Professional Documents
Culture Documents
CCSP Certified Cloud Security Professional All-in-One Exam Guide 3rd Edition Daniel Carter full chapter instant download
CCSP Certified Cloud Security Professional All-in-One Exam Guide 3rd Edition Daniel Carter full chapter instant download
https://ebookmass.com/product/ccsp-certified-cloud-security-
professional-all-in-one-exam-guide-daniel-carter/
https://ebookmass.com/product/ccsp-certified-cloud-security-
professional-exam-guide-3rd-edition-unknown/
https://ebookmass.com/product/google-cloud-certified-
professional-cloud-architect-all-in-one-exam-guide-iman-
ghanizada/
https://ebookmass.com/product/google-cloud-certified-
professional-cloud-architect-all-in-one-exam-guide-1st-edition-
iman-ghanizada/
Google Cloud Certified Associate Cloud Engineer All-in-
One Exam Guide Jack Hyman
https://ebookmass.com/product/google-cloud-certified-associate-
cloud-engineer-all-in-one-exam-guide-jack-hyman/
https://ebookmass.com/product/aws-certified-cloud-practitioner-
all-in-one-exam-guide-exam-clf-c01-daniel-carter/
https://ebookmass.com/product/csslp-certified-secure-software-
lifecycle-professional-all-in-one-exam-guide-3rd-edition-wm-
arthur-conklin/
https://ebookmass.com/product/aws-certified-security-specialty-
all-in-one-exam-guide-exam-scs-c01-tracy-pierce/
https://ebookmass.com/product/ceh-all-in-one-exam-
guide-3e-professional-matt-walker/
ALL IN ONE
CCSP
®
Daniel Carter, CISSP, CCSP, CISM, CISA, is a cybersecurity project manager with
Johns Hopkins University & Medicine. An I security and systems proessional or
almost 20 years, he has worked extensively with web-based applications and inrastructure
as well as LDAP, SAML and ederated identity systems, PKI, SIEM, and Linux/Unix
systems. Daniel holds a degree in criminology and criminal justice rom the University
o Maryland and a master’s degree in technology management, with a ocus on homeland
security management, rom the University o Maryland, Global Campus.
CCSP
®
Daniel Carter
McGraw Hill is an independent entity rom (ISC)2® and is not afliated with (ISC)2 in any manner. Tis publication and accompanying media
are not sponsored by, endorsed by, or afliated with (ISC)2 in any manner. Tis publication and accompanying media may be used in assisting
students to prepare or the CCSP exam. Neither (ISC)2 nor McGraw Hill warrants that use o this publication and accompanying media will
ensure passing any exam. (ISC)2®, CISSP®, CAP®, ISSAP®, ISSEP®, ISSMP®, SSCP®, CCSP®, and CBK® are trademarks or registered trademarks
o (ISC)2 in the United States and certain other countries. All other trademarks are trademarks o their respective owners.
Copyright © 2023 by McGraw Hill. All rights reserved. Except as permitted under the United States Copyright Act of 1976, no
part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and
executed in a computer system, but they may not be reproduced for publication.
ISBN: 978-1-26-484229-2
MHID: 1-26-484229-5
The material in this eBook also appears in the print version of this title: ISBN: 978-1-26-484220-9,
MHID: 1-26-484220-1.
All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trade-
marked name, we use names in an editorial fashion only, and to the benet of the trademark owner, with no intention of infringe-
ment of the trademark. Where such designations appear in this book, they have been printed with initial caps.
McGraw Hill eBooks are available at special quantity discounts to use as premiums and sales promotions or for use in corporate
training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com.
Information has been obtained by McGraw Hill from sources believed to be reliable. However, because of the possibility of hu-
man or mechanical error by our sources, McGraw Hill, or others, McGraw Hill does not guarantee the accuracy, adequacy, or
completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such
information.
TERMS OF USE
This is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of this work
is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the
work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit,
distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s prior consent. You
may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to
use the work may be terminated if you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEES
OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED
FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA
HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUD-
ING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions contained in the work will
meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill Education nor its licensors
shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages
resulting therefrom. McGraw-Hill Education has no responsibility for the content of any information accessed through the work.
Under no circumstances shall McGraw-Hill Education and/or its licensors be liable for any indirect, incidental, special, punitive,
consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of
the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim or
cause arises in contract, tort or otherwise.
Tis book is dedicated to my children—Zachariah, Malachi,
Alannah, and Ezra. I love you all so much and look orward to
seeing how each o you our very unique souls will change the
world or the better!
This page intentionally left blank
CONTENTS AT A GLANCE
vii
This page intentionally left blank
CONTENTS
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Chapter 1 How to Obtain the CCSP and Introduction to Security . . . . . . . . . 1
Why Get Certiied? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
How to Get Certiied . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
CCSP Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Domain 1: Cloud Concepts, Architecture, and Design . . . . . 3
Domain 2: Cloud Data Security . . . . . . . . . . . . . . . . . . . . . . 5
Domain 3: Cloud Platorm and Inrastructure Security . . . . . 6
Domain 4: Cloud Application Security . . . . . . . . . . . . . . . . . 7
Domain 5: Cloud Security Operations . . . . . . . . . . . . . . . . . 8
Domain 6: Legal, Risk, and Compliance . . . . . . . . . . . . . . . . 10
Introduction to I Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Basic Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Business Continuity and Disaster Recovery . . . . . . . . . . . . . . 16
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Chapter 2 Cloud Concepts, Architecture, and Design . . . . . . . . . . . . . . . . . . . . 17
Understand Cloud Computing Concepts . . . . . . . . . . . . . . . . . . . . 18
Cloud Computing Deinitions . . . . . . . . . . . . . . . . . . . . . . . 18
Cloud Computing Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Key Cloud Computing Characteristics . . . . . . . . . . . . . . . . . 20
Building-Block echnologies . . . . . . . . . . . . . . . . . . . . . . . . . 23
Describe a Cloud Reerence Architecture . . . . . . . . . . . . . . . . . . . . 23
Cloud Computing Activities . . . . . . . . . . . . . . . . . . . . . . . . . 23
Cloud Service Capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Cloud Service Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Cloud Deployment Models . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Cloud Shared Considerations . . . . . . . . . . . . . . . . . . . . . . . . 34
Impact o Related echnologies . . . . . . . . . . . . . . . . . . . . . . . 38
Understand Security Concepts Relevant to Cloud Computing . . . . 43
Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Identity and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Data and Media Sanitation . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
ix
CCSP Certified Cloud Security Professional All-in-One Exam Guide
x
Virtualization Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Common hreats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Security Hygiene . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Understand Design Principles o Secure Cloud Computing . . . . . . 58
Cloud Secure Data Liecycle . . . . . . . . . . . . . . . . . . . . . . . . . 58
Cloud-Based Business Continuity/Disaster Recovery
Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Business Impact Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Functional Security Requirements . . . . . . . . . . . . . . . . . . . . . 62
Security Considerations or the Dierent Cloud Categories . . . 63
Cloud Design Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
DevOps Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Evaluate Cloud Service Providers . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Veriication Against Criteria . . . . . . . . . . . . . . . . . . . . . . . . . 71
System/Subsystem Product Certiications . . . . . . . . . . . . . . . 76
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Chapter 3 Cloud Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Describe Cloud Data Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Cloud Data Liecycle Phases . . . . . . . . . . . . . . . . . . . . . . . . . 89
Data Dispersion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Data Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Design and Implement Cloud Data Storage Architectures . . . . . . . . 93
Storage ypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
hreats to Storage ypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Design and Apply Data Security echnologies and Strategies . . . . . 96
Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Key Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
okenization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Data Loss Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Data De-Identiication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Application o echnologies . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Emerging echnologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Implement Data Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Structured Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Unstructured Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Privacy Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . . 107
Implementation o Data Discovery . . . . . . . . . . . . . . . . . . . . 107
Classiication o Discovered Sensitive Data . . . . . . . . . . . . . . 108
Mapping and Deinition o Controls . . . . . . . . . . . . . . . . . . . 108
Application o Deined Controls . . . . . . . . . . . . . . . . . . . . . . 109
Contents
xi
Implement Data Classiication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Labeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Sensitive Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Design and Implement Inormation Rights Management (IRM) . . . 112
Data Rights Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
ools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Plan and Implement Data Retention, Deletion,
and Archiving Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Data Retention Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Data Deletion Procedures and Mechanisms . . . . . . . . . . . . . . 115
Data Archiving Procedures and Mechanisms . . . . . . . . . . . . . 115
Legal Hold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Design and Implement Auditability,
raceability, and Accountability o Data Events . . . . . . . . . . . . . 118
Deinition o Event Sources . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Identity Attribution Requirements . . . . . . . . . . . . . . . . . . . . 120
Data Event Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Storage and Analysis o Data Events . . . . . . . . . . . . . . . . . . . 123
Continuous Optimizations . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Chain o Custody and Nonrepudiation . . . . . . . . . . . . . . . . . 127
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Chapter 4 Cloud Platorm and Inrastructure Security . . . . . . . . . . . . . . . . . . . 137
Comprehend Cloud Inrastructure and Platorm Components . . . . 137
Physical Hardware and Environment . . . . . . . . . . . . . . . . . . . 137
Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Management Plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Design a Secure Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Logical Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Physical Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Environmental Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Design Resilient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Analyze Risks Associated with Cloud Inrastructure and Platorms . . . 150
Risk Assessment and Analysis . . . . . . . . . . . . . . . . . . . . . . . . 151
Virtualization Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Risk Mitigation Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
CCSP Certified Cloud Security Professional All-in-One Exam Guide
xii
Plan and Implementation o Security Controls . . . . . . . . . . . . . . . . 153
Physical and Environmental Protection . . . . . . . . . . . . . . . . . 154
System, Storage, and Communication Protection . . . . . . . . . 155
Virtualization Systems Protection . . . . . . . . . . . . . . . . . . . . . 155
Identiication, Authentication,
and Authorization in a Cloud Inrastructure . . . . . . . . . . . 157
Audit Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Plan Business Continuity (BC) and Disaster Recovery (DR) . . . . . . 162
Understanding the Cloud Environment . . . . . . . . . . . . . . . . 162
Understanding Business Requirements . . . . . . . . . . . . . . . . . 163
Understanding Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Disaster Recovery/Business Continuity Strategy . . . . . . . . . . 165
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Chapter 5 Cloud Application Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Advocate raining and Awareness or Application Security . . . . . . . 179
Cloud Development Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Common Pitalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Common Cloud Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . 182
Describe the Secure Sotware Development Liecycle
(SDLC) Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Business Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Methodologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Apply the Secure Sotware Development Liecycle . . . . . . . . . . . . . 192
Cloud-Speciic Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
hreat Modeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Secure Coding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Sotware Coniguration Management and Versioning . . . . . . 198
Apply Cloud Sotware Assurance and Validation . . . . . . . . . . . . . . . 199
Cloud-Based Functional esting . . . . . . . . . . . . . . . . . . . . . . 199
Cloud Secure Development Liecycle (CSDLC) . . . . . . . . . . 199
Security esting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Quality o Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Use Veriied Secure Sotware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Approved API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Supply Chain Management . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Community Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Comprehend the Speciics o Cloud Application Architecture . . . . . 203
Supplemental Security Devices . . . . . . . . . . . . . . . . . . . . . . . 204
Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Sandboxing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Application Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Contents
xiii
Design Appropriate Identity and Access Management
(IAM) Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Federated Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Identity Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Single Sign-On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Multiactor Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Cloud Access Security Broker . . . . . . . . . . . . . . . . . . . . . . . . 211
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Chapter 6 Cloud Security Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Implement and Build the Physical and Logical Inrastructure
or the Cloud Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Hardware-Speciic Security Coniguration Requirements . . . 221
Installation and Coniguration o Management ools . . . . . . 222
Virtual Hardware Speciic
Security Coniguration Requirements . . . . . . . . . . . . . . . . 223
Installation o Guest Operating System Virtualization
oolsets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Operate the Physical and Logical Inrastructure
or the Cloud Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Access Controls or Local and Remote Access . . . . . . . . . . . . 228
Secure Network Coniguration . . . . . . . . . . . . . . . . . . . . . . . 231
Network Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . 235
OS Hardening via Application o Baselines . . . . . . . . . . . . . . 239
Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Inrastructure as Code Strategy . . . . . . . . . . . . . . . . . . . . . . . 243
Availability o Standalone Hosts . . . . . . . . . . . . . . . . . . . . . . 243
Availability o Clustered Hosts . . . . . . . . . . . . . . . . . . . . . . . . 244
Availability o the Guest Operating System . . . . . . . . . . . . . . 245
Perormance Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Hardware Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Backup and Restore Functions . . . . . . . . . . . . . . . . . . . . . . . . 247
Management Plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Implement Operational Controls and Standards . . . . . . . . . . . . . . . 249
Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Continuity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Inormation Security Management . . . . . . . . . . . . . . . . . . . . 251
Continual Service Improvement Management . . . . . . . . . . . . 252
Incident Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Problem Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Release and Deployment Management . . . . . . . . . . . . . . . . . 253
Coniguration Management . . . . . . . . . . . . . . . . . . . . . . . . . 253
CCSP Certified Cloud Security Professional All-in-One Exam Guide
xiv
Service Level Management . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Availability Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Capacity Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Support Digital Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Forensic Data Collection Methodologies . . . . . . . . . . . . . . . . 255
Evidence Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Manage Communication with Relevant Parties . . . . . . . . . . . . . . . . 257
Vendors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Customers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Partners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Regulators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Other Stakeholders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Manage Security Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Security Operations Center . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Monitoring o Security Controls . . . . . . . . . . . . . . . . . . . . . . 259
Log Capture and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Chapter 7 Legal, Risk, and Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Articulate Legal Requirements and Unique Risks Within
the Cloud Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Conlicting International Legislation . . . . . . . . . . . . . . . . . . . 269
Evaluation o Legal Risks Speciic to Cloud Computing . . . . 270
Legal Framework and Guidelines . . . . . . . . . . . . . . . . . . . . . . 270
eDiscovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Forensics Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Understand Privacy Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Dierence Between Contractual
and Regulated Personally Identiiable Inormation . . . . . . 276
Country-Speciic Legislation Related to PII and Data Privacy . . . 277
Dierences Among Conidentiality,
Integrity, Availability, and Privacy . . . . . . . . . . . . . . . . . . . 279
Standard Privacy Requirements . . . . . . . . . . . . . . . . . . . . . . . 282
Privacy Impact Assessments . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Understand Audit Processes, Methodologies, and Required Adaptations
or a Cloud Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
Internal and External Audit Controls . . . . . . . . . . . . . . . . . . . 284
Impact o Audit Requirements . . . . . . . . . . . . . . . . . . . . . . . . 285
Identiy Assurance Challenges o Virtualization and Cloud . . . 285
ypes o Audit Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Restrictions o Audit Scope Statements . . . . . . . . . . . . . . . . . 289
Contents
xv
Gap Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Audit Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Internal Inormation Security Management System . . . . . . . . 296
Internal Inormation Security Controls System . . . . . . . . . . . 297
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Identiication and Involvement o Relevant Stakeholders . . . . 298
Specialized Compliance Requirements
or Highly Regulated Industries . . . . . . . . . . . . . . . . . . . . 299
Impact o Distributed I Model . . . . . . . . . . . . . . . . . . . . . . 301
Understand Implications o Cloud to Enterprise Risk Management . . . 302
Assess Provider’s Risk Management . . . . . . . . . . . . . . . . . . . . 302
Dierence Between Data Owner/Controller vs.
Data Custodian/Processor . . . . . . . . . . . . . . . . . . . . . . . . . 302
Risk reatment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
Dierent Risk Frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Metrics or Risk Management . . . . . . . . . . . . . . . . . . . . . . . . 308
Assessment o the Risk Environment . . . . . . . . . . . . . . . . . . . 309
Understand Outsourcing and Cloud Contract Design . . . . . . . . . . 309
Business Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Vendor Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Contract Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Executive Vendor Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Supply Chain Management . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Questions and Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Appendix A Exam Review Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Quick Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Questions and Comprehensive Answer Explanations . . . . . . . . . . . 344
Appendix B About the Online Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Your otal Seminars raining Hub Account . . . . . . . . . . . . . . . . . . 423
Privacy Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Single User License erms and Conditions . . . . . . . . . . . . . . . . . . . 423
otalester Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
echnical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Glossary ..................................................... 427
his is the third edition o my irst entry into the world o writing, and I hope that you
ind this book to be a very inormative and comprehensive aid in your own proessional
development and growth. I irst want to thank Matt Walker or connecting me to this
opportunity and encouraging me to take it on.
I want to thank Wes Miller or taking on the technical editor role or the third
edition and help keeping this resource going or the rapidly growing CCSP exam. I have
known Wes or a couple o years through providing help to people studying or I
certiications, and I hope this resource will continue to help the community. I want to
thank Gerry Sneeringer or his eorts as technical editor or the irst and second editions,
but more importantly, or all the knowledge and experience he has bestowed on me or
the over 20 years I have known him.
I worked with David Henry or many years at the University o Maryland and
gained much o my knowledge about middleware and systems architecture rom him.
I owe much o my philosophy and approach to acing I challenges today to the
things I learned working or and with him. here are so many others rom my days
at the University o Maryland rom whom I learned so much. However, I want to
speciically call out John Peier, David Arnold, Spence Spencer, Kevin Hildebrand,
Prasad Dharmasena, Fran LoPresti, Eric Sturdivant, Willie Brown, Sonja Kueppers,
Ira Gold, and Brian Swartzager.
From my time at the Centers or Medicare & Medicaid Services (CMS), I want to
speciically thank Jon Booth and Ketan Patel or giving me the opportunity to move into
a ormal security position or the irst time and trusting me to oversee incredibly public
and visible systems. Also, thanks to Zabeen Chong or giving me the opportunity to join
CMS and expand beyond my roots in the academic world. Finally, I could never leave
out my dear riend Andy rusz, who rom my irst day at CMS showed me the ropes
o the workplace and became a very close personal riend. Sadly, he lost his battle with
cancer the very day I let CMS or Hewlett Packard Enterprise (HPE). I will never orget
his riendship and all he showed me!
With any project o this scale, one needs enormous support and understanding rom
bosses and coworkers. Ruth Pine was an amazing boss and was always supportive, giving
me the time and encouragement to work on this project originally, as well as giving me
the opportunity at all times to work on new challenges and expand my areas o exper-
tise, most notably with cloud and SIEM technologies. hanks also to Brian Moore,
Joe Fuhrman, Steve Larson, BJ Kerlavage, David Kohlway, Sere Konur, Jack Schato,
and the already mentioned Matt Walker or being part o an amazing team at HPE and
showing me so many dierent perspectives and new approaches to challenges! I also
have to thank some colleagues rom other companies I have worked closely with on
projects over the years or all their support and encouragement—speciically, Anna ant,
Jason Ashbaugh, and Richie Frieman.
xvii
CCSP Certified Cloud Security Professional All-in-One Exam Guide
xviii
Five years ago I was presented with the opportunity to get back to my roots in
the academic world with a terriic job at Johns Hopkins University working with the
enterprise authentication team on SSO and ederated identity systems, and I have since
moved under the CISO as a cybersecurity project manager. With a large hospital, this was
an ideal opportunity to combine my experience working in healthcare with my passion
or security. I want to thank our CISO Darren Lacey, our deputy CISO John aylor, and
the rest o our security management team: Martin Myers, Peter Chen, Alisa Sabunciyan,
Pete Donnell, Katy Banaszewski, Craig Vingsen, and Christos Nikitaras. I would also like
to thank yge Goodellow, Eric Wunder, Steve Metheny, Phil Bearmen, Anthony Reid,
Steve Molcyzk, and Andy Baldwin or expanding my security knowledge in many
dierent directions!
hank you to my parents, Richard and Susan, or all o your support and encouragement!
Last, and most certainly not least, I want to thank my amazing wie, Robyn, or
always being supportive o everything I have done proessionally and personally. With
our young kids at home, I would have never been able to even consider this project
without her help and understanding—and or running intererence with all our kids
and pets!
INTRODUCTION
Over the last decade, the term cloud has become common in the modern lexicon o
even laypersons with no connection to, training in, or expertise in the I industry. It
has become common in commercials targeting the public at large, and it’s oten used as
a main selling point or various services. Even those who do not understand what cloud
computing is or how it works have largely come to understand it as a positive eature
or a product or service, eeling it means higher reliability, speed, and an overall more
beneicial consumer experience. Many companies are locking to cloud computing at a
rapid pace due to its beneits and eatures.
With this enormous paradigm shit in the industry, the demand or skilled
proessionals who understand cloud computing has grown at a similarly rapid pace. his
demand applies to proessionals in all acets o computing, but the unique aspects and
eatures o cloud computing make the need or skilled security personnel paramount to
any organization in order to properly saeguard and protect their systems, applications,
and data.
Cloud computing represents a paradigm shit in how I experts—and certainly I
security experts—look at protecting data and the various techniques and methodologies
available to them. Some o you approaching this certiication are experienced security
proessionals and already hold other certiications, such as the CISSP. For others, this
certiication will be your irst as a security proessional. Some o you have been working
with cloud computing rom its onset, while others are learning the basics o cloud or the
irst time. his certiication guide aims to ulill the requirements o anyone approach-
ing this challenging exam, regardless o background or speciic experience in security or
general computing.
his guide will give you the inormation you need to pass the CCSP exam, but it will
also expand your understanding and knowledge o cloud computing and security beyond
just being able to answer speciic exam questions. My hope is that you will ind this guide
to be a comprehensive desktop reerence that serves you long past the exam or the core
cloud concepts and approaches.
he structure o this All-in-One guide is closely aligned with the subjects o the oicial
exam guide rom (ISC)2 and covers every objective and component o it. Beore diving
into the six domains o the CCSP exam, this guide provides a general introduction to
I security or those who are approaching the CCSP as their irst security certiication.
hose o you who are experienced and hold other security certiications may ind it a
useul reresher or basic concepts and terminology.
Regardless o your background, experience, and certiications, I hope you ind the
world o cloud computing and its unique security challenges to be enlightening and
intellectually stimulating. Cloud represents a very dynamic, exciting new direction in
computing, and one that seems likely to be a major paradigm or the oreseeable uture.
xix
Another random document with
no related content on Scribd:
Carduus. C. arvense reproduces and passes the winter by means of suckers.—
Cynara (Artichoke) has a feathery pappus and large, solitary
capitulum, with broad involucral leaves; these have a fleshy base like
the receptacle (edible).—Silylum has united filaments. S. marianum (Milk-
thistle), has leaves with numerous white spots. Onopordon (Cotton-thistle). Cnicus
(C. benedictus) has a large, many-spined thorn on the involucral leaves; pappus
trimorphic.—Lappa (Burdock) is easily recognized by the hooked
involucral leaves, which assist in the distribution of the fruit; in this
respect it differs from the other inflorescences, and also in the fact
that the pappus is short, and quickly falls off, without serving as a
means of distribution.—Carlina; the external involucral leaves are leafy,
thorny, with branched or unbranched spines standing straight out or bent
backwards; the internal ones are dry, and prolonged as dry, coloured, radiating
scales. The well-developed bristles on the receptacle and edge of the calyx are
deeply cleft and lobed.—Centaurea (Knap-weed, Fig. 607). The ray-
flowers are neuter, and generally larger than the disc-flowers; the
involucral leaves are regularly imbricate, but are frequently provided
at the apex with a dry, chaffy, often lobed, fringed appendage. The
attachment of the fruit is lateral. Serratula (Saw-wort).—Carthamus, the
outer and inner involucral leaves differ very much.—Echinops (Globe-thistle)
is characterised by having “compound capitula,” i.e. there is only one
flower in each capitulum, but many such capitula are collected into a
spherical head, which at the base may also have a few involucral
leaves. The individual capitula have narrow, linear involucral leaves.
(There are altogether about 150 species of Compositæ with 1-flowered capitula, all
from warm countries.)—Xeranthemum, Staehelina, Jurinea, Saussurea,
etc.
2. Mutisieæ, Labiate-flowered Group. Tropical (S. American) forms whose
zygomorphic flowers have a bilabiate corolla (2/3). The involucre is nearly the
same as in the Thistles.
3. Cichorieæ, Chicory Group (or Ligulifloræ). The flowers are
all ☿ and have a ligulate, 5-dentate corolla. The stylar branches are
thin and prolonged (Fig. 609 B). Laticiferous vessels occur in the
majority (in this feature they resemble the Lobeliaceæ and
Campanulaceæ).
A. The pappus is wanting, or it is scale-like, but not long and hairy.
—Cichorium (Chicory); capitula with blue flowers, borne singly or a
few together in the leaf-axil; there are two whorls of involucral
leaves, an outer one of short and radiating, an inner of more
numerous, longer and erect leaves; pappus, scale-like.—Lapsana
(Nipplewort). The few involucral leaves are nearly of the same size,
and persist forming a sort of capsule round the fruits, which are
entirely without a pappus. There are only a few flowers in the small
capitula.—Arnoseris (Swine’s-succory), Catananche, etc.
B. The pappus is long and hairy (not branched), generally fine
and snowy-white. There are no scales on the receptacle. The two
genera first considered have beaked fruits.—Taraxacum (Dandelion)
(Fig. 606 a); the capitula are many-flowered, and borne singly on the
top of a leafless, hollow stalk.—Lactuca (Lettuce) has many small,
few-flowered capitula borne in panicles.—Crepis (Hawksbeard).—
Hieracium (Hawk-weed) has many imbricate involucral leaves, and a
stiff, brittle, brownish pappus.—Sonchus (Sow-thistle); the capitula,
when a little old, have a broad base, and are abstricted above in the
form of a jug; involucral leaves imbricate; the fruit is compressed,
without a beak, ridged. The soft, white pappus falls off collectively.
C. The pappus is feathery and branched; no scales on the
receptacle.—Tragopogon (Goat’s-beard) generally has 8 involucral
leaves in one whorl. The fruit has a long beak; the rays of the
pappus are interwoven in the form of an umbrella.—Scorzonera has
fruits like the preceding, but almost without any beak; involucral
leaves many, imbricate.—Leontodon (Hawkbit) has a slightly
feathery pappus, rays not interwoven; beak absent.—Picris.
D. Long, chaff-like, deciduous scales on the receptacle; pappus
feathery.—Hypochœris (Cat’s-ear).
4. Eupatorieæ, Hemp-agrimony Group. All the flowers are most
frequently ☿; corollas tubular and regular; the involucral leaves are
not stiff and spiny; the receptacle is not covered with stiff bristles.
The stylar branches are long, club-like, or gradually tapering. There
is no swelling below the stigma.
Eupatorium (Hemp-agrimony); all the flowers are ☿.—Petasites
(Butterbur); ray-flowers ♀, disc-flowers ☿ or ♂; sometimes diœcious.
Capitula in racemes or panicles. The leaves develop after the
flowering.—Tussilago (T. farfara, Colt’s-foot) has a solitary capitulum
borne on a scaly, scape-like stem; the ray-flowers are ♀ with ligulate
corollas, disc-flowers ♂ . The leaves unfold after the flowering.
Ageratum, Mikania, Vernonia.
5. Astereæ, Aster Group (or Radiatæ, Ray-flowered). The
flowers are of two forms and different sexes; the ray-flowers are ♀
(sometimes neuter), most frequently with irregular, falsely ligulate,
radiating corollas; the disc-flowers are ☿, regular, with tubular
corollas (Fig. 610). Sometimes only tubular flowers are present, as
e.g. in Senecio vulgaris (Groundsel), and the exterior of the
capitulum is then as in the Eupatorieæ. The stylar branches are
straight, more or less flat and short (Fig. 610).
A. Anthemideæ. Involucral leaves imbricate, generally
membranous at the edge; pappus wanting, or at most a
membranous margin to the calyx, but without hairs.
[+]. Chaff-like bracts on the receptacle are found in Anthemis
(Chamomile), Anacyclus (A. officinarum), Achillea (Milfoil, Fig. 610),
Santolina, etc.
[++]. A naked receptacle is found in the following: Bellis (Daisy)
has solitary capitula on leafless stalks with white ray-flowers.—
Matricaria (Wild Chamomile) has a conical receptacle. (M. chamomilla
has a very high, hollow receptacle; M. inodora has large, odourless capitula, and
the receptacle is not hollow.)—Chrysanthemum (Ox-eye) most frequently
large, solitary capitula; flat receptacle.—Pyrethrum; pappus scanty.
—With these are classed Tanacetum (Tansy) and Artemisia
(Wormwood) with tubular corollas only.
B. Heliantheæ. Most frequently a bract to each flower is found on
the receptacle. The pappus is never exactly hairy, but consists of
scales, spines, etc., and the fruits are most frequently compressed
(Fig. 606 c).—Helianthus (Sun-flower); H. tuberosus (Jerusalem
Artichoke) has tuberous underground stems. Dahlia has tuberous
roots (Am.). Bidens (Bur-marigold, Fig. 606 c); the fruits are
compressed with 2 (or more) spines provided with reflexed barbs.—
Calliopsis; Rudbeckia; Zinnia; Tagetes has united involucral leaves,
and yellow, transparent oil-glands. Spilanthes, Galinsoga,
Melampodium, Silphium (Compass-plant), Helenium, Gaillardia.
C. Calenduleæ have 1–2 rows of involucral leaves, a naked
receptacle, and large, crescent-shaped, irregularly warted fruits, of
different forms in the same capitulum; pappus absent (Fig. 605).—
Calendula (Marigold); ray-flowers ♀, disc-flowers ♂.
D. Senecioneæ, have a fine, hairy, white pappus; no bracts,
otherwise as in Anthemideæ. The involucral leaves are most
frequently in 1–2 rows.—Senecio (Groundsel) has two whorls of
involucral leaves, which most frequently have black tips, the external
being much shorter than the internal ones (S. vulgaris has all flowers
☿ and alike).—Cacalia, Doronicum, Cineraria, Ligularia, Arnica (A.
montana; large, long-stalked capitula; leaves opposite, forming a
kind of rosette).
E. Astereæ have a bristle-like, unbranched pappus, often of a
dingy brown; receptacle naked; involucral leaves numerous,
imbricate.—Solidago (Golden-rod); capitula small, yellow-flowered,
borne in panicles. Aster; disc-flowers most frequently yellow, ray-
flowers violet; Callistephus; Erigeron (Flea-bane)—Inula.—All the
corollas are tubular in: Gnaphalium (Cud-weed); involucral leaves
dry, rattling, often coloured; the foliage-leaves and stem often white
with woolly hairs; ray-flowers ♀ , with narrow, tubular corolla; disc-
flowers ☿ (few). Antennaria (Cat’s-foot; diœcious), Filago,
Helichrysum, Ammobium, Rhodanthe and others. Leontopodium (L.
alpinum, “Edelweiss”).
F. Ambrosieæ, a very reduced type of Compositæ, differing from the others in
having free anthers; the capitula are generally unisexual, monœcious, the ♂ borne
in a terminal inflorescence, the ♀ in the leaf-axils. In other respects they are most
closely related to Heliantheæ.—Xanthium. In the ♂ -capitula there are many
flowers without calyx, but with tubular corolla and free involucral leaves. In the ♀-
capitula there are only 2 flowers, which are entirely destitute of both calyx and
corolla; involucral leaves 2-spined, united to form an ovoid, bilocular envelope,
each compartment containing one flower. The envelope of involucral leaves unites
with the fruits, enclosing them at maturity with a hard covering from which
numerous hook-like spines project, assisting very greatly in the distribution of the
fruit. The whole structure thus finally becomes a 1- or 2-seeded false nut.—
Ambrosia, the ♀ capitulum 1-flowered.
Pollination. The flowers are somewhat insignificant, but become very
conspicuous owing to a number being crowded together in one inflorescence. The
corollas of the ray-flowers, being often very large (Astereæ; Centaurea), frequently
render the capitula still more conspicuous. The capitula display many biological
phenomena similar to those often shown by the individual flowers in other orders,
e.g. by periodically opening and closing, in which the involucral leaves resemble
the calyx in their action. (The name “Compositæ” originates from the term “flos
compositus,” composite flower). An abundance of honey is formed, which to some
extent fills up the corolla-tube, and since insects may visit a number of flowers in
the course of a short period they are very frequently visited, especially by
butterflies and bees. The pollination has been described on page 567. Protandry is
universal. In the bud the tips of the styles, covered by the sweeping-hairs, lie
closely enveloped by the anther-tube; in the next stage the style grows through the
tube and sweeps out the pollen as it proceeds; ultimately the stylar branches
expand and the stigma is then prepared to receive the pollen. In many, the
sensitiveness of the filaments assists in sweeping out the pollen at the exact
moment of the insect visit. Regular self-pollination is found e.g. in Senecio
vulgaris; wind-pollination e.g. in Artemisia and the plants related to it.
This extremely natural and well-defined order is the largest (and no doubt one
of the youngest?); it embraces 10–12,000 known species (in 770 genera), or about
one-tenth of all Flowering-plants. They are distributed over the whole globe, but
are most numerous in temperate countries; the majority prefer open spaces; a
smaller number are forest-forms. They abound especially in open districts in
America.
Among the substances frequently found may be mentioned: Inulin (especially
in the subterranean parts), Bitter materials, Tannin, volatile oils, fatty oils in the
fruits. Medicinal:[40] “Herba” of Artemisia absinthium (Wormwood) and
maritima[+] (Sea-wormwood), Achillea millefolium; the leaves of Cnicus benedictus
and Tussilago farfara; the unopened capitula of Artemisia maritima, var.
stechmanniana; the capitula of Tanacetum, Matricaria chamomilla[+] (wild
Chamomile), Anthemis nobilis[+] (common Chamomile); the separate flowers of
Arnica; the roots of Arnica montana[+], Taraxacum officinale[+], Anacyclus
officinarum[+], Lappa major, minor, nemorosa and tomentosa, Inula helenium and
Artemisia vulgaris; the latex of Lactuca virosa[+]. The following are cultivated for
food:—Lactuca sativa (Lettuce), Cichorium endivia (from E. Asia, for salads),
Cynara scolymus (Artichoke, Mediterranean), Scorzonera hispanica (S. Eur.),
Helianthus tuberosus (Jerusalem Artichoke, from N. Am., introduced into Europe
1616), Cichorium intybus (roots as “chicory,”) Tragopogon porrifolium (Salsafy),
Artemisia dracunculus. Oil is extracted from the following (the seeds): Helianthus
annuus (Peru), Madia sativa (Chili), Guizotia oleifera (Abyssinia). Dyes from:
Carthamus tinctorius (Safflower, used in the preparation of rouge; Egypt),
Serratula tinctoria. Insect-powder from: Pyrethrum cinerariifolium (Dalmatia) and
roseum (Persia, Caucasus). The following are cultivated in houses and gardens for
the sake of their scented leaves:—Tanacetum balsamita (Balsam), Artemisia
abrotanum (Southernwood) and A. argentea. A great many of the genera
enumerated are cultivated in dwelling-houses for the sake of the flowers; e.g.
Pericallis cruenta (generally termed “Cineraria”). Asteriscus pygmæus is supposed
to be the genuine “Rose of Jericho”; the involucral leaves envelop the fruits after
their ripening and keep them enclosed for 8–10 months until rain occurs.
APPENDIX ON THE CLASSIFICATION OF PLANTS.
By M. C. POTTER.
The earliest systems of classification were derived from the
properties and uses of plants; and it was not until some two
centuries ago that any scientific grouping of plants was attempted.
Aristotle and Theophrastus had adopted the groups of Trees, Shrubs
and Herbs as the chief divisions of the Vegetable Kingdom, a system
which persisted and was employed by Tournefort and Ray as late as
the end of the 17th century. The arrangement by which these three
divisions were separated into smaller divisions was often founded
upon a single character, such as the formation of the corolla, the
form of fruit, that of the calyx and corolla, etc. All these systems of
classification which brought into close proximity plants distinguished
by some one character alone, could only be considered as artificial,
since plants related to one another would not necessarily be
included in the same group. As the knowledge of the morphology,
physiology, and reproduction of plants increased, such systems were
recognised as unscientific, and it became the aim of botanists to
establish a natural system, founded upon mutual relationships, which
would associate together only those plants which are truly allied.
The following are some of the chief systems of classification
which will show the gradual development of the natural system, and
may be of service to students making use of this text-book.[41]
System of John Ray (1703).
I. Herbæ.
A. Imperfectæ (Flowerless).
B. Perfectæ (Flowering).
Dicotyledones.
Monocotyledones.
II. Arbores.
A. Monocotyledones.
B. Dicotyledones.
Ray was the first botanist who recognised the importance of the
one or two seed-leaves of the embryo, and initiated the division of
the Flowering-plants into Monocotyledons and Dicotyledons.
System of Linnæus (1733).
In his well known artificial system Linnæus divided the Vegetable
Kingdom into twenty-four classes, based upon the number, relative
position and union of the stamens with regard to each other, and
also to the gynœceum.
I. Monandria. Flowers 1 stamen.
Class
with
„ II. Diandria. „ „ 2 stamens.
„ III. Triandria. „ „ 3 „
„ IV. Tetrandria. „ „ 4 „
„ V. Pentandria. „ „ 5 „
„ VI. Hexandria. „ „ 6 „
„ VII. Heptandria. „ „ 7 „
„ VIII. Octandria. „ „ 8 „
„ IX. Enneandria. „ „ 9 „
„ X. Decandria. „ „ 10 „
„ XI. Dodecandria. „ „ 11 to 19 stamens.
XII. Icosandria. „ „ 20 or more stamens inserted on the
„
calyx.
XIII. Polyandria. „ „ 20 or more stamens inserted on the
„
receptacle.
„ XIV. Didynamia. Stamens didynamous.
„ XV. Tetradynamia. „ tetradynamous.
„ XVI. Monadelphia. Filaments united into 1 bundle.
„ XVII. Diadelphia. „ „ „ 2 bundles.
„ XVIII. Polyadelphia. „ „ „ several bundles.
„ XIX. Syngenesia. Anthers united together.
„ XX. Gynandria. Stamens and pistil united.
„ XXI. Monœcia. Flowers diclinous, ♂ and ♀ on the same plant.
„ XXII. Diœcia. „ „ ♂ and ♀ on different plants.
„ XXIII. Polygamia. ♂-, ♀-, and ☿-flowers on the same plant.
„ XXIV. Cryptogamia. Flowerless plants (Ferns, Mosses, Algæ, Fungi).
These classes were further divided into orders, according to the number of
styles, as Monogynia, flowers with 1 style; Digynia, with 2 styles, etc. Thus a Dock
(Rumex), having 6 stamens and 3 styles, would be placed in Class VI.,
Hexandria, and Order III., Trigynia.
Class XIV. was divided into two orders. Order I., Gymnospermia, with seeds
apparently naked, comprising the Labiatæ; and Order II., Angiospermia, with the
seeds enclosed in a capsule (Bartsia, Rhinanthus).
Class XV. was divided into two orders: Order I., Siliculosa, fruit a silicula
(Capsella); and Order II., Siliquosa, fruit a siliqua (Brassica).
Class XIX. was divided into Order I., Æqualis, all the flowers perfect (Sonchus);
Order II., Superflua, flowers in the centre perfect, those at the circumference with
pistils only (seemingly superfluous), e.g. Aster; Order III., Frustranea, flowers in
the centre perfect, those at the circumference neuter, e.g. Centaurea.
“Fragments” of a natural system have also come down to us from Linnæus, who
himself always recognised the imperfection of his artificial system.
I. POLYPETALÆ.
Series I. Thalamifloræ. Calyx most often free from the ovary.
Petals uniseriate or often 2–∞-seriate. Stamens ∞ or definite,
inserted on the receptacle, often small, or raised, or stipitate. Ovary
most frequently free.
Cohort I. Ranales. Stamens ∞, or if definite the perianth is 3–∞-
seriate. Carpels apocarpous, or immersed in the receptacle.
Endosperm usually abundant, fleshy.
Order 1. Ranunculaceæ.
„ 2. Dilleniaceæ.
„ 3. Calycanthaceæ.
„ 4. Magnoliaceæ.
„ 5. Anonaceæ.
„ 6. Menispermaceæ.
„ 7. Berberideæ.
„ 8. Nymphæaceæ.
Series II. Discifloræ. Calyx usually free from the ovary. Petals
uniseriate. Stamens usually definite, inserted within, or upon, or
around the receptacle, which is more often expanded as a disc.
Ovary usually free, or embedded in the disc.
Cohort VII. Geraniales. Disc usually as a ring between the
stamens, or adnate to the staminal tube, or reduced to glands
alternating with the petals, more rarely absent. Gynœceum entire, or
more often lobed, or sub-apocarpous. Ovules most often 1–2 in each
loculus, pendulous, raphe ventral. Leaves various.
Order 34. Lineæ.
„ 35. Humiriaceæ.
„ 36. Malpighiaceæ.
„ 37. Zygophylleæ.
„ 38. Geraniaceæ.
„ 39. Rutaceæ.
„ 40. Simarubeæ.
„ 41. Ochnaceæ.
„ 42. Burseraceæ.
„ 43. Meliaceæ.
„ 44. Chailletiaceæ.
II. GAMOPETALÆ.
Series I. Inferæ. Ovary inferior. Stamens equal to the lobes of the
corolla, rarely fewer.
Cohort I. Rubiales. Stamens adnate to the corolla. Ovary 2–∞-
locular, loculi 1–∞-ovuled.
Order 83. Caprifoliaceæ.
„ 84. Rubiaceæ.