Overview/Description
It is important to understand the different security mechanisms that can be implemented to ensure unwanted users cannot access the cloud infrastructure. This course will describe network security concepts and how to secure information using encryption, access control, and system hardening. This course is one in a series of Skillsoft courses in the learning path that covers the objectives for the CompTIA Cloud+ CV0-001 certification exam.
Target Audience
This CompTIA Cloud+ training course is targeted toward IT personnel with at least 24 to 36 months of IT experience in networking, storage, or data center administration. Good computer literacy along with a sound technical acumen should be present. It is also suitable for students looking to acquire job skills and to be trained specifically to pass the associated CompTIA Cloud+ certification exam. It is recommended, but not required, that candidates for the CompTIA Cloud+ exam obtain the CompTIA Network+ and/or CompTIA Storage+ certifications or equivalent knowledge.
describe how and where network ACLs are used to manage access to network resources
describe the different types of VPNs, how they are established, and the differences between them
describe the characteristics of IDS/IPS devices and network firewalls
describe how and why a DMZ is implemented
describe how and why network auditing is carried out, and the information that can be obtained
describe the tools and techniques commonly used to attack networks, including DDoS, ping of death, and ping flooding
describe how data storage systems can use obfuscation to make sensitive information, such as password data, unreadable to humans
describe how and where file system ACLs are used to manage access to file resources
describe the role of zoning and LUN masking in SAN security
describe the main authentication methods and protocols, and how and where they are used
describe how and why file system auditing is carried out, and the information that can be obtained
describe the processes and components of PKI, and how certificates are used
describe the components, processes, and reasons for deploying IPsec
describe how and where SSL/TLS are used, and the process of securing communication
recognize the main encryption protocols and their features including AES, 3DES, RSA, DSA, RC4, and RC5
describe how the various encryption technologies are used to encrypt data in transit and data at rest
describe how and where RBAC is used, the concept of role-based security, and the principle of least privilege
describe the difference between DAC and MAC and where each might be applied
describe what constitutes a security factor, where multifactor authentication is used, and why
describe how organizations can be federated to provide mutual access, and how SSO can provide authentication across platforms without requiring multiple logins
describe the implications of disabling ports and services in the context of improving security, and the concept of attack surface
recognize the role of changing default passwords, deactivating default accounts, and applying patches in maintaining system security
describe the operation and reasons for using host-based firewalls
describe the operation of and reasons for using anti-malware software, including antivirus and anti-spyware
describe security factors and implement cloud security features