# Cloud SOC Operations (CSPM/CWPP/CIEM) One-sentence definition: Operating posture and workload identity security across cloud accounts, workloads, and entitlements. ## Key Facts - CSPM: config drift/misconfig detection; CIEM: least privilege for cloud IAM. - CWPP: runtime protection—process/network anomalies, workload hardening. - Centralize cloud logs (control plane, data plane) with guardrails. - Automate remediation for low-risk findings; tickets for high-risk. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose CSPM/CIEM/CWPP blend to cover cloud gaps. **Mnemonic:** “**Posture, privilege, protect**.” ## Mini Scenario Q: Public S3 bucket alert—operational response? A: Auto-remediate policy deny; ticket owner; verify no exposure. ## Revision Checklist - Define three tool classes. - Logging sources. - Auto-remediation rule. ## Related [[Cloud Security Assessment (Shared Responsibility)]] · [[Least Privilege in Cloud (Guardrails and Boundaries)]] · [[Configuration Drift Detection and Continuous Compliance]] · [[Security Dashboards and Executive Metrics]] · [[Domain 7 - Index]]