Bash, the Crucial Exams Chat Bot
AI Bot
Cloud Data Security (CCSP) Flashcards
ISC2 Certified Cloud Security Professional (CCSP) Flashcards
| Front | Back |
| What are Data Breaches in the Cloud | Unauthorized access to data stored in cloud environments, potentially resulting in data exposure |
| What is Application Programming Interface (API) Security | Ensuring APIs are protected from misuse, threats, and vulnerabilities |
| What is Backup and Recovery | Storing redundant data copies to enable restoration in case of data loss or corruption |
| What is Backup Encryption | Encrypting backup data to protect it against unauthorized access during storage or transfer |
| What is BYOK (Bring Your Own Key) | A security model allowing customers to manage their own encryption keys in cloud environments |
| What is Cloud Access Security Broker (CASB) | A security tool that provides data monitoring and policy enforcement in cloud applications |
| What is Cloud Auditing | The process of reviewing and verifying cloud environments for compliance and security |
| What is Cloud Identity Federation | Enabling users to access multiple cloud systems with a single set of credentials managed centrally |
| What is Cloud Security Alliance (CSA) | An organization providing best practices and certifications for cloud security |
| What is Cloud Security Posture Management (CSPM) | Automation tools designed to detect and fix misconfigurations in cloud environments |
| What is Compliance as a Service (CaaS) | Cloud solutions designed to assist organizations in meeting regulatory requirements |
| What is Data Anonymization | Techniques that remove identifiable information from data to protect privacy |
| What is Data Classification | The process of categorizing data based on its sensitivity and value to apply appropriate security controls |
| What is Data Encryption at Rest | Methods like AES encrypt data stored in cloud environments to protect it from unauthorized access |
| What is Data Encryption in Transit | Techniques like TLS secure data moving between endpoints to prevent eavesdropping |
| What is Data Loss Prevention (DLP) | A set of tools and processes to prevent the unauthorized exposure of confidential data |
| What is Data Masking | Hiding sensitive data by obfuscating its original value with realistic but false data |
| What is Data Redundancy | The practice of duplicating critical data across different locations or systems to ensure availability |
| What is Data Sovereignty | The concept that data is subject to the laws of the country where it is stored |
| What is Encryption Key Management | The process of generating, storing, and rotating encryption keys securely |
| What is Endpoint Detection and Response (EDR) | A tool to monitor and respond to threats at endpoints accessing cloud resources |
| What is Host-based Intrusion Detection System (HIDS) | A security solution that monitors cloud systems for unusual activity or breaches |
| What is Identity and Access Management (IAM) | Systems and processes that ensure only authorized individuals access critical cloud resources |
| What is Insider Threat | The risk posed by employees, contractors, or partners who intentionally or unintentionally compromise data |
| What is Log Monitoring | Reviewing logs to detect unauthorized access or potential security threats in cloud environments |
| What is Multi-Factor Authentication (MFA) | An authentication process requiring two or more verification factors to gain access to cloud services |
| What is Privacy Impact Assessment (PIA) | A process to identify and mitigate privacy risks associated with cloud services and data processing |
| What is Secrets Management | The practice of securely storing and managing sensitive information such as passwords and API keys |
| What is Secure Sockets Layer/Transport Layer Security (SSL/TLS) | Protocols ensuring secure communication by encrypting data in transit |
| What is Security Information and Event Management (SIEM) | Systems that provide real-time analysis of security alerts and logs to detect threats |
| What is Shared Responsibility Model | The framework stating that cloud providers and customers share security responsibilities |
| What is Software as a Service (SaaS) Security | Measures and best practices to secure applications delivered as cloud-based services |
| What is Storage Segmentation | Separating data into different storage locations to enhance security and access control |
| What is the Principle of Least Privilege | Granting users the minimum level of access needed to perform their job functions |
| What is Threat Modeling | A proactive approach to identifying and mitigating potential security threats in cloud applications |
| What is Tokenization | A method that replaces sensitive data with tokens that hold no exploitable value |
| What is Vendor Lock-In Risk | The potential difficulty of transferring data from one cloud provider to another |
| What is Virtual Private Cloud (VPC) Security | Measures like firewalls and access controls to secure isolated cloud environments |
| What is Zero Trust | Security concept assuming no entity is trusted by default, even within the network perimeter |
This deck focuses on methods, technologies, and best practices for ensuring data security in cloud environments.