Domain 8 - Virtualisation and Containers

Question 1

________ is the core technology for enabling
cloud computing. It is the technology
used to convert fixed infrastructure into these pooled resources.It provides the abstraction needed for resource pools, which are then managed using orchestration.

Answer 1

Virtualisation

Question 2

Virtualisation adds 2 new layers of security controls

Answer 2

• Security of the virtualisation technology itself (e.g. securing hypervisor)
• Security control for the virtual assets

Question 3

True/False: The cloud
provider will always be responsible for securing the physical infrastructure and the virtualization
platform itself. Meanwhile, the cloud customer is responsible for properly implementing the
available virtualized security controls and understanding the underlying risks, based on what is
implemented and managed by the cloud provider.

Answer 3

True

Question 4

True/False: Compute virtualization abstracts the running of code (including operating systems) from the
underlying hardware. Instead of running directly on the hardware, the code runs on top of an
abstraction layer that enables more flexible usage, such as running multiple operating systems on
the same hardware (virtual machines). T

Answer 4

True

Question 5

2 Cloud Provider responsibilities in Compute Virtualisation

Answer 5

• Enforce Isolation

- Securing virtualisation infrastructure

Question 6

True/False: The primary responsibility of the cloud user in Compute Virtualisation is to properly implement the security of whatever it deploys within the virtualized environment

Answer 6

True

Question 7

Cloud User Security Controls in Managing Compute Virtualisation

Answer 7

• Security settings such as identity management to the virtual resources
• Monitoring and logging
• Image Asset management
• Use of dedicated hosting
• Standard security of the workload
• Deployment of secure configurations

Question 8

2 General Compute Security concerns

Answer 8

• Virtualised resources tend to be more ephemeral and change a rapid space
• Host Level monitoring/logging may not be available

Question 9

True/False: The cloud provider is primarily responsible for building a secure network infrastructure and
configuring it properly. The absolute top security priority is segregation and isolation of network
traffic to prevent tenants from viewing another’s traffic. This is the most foundational security
control for any multitenant network.

Answer 9

True

Question 10

True/False: Cloud users are primarily responsible for properly configuring their deployment of the virtual
network, especially any virtual firewalls.

Answer 10

True

Question 11

True/False: The cloud user is, again, responsible for proper rights management and configuration of exposed
controls in the management plane. When virtual firewalls and/or monitoring don’t meet security
needs, the consumer may need to compensate with a virtual security appliance or host security
agent.

Answer 11

True

Question 12

___________ are a special kind of WAN virtualization technology for created networks
that span multiple “base” networks. For example, an overlay network could span physical and
cloud locations or multiple cloud networks, perhaps even on different providers.

Answer 12

Cloud overlay networks

Question 13

3 Components of Software container

Answer 13

• The execution environment
• An orchestration and scheduling controller
• A repository for the container images or code to execute