Month: November 2022

Table of Contents
Types of Azure StorageDomain 2: Develop for Azure storageDevelop solution that uses Cosmos DB storageDevelop solution that uses blob storage
Azure Storage is a cloud-based platform that supports modern applications. We all know that data volume is increasing every day. Therefore, we must upgrade our storage solutions. Azure Storage is a cloud-based storage solution that allows you to store large amounts of data objects in a highly scalable and scalable manner. It provides massive security, durability and accessibility, as well as other benefits. Client applications and users can access Azure Storage data items anywhere in the world via HTTP or HTTPS.
Types of Azure Storage
Azure Storage can be expanded with additional disk storage. There are five main components to Azure Storage:
Azure Blob Storage: It stores large amounts of unstructured information. Storage (BLOBs) is used for large binary objects.
Azure table storage: This feature has been added to Azure Cosmos DB. Azure tables are used to store structured NoSQL data.
Azure file storage: This is a fully managed file sharing service that runs under the Server Message Block protocol. It can be used on-premise or in the cloud.
Azure queue storage: This is a message storage service you can access via HTTP or HTTPS from anywhere on the planet.
Disk storage: There’s a choice of two types of virtual hard drives (VHDs), managed and unmanaged.
Azure Developer AZ204 certification covers five domains.

Domain 1: Develop Azure compute solution (25-30%)
Domain 2: Develop for Azure storage (15-20%)
Domain 3: Implement Azure security (20-25%)
Domain 4: Monitor, troubleshoot and optimize Azure solutions (15-20%)
Domain 5: Connect to Azure services and third party services (15-20%)
This article will focus on the second Domain of AZ-204: “Develop for Azure storage.”
Domain 2 of AZ204: Create for Azure storage
Storage is an essential component of Microsoft Azure apps. This course will teach you how to use it effectively. This domain has a weight of 15-20%. This domain will teach Azure developers how to write code, optimize database consumption, and create, read, update and delete tables automatically. This course will teach you how to create a storage container in Azure. This domain will teach you how to create storage containers in Azure using the Cosmos DB storage and blob storage systems.
The AZ-204 certification exam, “Develop Azure storage”, has the second domain. It includes the following subtopics.
1. Cosmos DB storage is a premium storage solution from Azure. It allows you to develop solutions that use Cosmos DB storage. Cosmos DB is a global distributed, low-latency and highly responsive database that can be used worldwide. This section will teach you how to select the right API for your project, and how to interact with data using the correct SDK. Learn how to create Cosmos DB containers, populate them with data, and how to populate them. Next, you will learn how to optimize throughput and partitioning for maximum performance. This section will also teach you how to select the right consistency level for your operations. You’ll also learn how to use stored procedures, triggers, and change feed notifications for server-side handling.
Azure Cosmos DB
Azure Cosmos DB lets you run a distributed NoSQL data base with excellent throughput and low latency. It is different from traditional relational databases that have a set number of columns and require each row to follow the table’s scheme. It allows you to manage your data regardless of whether it is stored in different data centers around the world. It can handle multiple data models, including key-value, relational and graph.
2. Create solutions that use blob storageAzure Blob storage is layered, highly accessible storage for structured data

The second domain of the CCSP is ‘Cloud Data security. This vast domain tests the candidate’s technical knowledge of:
There are many phases to the cloud data life cycle
Cloud data storage architecture, including storage types, security threats and controls
Data security strategies and other objectives
This domain of the CCSP certification carries 20% importance in the exam. The sub-objectives for the CCSP Domain 2 – Cloud Data security are:
Understanding the Cloud Data Life Cycle (Cloud Security Alliance guidance). The exam requires that the candidate has a thorough understanding of all stages of the cloud data cycle, including creating, storing and using, sharing, archiving and destroying. The candidate must also be able to understand the security controls and risks associated with each stage in the cloud data cycle. For example, how to upload data securely while performing the “create” phase.
Designing and Implementing Cloud Data Storage Architectures Subscribers can access and use the cloud infrastructure, including shared resources, storage, servers and hard drives, on a need basis. They also pay for the services. Cloud software, also known as SaaS, is a subscription-based service that allows users to access the various features of the software from anywhere and anytime. SaaS allows you to work with cloud applications via an API. SaaS is a way to work with applications on the cloud via an API. (Certified Cloud Security Professional).
Designing and applying effective data security strategiesThe next sub-objective tests the certification seeker’s knowledge about designing and planning data security strategies such as encryption, key management, masking, and tokenization. This domain requires that the candidate understands how to apply technologies such as cloud storage time and duration, masking and tokenization, and the design and application of new cloud technologies like homomorphic encryption which can process encrypted data without decrypting.
Understanding and Implementing Data Discovery & Classification Technologies. Candidates are expected to understand and apply different data discovery and classification technologies in context to the next objective. Data discovery methods that are widely used include metadata based, label based, and content based data discovery. Once data is discovered, it must be classified. Candidates should be able to comprehend classification technologies like encryption and DLP (data loss prevention or data leak protection).

Designing and Implementing Relevant Juisdictional Data Protections For Personally Identifiable Information

Google defines an asset as “a useful or valuable thing, person or thing”. This means that assets in an organization could be information, equipment, or facilities that have great worth. The second domain of CISSP exam focuses on protecting assets. The following sections are covered by ‘Asset Security’:
Identify and classify information assets
Different types of information include financial details, password files and credit card information. Some information can be seen by everyone, but some information must be classified to ensure that only those with the appropriate clearance can see it.
Organizations can achieve their core Information security goals of confidentiality and integrity through classification. Before classifying data, security professionals must determine:
Who has access to the data
How data security is achieved
How long the data will remain stored
What method should be used to dispose off the data?
Do the data have to be encrypted?
What is the right use of data?
Data classification differs between the government/military and the commercial sectors. Below is an example of a commercial sector classification:
Private (Private data): Information such as bank account numbers, social security numbers, and bank account numbers.
The company restricted(Information that can be viewed only by a small group of employees)
Company confidential(Information that can be viewed by all employees but not for public use)
Public Information (Information that is accessible to all)
Below is a list of military data classifications:
Top Secret
Secret
Confidential
Sensitive but unclassified or SBU
Unclassified (Reference: https://resources.infosecinstitute.com/cissp-domain-2-asset-security/)
Protect your privacy
Social media is the age of data privacy. Information is all around us and it is critical to decide whether we want to use, retain, or destroy them.

Data privacy has a history that dates back to the 1300s. It has evolved over time in two major worlds, the US and the EU. The European Union’s data protection directive was revised in 2012 by strengthening its data protection rules. These are the key points of the new rules.
Personal data collection should be limited to the essentials
By removing administrative obstacles, the EU’s Single Market dimension should be strengthened
Protect personal data that law enforcement has collected
Data transfers outside of the EU require streamlined procedures
As a follow-up to the previous point, the EU has made clear that data that travels beyond the EU must be protected. The US approach to data privacy is slightly different than that of the EU. Both countries value data privacy to the core. However, their approaches to it are very different. They have created the “Safe Harbor” framework. The US Department of Commerce developed the “Safe Harbor” program in collaboration with Federal Data Protection and Information Commissioner of Switzerland.
One of the benefits of the “Safe Harbor” program is that only US-based organizations can receive data from EU. Other regulations and rules ensure privacy for personal data.
Ensure appropriate asset retention
Data retention policies are the guidelines for how data is stored, retained, and destroyed. It is recommended that all stakeholders be involved in asset retention policies in order to ensure data retention. The following eight steps govern the retention of assets and data.
Understanding the business needs of your organization
Classify data
Determine retention periods
draft record retention policies
Justify the record retenti

The Asset Security (Protecting Security of Assets), domain focuses on data classification, labelling, retention, ownership, and clearances. It covers the different storage devices and controls, as well as their determination, including standards, scoping and tailoring. Every organization must have data protection skills.
This domain is responsible for the day-to-day management and management of access control.
Formal access approval and the need to know. The data is classified in Government and Military.
Unclassified, sensitive, but not classified, Confidential and Secret. Data in the Private Sector is classified as Public or Company Classified, Company Restricted and Private, Confidential, Sensitive, and Private.
Next, it discusses information security roles and their responsibilities. These include mission or business owners, data owners and system owners, custodians and users, as well as data owners and system owners. It also discusses data remanence, which is data that remains after non-invasive means of deleting it.
It then covers memory types such as RAM, RAM, ROM and DRAM as well as Firmware and Solid state drives. This section also covers data destruction methods to avoid dumpster diving, such as overwriting, destruction, destruction, and shredding.
By exposing magnetic media to strong magnetic fields, degaussing damages the integrity of magnetic media, such as tapes or disk drives. Destruction is a physical destruction of media’s integrity by destroying or damaging the media itself, such the platters on a disk drive. The act of making data on hard copy unrecoverable is called shredding. Protecting data is vital for any organization, whether it is in motion or at rest.
This domain also includes data security controls like certification and accreditation. These standards and control frameworks also include PCI-DSS and Octave, ISO 17799, ISO 27000 Series, COBIT and ITIL.
Scoping, which is the process by which an organization determines which parts of a standard are to be used, and Tailoring, which is the process by which an organization customizes a standard for its use, play an important role.

The Asset Security (Protecting Security of Assets), domain focuses on data classification, labelling, retention, ownership, and clearances. It covers the different storage devices and controls, as well as their determination, including standards, scoping and tailoring. Every organization must have data protection skills.
This domain includes day-to-day access control management. It requires management of labels and clearances. Data classified in Government and Military as Unclassified or sensitive but not unclassified, Confidential Secret, Secret, Top Secret. Data in the Private Sector is classified as Public or Company Classified, Company Restricted and Private, Confidential, Sensitive, and
Next, it discusses information security roles and their responsibilities. These include mission or business owners, data owners and system owners, custodians and users, as well as data owners and system owners. It also discusses data remanence, which is data that remains after noninvasive means of deleting it.
It then covers memory types such as RAM, RAM, ROM and DRAM, as well as Firmware and Solid state drives. This section also covers data destruction methods to avoid dumpster diving, such as overwriting, destruction, shredding, degaussing and destruction. By exposing magnetic media to strong magnetic fields, degaussing damages the integrity of magnetic media, such as tapes or disk drives. Destruction is a physical destruction of media’s integrity by destroying or damaging the media itself, such the platters on a disk drive. The act of making data on hard copy unrecoverable is called shredding. Protecting data is vital for any organization, whether it is in motion or at rest.
This domain also includes data security controls like certification and accreditation. These standards and control frameworks also include PCI-DSS and Octave, ISO 17799, ISO 27000 Series, COBIT and ITIL.
Scoping, which is the process by which an organization determines which parts of a standard are to be used, and Tailoring, which is the process by which an organization customizes a standard for its use, play an important role.