
11
New York Chicago San Francisco
Athens 1ρndon Madrid Mexico City
Milan New Delhi Singapore Sydney Toronto
McGraw-Hill Education is an independent entiry from (1SC)'. and isnot affiliated with (1SC)' in any manner. 卫üs study/
training guide and/or material is not sponsored by, endorsed by, or affiliated with (1SC)' in any manner. This publication
and digital content may be used in assisting students to prepare for the CCSP exam. Neither (ISC)' nor McGraw-Hill Education
warrants that use of this publication and digital content will ensure passing an)' exam. (1SC户, C1SSP., CAp., 1SSAp., 1SSEp.,
1SSM户, SSCp., CCSp. ,- and CBKO are traJemarks or registered traJemarks of (1SC)' in the United States and certain other
countries. All other trademarks are trademarks of their respective owners.
Copyright (ç;) 2017 by McGraw-Hill Education. AlI rights reserved. Except as permi仗时 under the United States Copyright Act of
1976, no part ofthis publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval
system, without the prior written pe口nission ofthe publisher
ISBN: 978-1-25-983545-2
MHID: 1-25-983545-6.
The material in this eBook also appears in the print version ofthis title: ISBN: 978-1-25-983546-9,
MHID: 1-25-983546-4.
a-w
vd
ku n o
on
AU o
-c3
puw
a 仕n a M
-KG
ol
盯
O
且ρ
V
U
W
ρ
i
V
-
E
n
u
-
吁
川M
ρ
U
W
AlI trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trade
marked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of in企inge
ment ofthe trademark. Where such designations appear in this book, they have been printed with initial caps.
McGraw-Hil\ Education eBooks are available at special quantity discounts to use as premiums and sales promotions or for use in
corporate training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com.
Information has been obtained by McGraw-Hill Education 企om sources believed to be reliable. However, because of the pos
sibility of human or mechanical eπor by our sources, McGraw-Hil\ Education, or others, McGraw-Hil\ Education does not
guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the
results obtained from the use of such information.
TERMSOFUSE
This is a copyrighted work and McGraw-Hil\ Education and its licensors reserve all rights in and to the work. Use ofthis work
is su均 ect to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy ofthe
work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, 仕ansmit,
distribute, disseminate, sell, publish or sublicense the work or any part ofit without McGraw-Hil\ Education's prior consent. You
may use the work for your own noncommercial and personal use; any other use of the work is s位ictly prohibited. Your right to
use the work may be terminated ifyou fail to comply with these terms.
THE WORK. IS PROVIDED "AS IS." McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES
OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED
FROM USING THE WORK., INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK. VIA
HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUD
ING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. McGraw-Hil\ Education and its licensors do not warrant or guarantee that the functions contained in the work wil\
meet your requirements or that its operation wil\ be uninterrupted or error 企ee. Neither McGraw-Hil\ Education nor its licensors
shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages
resulting there丘om. McGraw-Hil\ Education has no responsibility for the content of any information accessed through the work.
Under no circumstances shall McGraw-Hil\ Education and/or its licensors be liable for any indirect, incidental, special, punitive,
consequential or similar damages that resu1t丘om the use of or inability to use the work, even if any of them has been advised of
the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or
cause arises in contract, tort or otherwise
卫lÌs book is dedicated to my children-Zachariah, Malachi,
Alannah, and Ezra. 1 love you all so much, and look forward to
seeing how each of you four very unique souls will change the
world for the better!
This page intentionally 1φ blank
ABOUTTHE AUTHOR
Daniel Cart町, CISSp, CCSp, CISM, CISA, is currently working as a Systems Security
Offìcer for U.S. Federal Hea1thcare at Hewlett-Packard Enterprise as well as a project
manager for a large-sca1e Splunk implementation. An IT security and systems profes
siona1 for a1most 20 years, he has worked extensively with web-based applications and
m丘astructure, as well as LOAP and federated identity systems, PKl, SIEM, and Linux/
Unix systems. He is currently working on teams developing cloud computing and secu
rity roadmaps for federa1 government use and hea1thcare systems, from both a security
and cloud computing perspective. Oaniel holds a degree in criminology and crimina1
justice from the University of Maryland and a master's degree in technology manage
ment, with a focus on homeland security management, from the University of Maryland,
University College.
About the Technical Editor
Gerry Sneeringer, CISSP, has been an IT professional with the University of Maryland
岛r the past 30 years. He has been involved in customer support, systems program
ming, system administration (including operation of one of the Internet's root domain
name servers), and network engineering. For the past 15 years, he has been the head
of security in the university's centra1 IT offìce. Gerry currently serves as the university's
Chief Information Security Offìcer, overseeing the protection of university computing
services hosted loca11y and in the cloud. Gerry holds a bachelor's degree in computer
science from the University of Maryland.
This page intentionally 1φ blank
CONTENTS AT A GLANCE
Chapter 1
How to Obtain the CCSP and Introduction to Security .. ........ .. ..... 1
Chapter 2
Architectural Concepts and Design Requirements .. ..... ........ .. .... 17
Chapter 3
Cloud Data Security ... . . . . . ... . . . . . ... . . . . ... .. . . . ..... . . . . ... . . . . . ... . . .. 77
Chapter 4
Cloud Platform and Infrastructure Security ...... ....... .......... .. .. 123
Chapter 5
Cloud Application Security .... . . . . .. .. . . . .. ... . . . ...... . . . ... . . . . . .. ... 157
Chapter 6 Operations . . ..... . . . .. .. . . . . ... . . . . . . ... . . . ... ... . . . .. .. . . . . ... . . . . . ... .. 191
Chapter 7
Legal and Compliance Domain ... ... .... ... ..... ..... ... . .. ..... . ... .. 253
Appendix A Exam Review Questions .... ......... ....... ....... ....... ......... ... .. 303
Appendix B About the Download ....... ......... ................ ....... ....... .... . 395
Glossary .. . . . ..... . . . .. .. . . . . ... . . . . . . ... . . . ... ... . . . .. .. . . . . ... . . . . . ... .. 397
Index..... .... .... .... ... ..... ... ...... ... ... ..... .... .. .. .... ... ..... ... .. 409
VII