Cloud Security and Compliance Basics Flashcards
CompTIA Cloud+ CV0-004 (V4) Flashcards
| Front | Back |
| Name four major compliance standards relevant to cloud security. | HIPAA PCI DSS GDPR and SOX |
| What are the key pillars of IAM? | Identification Authentication Authorization and auditing |
| What are VPC Flow Logs used for? | They capture information about IP traffic going to and from network interfaces |
| What does GRC stand for in cloud security? | Governance Risk and Compliance |
| What is a Cloud Access Security Broker CASB? | A security policy enforcement point between cloud providers and users |
| What is a CSPM tool? | Continuous monitoring to detect and remediate cloud misconfigurations |
| What is a Key Management Service KMS? | A managed service for creating storing and rotating encryption keys |
| What is AWS CloudTrail or equivalent? | A service that records API calls and user activity for auditing |
| What is container image scanning? | Automated analysis of container images to detect vulnerabilities before deployment |
| What is encryption at rest vs encryption in transit? | Rest protects stored data and transit protects data in motion |
| What is infrastructure as code security scanning? | Checking code templates for misconfigurations before provisioning resources |
| What is multi factor authentication MFA? | Requires two or more proof of identity factors before granting access |
| What is the Cloud Shared Responsibility Model? | Defines which security tasks are managed by the cloud provider vs the customer |
| What is the difference between security groups and network ACLs? | Security groups act as virtual firewalls at the instance level while NACLs filter traffic at the subnet level |
| What is the principle of least privilege? | Users and services get only the minimal access rights needed |
| What is zero trust security? | A model where no user or device is trusted by default and verification is required continuously |
| Why is data classification important? | It helps apply appropriate security controls based on data sensitivity |
About the Flashcards
Flashcards for the CompTIA Cloud+ exam help students review cloud security terminology, concepts, and key ideas tested on the exam. This deck explains the Cloud Shared Responsibility Model, differences between encryption at rest and in transit, core IAM pillars (identification, authentication, authorization, auditing), and access controls such as multi-factor authentication and the principle of least privilege.
It also covers network controls and monitoring-security groups versus network ACLs, VPC Flow Logs, audit services like CloudTrail, and CSPM-along with governance, risk, and compliance topics (HIPAA, PCI DSS, GDPR, SOX), data classification, key management (KMS), CASB, container image scanning, infrastructure-as-code security scanning, and zero trust fundamentals.
Topics covered in this flashcard deck:
- Cloud shared responsibility
- Encryption at rest vs transit
- Identity and access management
- Network controls and logging
- Governance, risk, compliance
- Container and IaC security