Collaborate Disseminate
I’m studying for the CCSP exam and the study material references two different terms which seems very similar:
Directory Services A system for managing identities and attributes. These allow the administrator to customi… Continue reading What’s the difference between "directory services" and "identity repositories"?
Someone told me the other day that the TLS standards require the server-side to always have the authority to decide which mutual cipher to use when negotiating with a remote client.
This makes sense, but gets me to wonderin… Continue reading Do TLS standards require the server-side preference to always be used when negotiating ciphers to use?
I’m studying for the CCSP exam and am reviewing the Uptime Institute tiers. The tiers make sense but I’m curious: can a datacenter that offers IaaS hosting still advertise and adhere to a high uptime institute tier, even if … Continue reading Are data centers still compliant with Uptime Institute standards even if customer-owned infrastructure isn’t?
I’m studying for the CCSP exam and am currently reviewing The Uptime Institute Tiers. The tiers themselves make sense but from a practical perspective, I’m curious if any standards/regulations explicitly require the use of a … Continue reading Are there any standards that *require* companies to use specific Uptime Institute Tiers for data centers?
I’m studying for the CCSP exam and I’m confused with some of the terminologies between Organization normative framework and application normative framework.
The training material defines them as:
Organization normative… Continue reading What’s the difference between "Organization normative framework" and "Application normative framework"?
I’m studying for the CCSP exam and the training material is a little vague on the term “crypto offloading”.
The term was mentioned in passing while describing TLS:
TLS is a protocol designed to ensure privacy when comm… Continue reading Does "crypto offloading" require the use of ASICs? Can the concept be applied elsewhere?
I’m studying for the CCSP exam and am confused on the difference between an “API gateway” and “XML gateway”. The training material I have states:
API gateways are also an important part of a layered security model.
T… Continue reading What’s the difference between an API gateway and XML gateway?
I’m studying for the CCSP and my training material isn’t very clear on the definition between “application-aware firewall” and “web application firewall”.
The training material states:
Early on, these devices were limi… Continue reading What’s the difference between an "application-aware firewall" and a "web application firewall"?
I’m studying for the CCSP exam and one part of the training material stuck out.
It behooves the cloud customer to formalize a policy and process for
vetting, selecting, and deploying only those APIs that can be
valid… Continue reading Are there general guidelines (or better yet, compliance standards) for assessing the risks of a cloud-based API?
I’m studying for the CCSP exam and I’m confused with a test prep question in my study materials.
The question reads:
“Which kind of SSAE report comes with a seal of approval from a
certified auditor?”