3.6 - Cloud Security Flashcards

1
Q

What is an availability zone (AZ)?

A

Isolated locations within a cloud region (geographical location). It commonly spans across multiple regions. Each AZ has independent power, HVAC, and networking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is identity and access management (IAM)?

A

Determines who gets access and what they get access to. It can map job functions to roles, provide access to cloud resources, and centralize user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is secret management in cloud security?

A

A practice that allows developers to securely store sensitive data such as passwords, keys, and tokens, in as secure environment with strict access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How might you prevent public access in the public cloud?

A

1) Identity and Access Management (IAM)
2) Bucket policies
3) Globally blocking public access
4) Don’t put data in the cloud unless it really needs to
be there

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain server-side encryption and client-side encryption when storing data in the cloud.

A

Server-side encryption
- Encrypt the data when it is being stored on the
disk in the cloud

Client-side encryption
- Data is already encrypted when it’s sent to the
cloud
- Performed by the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the benefits of replication in the cloud?

A

Disaster recover and high availability
Data Analysis
Backups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are three types of cloud?

A

1) Private cloud
2) Public cloud
3) Hybrid cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a virtual private cloud (VPC)?

A

A secure, isolated private cloud hosted within a public cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a VPC endpoint?

A

Allow private cloud subnets to communicate to other cloud services. Act like a VPN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Cloud access security broker (CASB)?

A

Implements zero-trust access control and policy enforcement for cloud environments. It can provide visibility, compliance, threat prevention, and data security.

It can be implemented as client software, local security appliances, or cloud-based security solutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an Next-Gen Secure Web Gateway (SWG)?

A

Protects an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly