Collaborate Disseminate
I’m studying for the CCSP exam and am currently reviewing The Uptime Institute Tiers. The tiers themselves make sense but from a practical perspective, I’m curious if any standards/regulations explicitly require the use of a … Continue reading Are there any standards that *require* companies to use specific Uptime Institute Tiers for data centers?
I’m studying for the CCSP exam and I’m confused with some of the terminologies between Organization normative framework and application normative framework.
The training material defines them as:
Organization normative… Continue reading What’s the difference between "Organization normative framework" and "Application normative framework"?
I’m studying for the CCSP exam and the training material is a little vague on the term “crypto offloading”.
The term was mentioned in passing while describing TLS:
TLS is a protocol designed to ensure privacy when comm… Continue reading Does "crypto offloading" require the use of ASICs? Can the concept be applied elsewhere?
I’m studying for the CCSP exam and am confused on the difference between an “API gateway” and “XML gateway”. The training material I have states:
API gateways are also an important part of a layered security model.
T… Continue reading What’s the difference between an API gateway and XML gateway?
I’m studying for the CCSP and my training material isn’t very clear on the definition between “application-aware firewall” and “web application firewall”.
The training material states:
Early on, these devices were limi… Continue reading What’s the difference between an "application-aware firewall" and a "web application firewall"?
I’m studying for the CCSP exam and one part of the training material stuck out.
It behooves the cloud customer to formalize a policy and process for
vetting, selecting, and deploying only those APIs that can be
valid… Continue reading Are there general guidelines (or better yet, compliance standards) for assessing the risks of a cloud-based API?
I’m studying for the CCSP exam and I’m confused with a test prep question in my study materials.
The question reads:
“Which kind of SSAE report comes with a seal of approval from a
certified auditor?”
I’m studying for the CCSP exam and I’m a little confused on why outsourcing access controls to a third party CASB would be appropriate. Could someone please explain the rationale there (and ideally perhaps a use case)?
I’m studying for the CCSP exam and a practice question read:
The goals of DLP solution implementation include all of the following,
except:
A. Policy enforcement
B. Elasticity
C. Data discovery
D. Loss of m… Continue reading Why would a goal of DLP solution implementation include "loss of mitigation"?
I’m studying for the CCSP and from a high-level, I keep hearing encryption described in three forms:
Protecting data at rest.
Protecting data in transit.
Protecting data in use.
The first two make sense to me, but then I’m struggling … Continue reading What’s a practical example of encryption "in use" or "in process"?