All-In-One/ CCSP Certifed Cloud Security Proessional All-in-One Exam Guide, 3e / Carter / 220-1 / FM Blind Folio:i ALL IN ONE CCSP ® Certified Cloud Security Professional E X A M G U I D E Third Edition 00-FM.indd 1 04/10/22 6:31 PM All-In-One/ CCSP Certifed Cloud Security Proessional All-in-One Exam Guide, 3e / Carter / 220-1 / FM Blind Folio:ii ABOUT THE AUTHOR Daniel Carter, CISSP, CCSP, CISM, CISA, is a cybersecurity project manager with Johns Hopkins University & Medicine. An I security and systems proessional or almost 20 years, he has worked extensively with web-based applications and inrastructure as well as LDAP, SAML and ederated identity systems, PKI, SIEM, and Linux/Unix systems. Daniel holds a degree in criminology and criminal justice rom the University o Maryland and a master’s degree in technology management, with a ocus on homeland security management, rom the University o Maryland, Global Campus. About the Technical Editor Robert “Wes” Miller, CISSP, CCSP, has been an I proessional with Bon Secours Mercy Health or the past 21 years, with a role in I security since 2005. He has been responsible or numerous security systems in his career as well as their architecture design. He currently serves as the senior cloud security architect, engaged in a vast array o cloud projects within the ministry. Wes holds a bachelor’s degree in business administration with a ocus on inormation systems rom the University o oledo. 00-FM.indd 2 04/10/22 6:31 PM All-In-One/ CCSP Certifed Cloud Security Proessional All-in-One Exam Guide, 3e / Carter / 220-1 / FM Blind Folio:iii ALL IN ONE CCSP ® Certified Cloud Security Professional E X A M G U I D E Third Edition Daniel Carter New York Chicago San Francisco Athens London Madrid Mexico City Milan New Delhi Singapore Sydney Toronto McGraw Hill is an independent entity rom (ISC)2® and is not afliated with (ISC)2in any manner. Tis publication and accompanying media are not sponsored by, endorsed by, or afliated with (ISC)2in any manner. Tis publication and accompanying media may be used in assisting students to prepare or the CCSP exam. Neither (ISC)2nor McGraw Hill warrants that use o this publication and accompanying media will ensure passing any exam. (ISC)2®, CISSP®, CAP®, ISSAP®, ISSEP®, ISSMP®, SSCP®, CCSP®, and CBK® are trademarks or registered trademarks o (ISC)2in the United States and certain other countries. All other trademarks are trademarks o their respective owners. 00-FM.indd 3 04/10/22 6:31 PM Copyright © 2023 by McGraw Hill. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. ISBN: 978-1-26-484229-2 MHID: 1-26-484229-5 The material in this eBook also appears in the print version of this title: ISBN: 978-1-26-484220-9, MHID: 1-26-484220-1. eBook conversion by codeMantra Version 1.0 All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trade- marked name, we use names in an editorial fashion only, and to the benet of the trademark owner, with no intention of infringe- ment of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw Hill eBooks are available at special quantity discounts to use as premiums and sales promotions or for use in corporate training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com. Information has been obtained by McGraw Hill from sources believed to be reliable. However, because of the possibility of hu- man or mechanical error by our sources, McGraw Hill, or others, McGraw Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information. TERMS OF USE This is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy ofthe work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s prior consent.You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUD- ING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill Education nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill Education has no responsibility for the content of any information accessed through the work. Under no circumstances shall McGraw-Hill Education and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advisedof the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise. All-In-One/ CCSP Certifed Cloud Security Proessional All-in-One Exam Guide, 3e / Carter / 220-1 / FM Blind Folio:v Tis book is dedicated to my children—Zachariah, Malachi, Alannah, and Ezra. I love you all so much and look orward to seeing how each o you our very unique souls will change the world or the better! 00-FM.indd 5 04/10/22 6:31 PM All-In-One/ CCSP Certifed Cloud Security Proessional All-in-One Exam Guide, 3e / Carter / 220-1 / FM Blind Folio:vi This page intentionally left blank 00-FM.indd 6 04/10/22 6:31 PM All-In-One/ CCSP Certifed Cloud Security Proessional All-in-One Exam Guide, 3e / Carter / 220-1 / FM CONTENTS AT A GLANCE Chapter 1 How to Obtain the CCSP and Introduction to Security ................. 1 Chapter 2 Cloud Concepts, Architecture, and Design ..............................17 Chapter 3 Cloud Data Security .......................................................89 Chapter 4 Cloud Platorm and Inrastructure Security ........................... 137 Chapter 5 Cloud Application Security ............................................. 179 Chapter 6 Cloud Security Operations .............................................. 221 Chapter 7 Legal, Risk, and Compliance ............................................ 269 Appendix A Exam Review Questions ................................................ 323 Appendix B About the Online Content .............................................. 423 Glossary .................................................................. 427 Index ...................................................................... 443 vii 00-FM.indd 7 04/10/22 6:31 PM All-In-One/ CCSP Certifed Cloud Security Proessional All-in-One Exam Guide, 3e / Carter / 220-1 / FM Blind Folio:viii This page intentionally left blank 00-FM.indd 8 04/10/22 6:31 PM All-In-One/ CCSP Certifed Cloud Security Proessional All-in-One Exam Guide, 3e / Carter / 220-1 / FM CONTENTS Acknowledgments ...................................... xvii Introduction .......................................... xix Chapter 1 How to Obtain the CCSP and Introduction to Security ......... 1 Why Get Certiied? ..................................... 1 How to Get Certiied ................................... 2 CCSP Domains ....................................... 3 Domain 1: Cloud Concepts, Architecture, and Design ..... 3 Domain 2: Cloud Data Security ...................... 5 Domain 3: Cloud Platorm and Inrastructure Security ..... 6 Domain 4: Cloud Application Security ................. 7 Domain 5: Cloud Security Operations ................. 8 Domain 6: Legal, Risk, and Compliance ................ 10 Introduction to I Security ............................... 11 Basic Security Concepts ............................. 11 Risk Management ................................. 15 Business Continuity and Disaster Recovery .............. 16 Chapter Review ........................................ 16 Chapter 2 Cloud Concepts, Architecture, and Design .................... 17 Understand Cloud Computing Concepts .................... 18 Cloud Computing Deinitions ....................... 18 Cloud Computing Roles ............................ 19 Key Cloud Computing Characteristics ................. 20 Building-Block echnologies ......................... 23 Describe a Cloud Reerence Architecture .................... 23 Cloud Computing Activities ......................... 23 Cloud Service Capabilities ........................... 24 Cloud Service Categories ............................ 25 Cloud Deployment Models .......................... 30 Cloud Shared Considerations ........................ 34 Impact o Related echnologies ....................... 38 Understand Security Concepts Relevant to Cloud Computing .... 43 Cryptography .................................... 43 Identity and Access Control .......................... 45 Data and Media Sanitation .......................... 48 Network Security .................................. 50 ix 00-FM.indd 9 04/10/22 6:31 PM