Overview
Prerequisites
For those delegates looking for some pre-course general cloud security background, guidance and organisational compliance, the NCSC cloud security collection is probably the single best resource.
Learning Outcomes
- Cloud Concepts
- Virtualisation
- Network Security Fundamentals
- AWS Core Services
- AWS Security Technologies
- Azure Core Services
- Azure Security and Microsoft 365
- Google Cloud Core Services
- Google Cloud Security
- Cloud Security Frameworks, Principles, Patterns and Certifications
- Container Security
- Cloud Native Computing
- Serverless
- Assurance
- Web Application Security
- Cloud Identity Services
- Cloud Security Services
- Automation and Continuous Integration
- DevSecOps
Course Outline
- Introductions
- Objectives of course
- Agenda
- What is Cloud Computing?
- Why is everyone moving to the Cloud?
- Cloud computing model
- Infrastructure, Platform and Software as a Service
- Boundaries and responsibilities
- Cloud Service Providers – Gartner Magic Quadrant(s)
- Cloud reference architectures
- Overview of different virtualisation technologies and types covering storage, networks and systems.
- IPv4 and IPv6
- DNS
- Firewalls
- Network Address Translation
- IPSec VPN
- EC2 (Elastic Compute Cloud) and VPC (Virtual Private Cloud) fundamentals
- Availability zones and regions
- Internet Gateway, Elastic IPs, NAT Gateway
- VPN Gateway, DirectConnect
- VPC Peering, AWS Transit Gateway
- Security Groups, Flow Logs, NACLs and subnet routing
- Route53
- Amazon S3
- Architecting on AWS - Lab 1 - Hosting a Static Website
- End of module knowledge check – exam style questions
- AWS Identity and Access Management (IAM)
- AWS Organizations and SSO
- AWS CloudTrail, CloudWatch, Config, Trusted Advisor
- AWS CloudFront and Shield
- AWS WAF and Firewall Manager
- AWS Certificate Manager
- AWS Key Management Service (KMS) and CloudHSM
- AWS Secrets Manager
- AWS Inspector, Macie and Guard Duty
- AWS Artifact and Audit Manager
- AWS Security Hub
- Amazon Detective
- AWS PrivateLink and VPC Endpoints
- AWS EC2 Nitro
- Azure regions and availability zones
- Azure Active Directory
- Azure AD Connect
- Azure role-based access control
- Azure Virtual Networks
- Azure Network Security Groups
- Application Security Groups
- Remote Access and VPN
- Load Balancing
- Azure Front Door
- Azure network security best practices
- Architecting on AWS - Automating Infrastructure Deployment with AWS CloudFormation
- Hands on lab providing practical experience of implementing and using Microsoft Azure security technologies
- Azure Key Vault
- Azure Firewall
- Azure Virtual Machine encryption
- Microsoft Antimalware for Azure Cloud Services and Virtual Machines
- Azure Policy
- Azure Security Center
- Azure Monitor, Log Analytics and Alerts
- Azure Sentinel
- Enterprise Azure architectures
- Microsoft 365 services
- Azure AD and Microsoft 365
- Microsoft 365 security
- Microsoft Defender
- Microsoft 365 data protection and governance
- Azure AD Conditional Access and MFA
- Azure AD Password Protection
- Azure AD Identity Protection
- Azure AD Privileged Identity Management
- Google Cloud Platform services
- Compute
- Networking
- Storage and databases
- Big Data
- GCP example architecture
- Google Workspace
- Google Workspace integration with corporate directory
- Google Cloud Fundamentals: Getting Started with GKE
- End of module knowledge check – exam style questions
- Identity and Access Management
- Network Security
- VPC Service Controls
- Cloud Armor
- IAP Proxy and BeyondCorp
- Confidential and shielded VMs
- Keys and Encryption
- Certificate Services
- Secret Manager
- Logging
- Organization policy constraints
- Data Loss Prevention API
- Web Security Scanner
- Container Registry Vulnerability Scanner
- Cloud Security Command Center
- Forseti
- Security Principles
- Separation and layers as security controls
- Cloud Security Alliance (CSA) Cloud Control Matrix
- GOV.UK Cabinet Office and NCSC Cloud Security Principles
- Security Architecture Frameworks
- Security Architecture Patterns
- Cloud Security Architecture Patterns
- Trusted Cloud Initiative Reference Architecture
- Personally Identifiable Information (PII) and Personal Data
- UK Data Protection Act and Information Commissioner’s Office (ICO)
- European Union (EU) Data Protection Directive
- EU General Data Protection Regulation (GDPR)
- Cyber Essentials Plus
- Cloud Security Alliance STAR
- PCI DSS
- AICPA SOC3
- ISO 27001
- Concept of containers
- Docker
- Why development teams are moving to containers
- Security issues of containers
- Container security good practice
- CIS Benchmark for Docker and Docker Bench tool
- Orchestration – Kubernetes
- Security features of Kubernetes
- Orchestration – Docker Swarm
- Cloud Service Provider container platforms (AWS, Azure, Google)
- Container security solutions (Twistlock, AquaSecurity)
- Lab providing hands-on experience of containers and potential security issues
- Cloud Native Computing Foundation
- 12 Factors of a cloud-native app
- Cloud Native platform concepts
- Cloud Foundry
- Cloud Foundry security best practices
- End of module knowledge check – exam style questions
- Concept of ‘serverless’
- Pros and Cons
- AWS Lambda
- Step functions
- Dynamo DB
- SQS, SWS, S3
- Serverless application architecture
- Security implications
- Environment Variable encryption
- Azure Cloud Functions
- Google Cloud Functions
- Serverless Framework
- Centre for Internet Security (CIS) Foundation Benchmarks
- Penetration tests of cloud environments
- External audit and configuration review
- Using an automated tool, assess cloud infrastructure and services for compliance to standards, identify risks and security issues
- OWASP Top 10
- Secure Software Development Lifecycle
- SAML
- oAuth, oAuth 2.0 and OpenID Connect
- Cloud Identity Providers
- End of module knowledge check – exam style questions
- Cloud Security Services
- Cloud analytics, e.g. Splunk Cloud
- Cloud security operations management, e.g. AlertLogic
- Cloud service provider automation tools
- Terraform by Hashicorp
- Hardened build images
- Vault by Hashicorp
- Patching and update strategies
- DevSecOps
- Continuous Integration Pipeline
- Automated environment testing
- Jenkins
- Security issues
- Automating the Deployment of Infrastructure Using Terraform
- End of module knowledge check – exam style questions
| Duration | 60 Minutes |
| Questions | 50, multiple choice (4 multiple choice answers only 1 of which is correct) |
| Pass Mark | 50% |
This is an NCSC Certified Training Course.
QA is an approved training provider for ELCAS, proud to support service leavers in their transition into the tech industry.
Cyber Security learning paths
Want to boost your career in cyber security? Click on the roles below to see QA's learning pathways, specially designed to give you the skills to succeed.
= Required
= Certification
Cyber Security for Cloud learning paths
Want to boost your career in cyber security for Cloud? Click on the role below to see QA's learning pathways, specially designed to give you the skills to succeed.
= Required
= Certification
Frequently asked questions
See all of our FAQsHow can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
Learn more about our Virtual Classrooms.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
Learn more about QA’s online courses.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.