Cloud Application Architecture
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Cloud Security Professional premium course — no separate purchase.
Included in this chapter:
- Supplemental security components and the layer each protects
- Cryptography and key placement inside the application
- Sandboxing, microservices, and container isolation
- Exam-pattern recognition for cloud application architecture
Supplemental security components: which layer each one protects
| Component | Layer it inspects | Primary threat it addresses | What it does NOT cover |
|---|---|---|---|
| Web application firewall (WAF) | HTTP/HTTPS, layer 7 | Injection, XSS, OWASP Top 10 web patterns | XML schema attacks; in-database activity; non-HTTP traffic |
| XML firewall (XML gateway) | XML/SOAP messages | XML injection, schema violations, entity expansion (billion laughs) | Generic web app attacks outside XML; database queries |
| API gateway | API requests (REST/SOAP/gRPC) | AuthN/Z, rate limiting, request validation, metering | Deep content inspection of payloads; data-at-rest protection |
| Database activity monitoring (DAM) | Database queries and sessions | Privileged/abnormal access, SQLi seen at the DB, exfiltration | Pre-DB request filtering; encryption of the data itself |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
References
- OWASP Top 10 — Standard awareness document for web application security risks
- OWASP XML External Entity Prevention Cheat Sheet (entity expansion / billion-laughs DoS)
- NIST Cryptographic Module Validation Program (FIPS 140-2 / FIPS 140-3 module validation) Whitepaper
- NIST SP 800-57 Part 1 Rev. 5 — Recommendation for Key Management Whitepaper