Cloud Training

 View Only
Expand all | Collapse all

Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

  • 1.  Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Thu September 01, 2022 12:58 PM
    Edited by M. Dee Starliper Thu June 22, 2023 08:43 AM

    The ICCT Security Engineer Specialty Study Jam material and replays are now available! Since IBM employee training is tracked internally, there are a few links that differ for the material below depending on whether you are an IBM employee. Please use the appropriate links.

    IBM Cloud Enthusiast Links

     

    IBM Employee Cloud Enthusiast Links

    IBM Cloud Security Engineer Specialty Learning Plan

     

    IBM Cloud Security Engineer Specialty Learning Path

    IBM Cloud Prep Web App – flash cards and study guides

     

    IBM Cloud Prep Web App – flash cards and study guides

    Study Jam Materials 
    • Discussion threads on IBM Community
    • Jam Replay for Day 1
    • Jam Replay for Day 2
    • Jam Replay for Day 3
      • Correction made on 27 Oct 2022: In Day 3 in the section titled, "Manage Access Control," the correct answer is D. JSON and CSV. Refer to study prep materials for Section 4 – Manage Access Controls for further explanation.
    • Slides
      Study Jam Materials 
    • Discussion threads on IBM Community
    • Jam Replay for Day 1
    • Jam Replay for Day 2
    • Jam Replay for Day 3
      • Correction made on 27 Oct 2022: In Day 3 in the section titled, "Manage Access Control," the correct answer is D. JSON and CSV. Refer to study prep materials for Section 4 – Manage Access Controls for further explanation.
    • Slides

    Free Sample Test - Scroll down to the link on the right side of the page

     

    Free Sample Test - Scroll down to the link on the right side of the page

    Assessment Exam - Scroll down to the link on the right side of the page (NOTE: There is a $30 USD fee to take the assessment exam.)

     

    Assessment Exam - Scroll down to the link on the right side of the page


    Information about the promotions and badge shared during the Study Jam:

    • 50offICCT promotion code - Get 50% when you register and schedule your ICCT Cloud exam using the promotion code. Limited to one usage per candidate while supplies last at https://home.pearsonvue.com/ibm
    • Second Chance promotion - Retake an ICCT certification exam for free if you don't pass the first time. Refer to the Second Chance page for details.
    • ICCT Faces Showcase - Become IBM Cloud certified and be featured on the ICCT website. Refer to the ICCT Faces page for details.
    • IBM Cloud Security Engineer Accelerator badge - Earn the badge by attending the live Study Jam sessions or watching the replays and passing the Study Jam quiz. Refer to the badge page to learn more.

    Let's use this thread to discuss and ask questions about the IBM Cloud Security Engineer Specialty certification and curriculum. You can ask questions for our subject matter experts and crowdsource answers too.

    Be sure to share your certification journey on your social channels. Use the hashtags: #IBM #IBMCloud #ibmcloudcertified.

    ------------------------------
    Millie Starliper
    -----------------
    ICCT Project Manager
    ------------------------------



  • 2.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Fri September 30, 2022 06:21 AM
    Hi all, 

    Here's a list of the Questions and Answers provide in the Q&A over the three days of the Jam - thanks again for all your great questions!

    Question

    Answer

    Where can I find Frequently Asked Questions?

    ICCT certification FAQs are here: https://ibm.biz/ICCT-Cert-FAQs

    What if I have questions after the event?

    Post questions and find Q&As on our IBM Community Discussion board

    https://ibm.biz/ICCT-SecEngJam

    Hello Tami, Good morning... I have a question....I am from non technical background and have zero knowledge about Cloud but I am inended to learn Cloud and shift my career from Finance to IT.....how feasible is this?

    Good day to you too. With committment to learning, you should be able to meet your goal. I recommend that you take the IBM Cloud Advocate cert, and then IBM Cloud Technical Advocate cert. That will help you understand Cloud. Then, you can move to an appropriate role based or speciality Cloud curriculum/cert.

    Is this still the official training plan for the IBM Cloud Security Engineer (for IBM'ers) => https://yourlearning.ibm.com/activity/PLAN-F3A012801E4A

    Yes, https://yourlearning.ibm.com/activity/PLAN-F3A012801E4A is the correct link.

    Regarding all rules are evaluated, regardless of order -> what would happen if there are conflicting rules defined? the rule evaluation does not stop after finding a match?

    With Security Groups, the rule are allowing traffic - by default everything is blocked - so a rule can only open up access - therefore you cant have conflicts.

    You can have a situation where there are multiple security groups applied to VSI too.... again, if one OPENS access to port 80, but the others don't, then the server will be reachable on Port 80

    Are VMWare HCX and VMWare NSX-t same?

    Hi - no, they are different VMware software components. HCX provides networking that spans between locations - say on premiese to cloud - and allows you to seamlessly move workloads / VMs from one location to another. VMware NSX-T is the networking component that a VMware vSphere / vCenter implementation uses between it's nodes and services

    could you please explain the order of the ACL allow / deny once again and the Diffie Helman group...

    Sure - so ACL rules are evaluated in order and once a rule applies, no more rules are 'read'. So, If you had two rules in this order 1. ALLOW 10.10.0.0/24 and DENY 10.10.0.10 - if a request came from a machine with the IP address 10.10.0.10, access would be allowed becasue it's part of the 10.10.0.0/24 CIDR block range.......

    However, flip the rules to 1. DENY 10.10.0.10 2. ALLOW 10.10.0.0/24 - a request from that same IP would be denied, basially because in each case, the first rule applies and the second rule is then ignored. So this shows why order is important...

    But access would be allowed to only that IP range - right? why would it allow to the one which we have asked to blcok ?

    So, yes, access is being allowed for the block 10.10.0.0/24 - and of course, 10.10.0.10 is part of that block. So, if the ACL has a rule that says ALLOW 0.10.0.0/24, it will allow any IP in that block access, even if the next rule says specifically DENY 10.10.0.10 - basically because that rule won't be processed.

    It's only if you have the DENY 10.10.0.10 first, that the address will be blocked

    stock image means managed image by IBM?

    yes, the terminology 'stock image' refers to predefined OS images offered by IBM Cloud

    Hi James, Can you throw some more light on the Private Service End Point with an example maybe?

    Sure! So one way that IBM Cloud can expose it's services is via Service Endpoints. These are secured using access keys. A Public enpoint is one that's available via the internet - and so is exposed to anyone that wants to access it - where as a Private endpoint is exposed only on the IBM Cloud private network, so only your services can access it and then only through the private network, no need to go out to the internet. Examples where these can be used - services like IBM Cloud Databases or Object Storage

    Hello James, Is there a plan to have session for Cloud Advocate. If yes when , if its aleady over can u pls share me the recording links. Thanks :)

    Here is a link to the recordings from a recent Cloud Advocate jam, https://w3.ibm.com/services/lighthouse/videos/series/2084

    Here is a link to the study materials an recordings from the June jam, https://community.ibm.com/community/user/cloud/discussion/study-jam-discussion-for-ibm-cloud-advocate-2022#bm108e3a23-255b-44cd-8a02-a94dfb394d7b

    Yep, we've already had one and recordings are available.... check this page https://icct-study-jam.17f48735.public.multi-containers.ibm.com/#/lessons/m99zTb1vvhZN0CBBQ84VrDbFOzkdE3_0

    No charge between the regions in IBM cloud?

    So, if SG disable/deny access to port 80, but then for some weird reason the local IP table rule allows access to port 80, then the access to port will in effect be allowed? (Bad practice, I would say.)

    In the scenario you describe, my guess is Nope, the packet would never reach the OS since the Security Group blocked it already.

    Wow! That's a big differentiator for us. Thanks.

    i do this with IBM Cloud Object Storage , too. I tell my developers to configure their microservices to point at the IBM COS private endpoint rather than the public endpoint -- it keeps traffic off the public internet (which is more secure), and it's free since the traffic stays on the IBM Cloud private network

    How is going evaluation of communication from external into VSI? 1.Firewall -> 2.SG -> 3.ACL -> 4. IP Tables, is it proper way?

    I would say Yes, that sounds like the flow a packet would take, but i would also comment that the front-end firewall in your scenario is likely overkill... If we are talking about a VPC, then i would argue that setting up a firewall in front of your VPC is overkill. (i don't personally do that in my env.)

     

    Hi ,Can you pls help me with the recordings of the IBM technical advocate JAM conducted on 20th - 22nd September

    Sure, try here https://icct-study-jam.17f48735.public.multi-containers.ibm.com/#/lessons/m99zTb1vvhZN0CBBQ84VrDbFOzkdE3_0

    All of the replays are listed in the IBM Community when you log in. https://ibm.biz/ICCT-TechAdv-Jam

    So that "Customizing Pod Security Policies" also applies to ROKS and not just IKS?

    There is a lot of cross-over between IKS and OpenShift, though the way OS appies some of these polices from the user's view can be different. In terms of the slide, this was specifically for IKS.

    yeah standard Kube pod security policies apply to ROKS clusters too ... (am trying to find the IBM Cloud documentation that talks about this, but haven't found it yet)

    Found an article related to this topic.

    Pod security admission in ROKS https://cloud.ibm.com/docs/openshift?topic=openshift-pod_security_admission

    HITRUST or HYTRUST?

    It's HyTrust

    The old product name is HyTrust CloudControl, the new name is Entrust CloudControl https://cloud.ibm.com/docs/vmwaresolutions?topic=vmwaresolutions-entrust-cc_considerations

    How does IBM Cloud implement Entrust KeyControl - what services fullfill this ?

    Entrust KeyControl has actaully recently been depricated but existing instances can continue to be used. It's deployed as an appliance and was available to use against VMware vCenter Server instances

    Hi James....Could we get to little more regarding Zero trust model....is it ionly for Vmware workloads or is relevant for other areas also

    It's relevant for most, if not all areas of Cloud Security. IBM Cloud is based on allowing access, as opposed to denying access

    Where can we find the Q&A transcripts for previous Jams and yesterdays session adn this session

    Here is a link to previous jams, https://icct-study-jam.17f48735.public.multi-containers.ibm.com/#/lessons/m99zTb1vvhZN0CBBQ84VrDbFOzkdE3_0 and we will provide materils for this jam atg the end of the event

     



    ------------------------------
    James Belton
    ------------------------------



  • 3.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Mon October 03, 2022 09:18 AM
    Hi James, Thanks for adding all the Q&A. Request you kindly add the slides as well. In "Thank You" email that I got after the Jam does not have link to Slides. Also noted in the prev JAM for Security Track - Slides are note there. 
    Also completed - IBM Cloud Security Engineer Accelerator badge but did not get any email from Credly on the Badge allocation. Please advise. Kind Regards, Dev

    ------------------------------
    Dev Verma
    ------------------------------



  • 4.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Mon October 03, 2022 09:39 AM
    Hi Millie, Thanks for sharing this detailed note on Study Jam. Request you to please add - Slides, it seems not uploaded at all. Kind Regards, Dev


    ------------------------------
    Dev Verma
    ------------------------------



  • 5.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Tue October 04, 2022 09:22 AM
    My apologies for the delay - the slides are now added. Please let me know if you have any further trouble or questions. Good luck with studying!

    ------------------------------
    Millie Starliper
    ------------------------------



  • 6.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Tue October 04, 2022 12:41 PM
    Sincere thanks, appreciate it.

    ------------------------------
    Dev Verma
    ------------------------------



  • 7.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Sun October 23, 2022 11:50 AM
    Dear Millie,

    Pleased to inform you that I passed IBM Cloud Security Engineer Speciality by yesterday, thanking you, Mr. James and rest of all in front and behind scene who work hardly to bring such knowledge worthy and easy to learn and practice contents

    ------------------------------
    Sadique Mohamed
    ------------------------------



  • 8.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Mon October 24, 2022 12:23 PM
    🎉  Congratulations, Sadique! On behalf of the whole IBM Center for Cloud Training team - thank you for your note. We love to see it! Keep it up and let us know what certification you're planning to do next. 🤓

    ------------------------------
    Millie Starliper
    ------------------------------



  • 9.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Mon October 24, 2022 03:57 PM
    I'm working as SRE for FileNet & WebSphere, training plan to focus more on Security so I've to go through everything as much as possible :)

    ------------------------------
    Sadique Mohamed
    ------------------------------



  • 10.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Tue October 25, 2022 10:38 AM
    Nice one, @Sadique Mohamed! Congratulations! ​

    ------------------------------
    James Belton
    ------------------------------



  • 11.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Tue October 25, 2022 12:30 PM
    Is this course free? IBM cloud security engineer.






  • 12.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Tue October 25, 2022 01:14 PM





  • 13.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Tue October 25, 2022 01:20 PM
    Thanks 






  • 14.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Thu October 27, 2022 06:58 PM
    @Natalie Brooks Powell
    There's free second shot chance who didn't pass first attempt in professional exams, why can't provide discount voucher to whom passed in first attempt?
    :)

    SRE, DevSecOps, & FS Speciality exams are just doorsteps far...

    https://www.credly.com/users/essyem

      ​​

    ------------------------------
    Sadique Mohamed
    ------------------------------



  • 15.  RE: Study Jam Discussion for IBM Cloud Security Engineer Specialty 2022

    Posted Wed October 26, 2022 05:36 AM
    @James Belton

    Thank you very much Sir​

    ------------------------------
    Sadique Mohamed
    ------------------------------