CSTM Cloud Security

Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM exam.

You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.

  • Understands the importance of obtaining authorisationfrom cloud hosting providers and the potential effectson permitted types of testing during engagements.
  • Understands the concepts of a VPC and the implicationson performing security assessments.
  • Can competently assess resources within a private cloud-hostedenvironment, advising on any necessary temporary changes that may be needed (e.g. creation of bastion hosts, changes to Security Groups / firewalls)
  • Can analyse logging configuration within acloud environment and advise on improvements.
  • Can analyse the configuration of resource monitoringand alarm generation and advise on improvements.
  • Understands the identity and access managementmodels of popular cloud providers.
  • Can assess roles and policies to identify weaknessesrelating to insecure permissions.

  • Understands how (Distributed) Denial of Service attacks are performedand the protective measures available in cloud environments.
  • Understands the financial implications of excessive resource consumption.
  • Understand the differences between cloud and on-prem architecture.Understand how to link between the two.
  • Understand the different security responsibilityboundaries between IaaS, PaaS and SaaS.
  • Identify and understand the key administrative roles in Azure.
  • Identify the Azure metadata service.
  • Understand and review conditional access policies.
  • Identify and understand the key administrative roles in AWS.
  • Understand the difference between roles and policies.
  • Identify the AWS metadata service.
  • Understand the purpose MDM solutions and the functionality they offer.
  • Review MDM configuration policies.