This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Unit 3 of Cloud
Security control layers in cloud environments, industry frameworks and standards (CSA, NIST, ENISA), security control placement strategies, cloud security best practices, penetration testing methodologies for cloud, and cloud security tooling.
Learning outcomes
Preventive, detective, and corrective control layers, and a walkthrough of all 17 CSA CCM v4 domains.
NIST SP 800-145, NIST CSF 2.0, ENISA risk taxonomy, framework comparison, and the Capital One 2019 case study.
The five cloud security tool categories and the open-source tools available for each.
Cloud pentest methodology, the five common patterns, reconnaissance tools, and report structure.
20 multiple-choice questions on controls, standards and testing.
The shift-left philosophy applied to cloud CI/CD — secret detection, IaC scanning, SAST, DAST, SBOM generation, and runtime policy enforcement using OPA.
The four-phase cloud audit process, API-based evidence collection, AWS Config continuous compliance, and CERT-In audit requirements for Indian organisations.
Policy-as-Code approaches using AWS Config custom rules, Service Control Policies, HashiCorp Sentinel, and Security Hub compliance standards for continuous Indian regulatory compliance.