CSTM Cloud Security
Please click on the following tabs to reveal the knowledge depth required for a successful pass of the CSTM exam.
You will be given a random selection of questions. Please note exam content is subject to change due to circumstances beyond our control – use this as a guide and email us if you have any queries.
- Understands the importance of obtaining authorisationfrom cloud hosting providers and the potential effectson permitted types of testing during engagements.
- Understands the concepts of a VPC and the implicationson performing security assessments.
- Can competently assess resources within a private cloud-hostedenvironment, advising on any necessary temporary changes that may be needed (e.g. creation of bastion hosts, changes to Security Groups / firewalls)
- Can analyse logging configuration within acloud environment and advise on improvements.
- Can analyse the configuration of resource monitoringand alarm generation and advise on improvements.
- Understands the identity and access managementmodels of popular cloud providers.
- Can assess roles and policies to identify weaknessesrelating to insecure permissions.
- Understands how (Distributed) Denial of Service attacks are performedand the protective measures available in cloud environments.
- Understands the financial implications of excessive resource consumption.
- Understand the differences between cloud and on-prem architecture.Understand how to link between the two.
- Understand the different security responsibilityboundaries between IaaS, PaaS and SaaS.
- Identify and understand the key administrative roles in Azure.
- Identify the Azure metadata service.
- Understand and review conditional access policies.
- Identify and understand the key administrative roles in AWS.
- Understand the difference between roles and policies.
- Identify the AWS metadata service.
- Understand the purpose MDM solutions and the functionality they offer.
- Review MDM configuration policies.