1.1 Cloud Computing Models & Security Implications (5%)

• IaaS (Infrastructure as a Service) security models and responsibilities

• PaaS (Platform as a Service) security considerations and controls

• SaaS (Software as a Service) security in multi-tenant environments

• Public, private, hybrid, and community cloud security models

• Shared responsibility model and division of security duties

• Cloud deployment architecture patterns and security design

1.2 Cloud Security Frameworks & Standards (6%)

• ISO/IEC 27017 (Information security in cloud computing) requirements

• ISO/IEC 27018 (Privacy in cloud computing) compliance

• NIST SP 800-53 (Security and Privacy Controls) cloud mapping

• CIS Cloud Security Best Practices and benchmarks

• Cloud Security Alliance (CSA) guidance and frameworks

• SOC 2 compliance and auditing frameworks

• GDPR and privacy implications in cloud environments

1.3 Cloud Service Provider Security (4%)

• AWS security architecture and capabilities overview

• Azure security features and compliance

• Google Cloud Platform (GCP) security offerings

• Vendor-neutral multi-cloud security considerations

• Cloud service provider certifications and attestations

• Evaluating cloud provider security posture

1.4 Cloud Architecture for Security (3%)

• Secure cloud reference architectures

• Defense-in-depth strategies for cloud

• Network segmentation in cloud environments

• Cloud perimeter and boundary security concepts

• Secure design patterns for cloud applications

2.1 Cloud IAM Fundamentals

• Identity federation and trust models in cloud

• Single Sign-On (SSO) and federated identity management

• OAuth 2.0 and OpenID Connect protocols

• SAML 2.0 assertions and federated authentication

• Multi-factor authentication (MFA) in cloud environments

• Authentication vs. authorization in cloud contexts

2.2 Cloud Directory & Identity Services

• Azure Active Directory (Azure AD) architecture and capabilities

• AWS IAM (Identity and Access Management) design patterns

• Google Cloud Identity and access management

• LDAP and Lightweight Directory Access Protocol integration

• Cloud directory synchronization and hybrid identity

• Identity governance and lifecycle management

2.3 Access Control & Authorization

• Role-Based Access Control (RBAC) in cloud platforms

• Attribute-Based Access Control (ABAC) in cloud

• Cloud IAM policy design and least privilege implementation

• Service accounts and privileged access management (PAM)

• Cross-cloud access management and federation

• Just-In-Time (JIT) and Just-Enough-Privilege (JEP) access models

2.4 Privileged Access Management in Cloud

• PAM in cloud-native and hybrid environments

• Secrets management and key management services

• Credential rotation and lifecycle management

• Privileged session management and monitoring

• Emergency access and break-glass procedures

• Audit trails for privileged access

3.1 Cloud Data Classification & Handling

• Data classification frameworks for cloud

• Sensitive data identification and tagging

• Data retention and lifecycle policies

• Cloud storage types and security implications

• Data disposal and secure deletion in cloud

• Data residency and sovereignty requirements

3.2 Encryption in Cloud

• Encryption in transit (TLS/SSL) for cloud communications

• Encryption at rest for cloud storage and databases

• Client-side encryption vs. server-side encryption

• Key management services (KMS) in cloud platforms

• Hardware security modules (HSM) in cloud

• Encryption key rotation and lifecycle

• Homomorphic and format-preserving encryption in cloud contexts

3.3 Cloud Database Security

• Database encryption and transparent data encryption (TDE)

• Row-level and column-level security in cloud databases

• Backup and recovery security

• Database activity monitoring (DAM) in cloud

• SQL injection and injection attack prevention

• Cloud database compliance and audit capabilities

3.4 Data Privacy & Regulatory Compliance

• GDPR requirements and cloud implications

• CCPA (California Consumer Privacy Act) compliance

• HIPAA compliance for healthcare cloud

• PCI-DSS compliance for payment data

• Local data protection regulations by region

• Privacy impact assessments (PIA) for cloud

• Data processing agreements (DPA) and contracts

4.1 Secure Cloud Application Development

• Secure software development lifecycle (SDLC) for cloud

• OWASP Top 10 and cloud application vulnerabilities

• API security in cloud environments

• Microservices security and container security

• Serverless security and function-as-a-service (FaaS) security

• Infrastructure-as-Code (IaC) security and policy as code

4.2 Container & Kubernetes Security

• Docker container security best practices

• Kubernetes security architecture and controls

• Container image scanning and vulnerability management

• Container registry security and access control

• Runtime container monitoring and detection

• Orchestration platform security

4.3 Workload Protection & Segmentation

• Workload segmentation and microsegmentation

• Virtual machine security and hardening

• Bare-metal server security in cloud

• Workload isolation and performance considerations

• Workload firewall rules and network policies

• Application security groups (ASGs) and security controls

4.4 Compliance Monitoring & Automation

• Continuous compliance monitoring in cloud

• Cloud configuration management and compliance

• Security automation and remediation workflows

• Compliance as code frameworks

• Automated policy enforcement and governance

• Audit logging and forensics for applications

5.1 Cloud Network Architecture & Security

• Virtual Private Cloud (VPC) design and segmentation

• Subnets, security groups, and network ACLs

• Cloud network routing and traffic control

• Network topology for multi-cloud environments

• Cloud DMZ and edge network security

• Software-defined networking (SDN) in cloud

5.2 Perimeter Security & DDoS Protection

• Web Application Firewalls (WAF) in cloud

• Network firewalls and stateful inspection

• DDoS mitigation and protection services

• API gateway security

• Load balancer security and SSL/TLS termination

• DNS security and DNSSEC in cloud

5.3 VPN & Secure Connectivity

• Site-to-site VPN for hybrid cloud security

• Client-to-cloud VPN and remote access

• IPsec and SSL/TLS VPN in cloud contexts

• ExpressRoute (Azure), Direct Connect (AWS), Interconnect (GCP)

• Secure cloud interconnect for private connectivity

• Redundancy and failover in VPN configurations

5.4 Zero Trust & Segmentation

• Zero Trust network architecture in cloud

• Continuous verification and authentication

• Microsegmentation and policy enforcement

• Network segmentation tools and technologies

• Behavioral analysis and anomaly detection

• Identity-based perimeter defense

6.1 Incident Response Planning in Cloud

• Cloud incident response procedures and playbooks

• Incident detection, investigation, and containment

• Forensic analysis in cloud environments

• Evidence preservation and chain of custody

• Communication and escalation procedures

• Post-incident analysis and lessons learned

6.2 Cloud Forensics & Artifact Collection

• Cloud audit logs and forensic analysis

• Log retention and long-term storage

• Volatile data collection in cloud instances

• Non-repudiation and integrity verification

• Multi-tenant forensics challenges

• Vendor-specific forensic tools and APIs

6.3 Business Continuity & Disaster Recovery

• Recovery objectives (RTO, RPO, WRT) in cloud

• Backup strategies and backup security in cloud

• Disaster recovery site selection and configuration

• Failover and failback procedures

• Testing and validating recovery procedures

• Ransomware recovery and protection strategies

7.1 Cloud Security Governance

• Cloud governance frameworks and policies

• Cloud security committee and decision-making

• Role-based governance and accountability

• Third-party risk management in cloud

• Cloud vendor management and contracts

• Service level agreements (SLAs) and security clauses

7.2 Risk Management in Cloud

• Cloud risk assessment methodologies

• Risk appetite and tolerance in cloud adoption

• Vendor risk and concentrations of risk

• Technology risk in cloud infrastructure

• Operational risk in cloud environments

• Risk monitoring and reporting

7.3 Cloud Compliance & Auditing

• Cloud compliance assessments and audits

• Internal and external audit procedures

• Cloud security testing and vulnerability assessments

• Penetration testing in cloud (with approval)

• Compliance reporting and evidence collection

• Continuous compliance monitoring

8.1 Advanced Cloud Threats & Attacks

• Cloud-specific attack vectors and threats

• Account compromise and lateral movement

• Supply chain attacks in cloud

• Insecure APIs and cloud misconfigurations

• Insider threats in cloud environments

• Advanced persistent threats (APTs) in cloud

8.2 Cloud Security Innovation & Future

• Artificial Intelligence and machine learning in cloud security

• Quantum computing implications for cloud encryption

• Serverless security evolution

• Edge computing and cloud security

• Emerging cloud security technologies

• Security trends and industry evolution

8.3 Vendor-Specific Advanced Features

• AWS security advanced features (GuardDuty, Security Hub, etc.)

• Azure advanced threat protection

• GCP security and threat intelligence

• Multi-cloud security orchestration

• Vendor-specific automation and response

9.1 Cloud Architecture Scenarios

• Design scenarios requiring security trade-offs

• Multi-cloud architecture security decisions

• Hybrid cloud integration challenges

• Cost vs. security optimization scenarios

9.2 Incident & Crisis Management Scenarios

• Cloud breach response scenarios

• Disaster recovery decision-making

• Forensic investigation in cloud

• Business continuity planning scenarios

9.3 Strategic Decision-Making

• Vendor selection and evaluation

• Risk-based prioritization decisions

• Compliance and regulatory decision scenarios

• Cloud strategy and roadmap decisions