3.6 - Cloud Security Flashcards
What is an availability zone (AZ)?
Isolated locations within a cloud region (geographical location). It commonly spans across multiple regions. Each AZ has independent power, HVAC, and networking.
What is identity and access management (IAM)?
Determines who gets access and what they get access to. It can map job functions to roles, provide access to cloud resources, and centralize user accounts.
What is secret management in cloud security?
A practice that allows developers to securely store sensitive data such as passwords, keys, and tokens, in as secure environment with strict access controls.
How might you prevent public access in the public cloud?
1) Identity and Access Management (IAM)
2) Bucket policies
3) Globally blocking public access
4) Don’t put data in the cloud unless it really needs to
be there
Explain server-side encryption and client-side encryption when storing data in the cloud.
Server-side encryption
- Encrypt the data when it is being stored on the
disk in the cloud
Client-side encryption
- Data is already encrypted when it’s sent to the
cloud
- Performed by the application
What are the benefits of replication in the cloud?
Disaster recover and high availability
Data Analysis
Backups
What are three types of cloud?
1) Private cloud
2) Public cloud
3) Hybrid cloud
What is a virtual private cloud (VPC)?
A secure, isolated private cloud hosted within a public cloud.
What is a VPC endpoint?
Allow private cloud subnets to communicate to other cloud services. Act like a VPN.
What is a Cloud access security broker (CASB)?
Implements zero-trust access control and policy enforcement for cloud environments. It can provide visibility, compliance, threat prevention, and data security.
It can be implemented as client software, local security appliances, or cloud-based security solutions.
What is an Next-Gen Secure Web Gateway (SWG)?
Protects an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic.