CCSP Domain 3: Cloud Platform & Infrastructure Security Flashcards
Reservation, compute
guarantees a minimum resource allocation per vm
Limits, compute
a maximum (ceiling) resource allocation at the vm or service level
Shares, compute
a queue that arbitrates contention over compute resources when those resources become constrained
Network Function Virtualization (NFV)
NFV decouples network services from hardware deployment allowing for software defined data prioritization
Software Defined Networking (SDN)
Management plane
Control plane
Data plane
The architecture of SDN is focussed on the forwarding of data rather than the function of infrastructure.
Management plane: applications that manage the control plane
Control plane: control of network functionality and programability
Data plane / Forwarding plane: infrastructure such as switches and routers
Storage Area Network (SAN)
Consolidated block-level data storage often used to enhance storage devices (e.g. disk arrays, tape libraries, etc.).
Network-attached Storage (NAS)
A file-level computer data storage server connected to a computer network to allow sharing at the local level.
Interoperability between cloud services
Policy Behavioral Transport Syntactic Semantic
Policy: do both services meet or exceed the laws, regulations, and organizational mandates required by the cloud customer.
Behavioral: is there service parity – both can deliver the same ‘behaviors’ and outcomes?
Transport: are the transport technologies (HTTPS, TLS, etc.) apples to apples or interoperable?
Syntactic: source system shares data using technologies that can be decoded within the target system such as JSON, XML, or open virtualization format (OVF).
Semantic: transfer from source to target such that the data model is understood by the target – e.g. the formula for derived data values are disclosed to enable replication, repetition, or modification.
Cloud data portability
Syntactic
Semantic
Policy
Syntactic: source system shares data using technologies that can decode within the target system such as JSON, XML, or open virtualization format (OVF).
Semantic: transfer from source to target such that the data model understood by the target – e.g. the formula for derived data values are disclosed to enable replication, repetition, or modification.
Policy: do both services meet or exceed the laws, regulations, and organizational mandates required by the cloud customer.
ISO/IEC TS 22237-2
Requirements for construction of data centers; key areas of focus are location / site selection, construction standards, building configuration, fire protection, and quality measures.
Uptime institute tiers
CCSP should always note the difference between uptime and availability.
Tier I: basic site infrastructure
(e.g. 80% uptime)
Tier II: redundant site infrastructure capacity components
(e.g. 90% uptime)
Tier III: concurrently maintainable site infrastructure
(e.g. 95.0% uptime)
Tier IV: fault-tolerant site infrastructure
(e.g. 99.9%)
Types of fire detectors
Flame: photoelectric [ infrared, visible light, UV ]
Smoke: photoelectric, ionization
Heat: rate-of-rise in temperature
Fire suppression, Gas Systems
Aero-K: aerosolized potassium (non-corrosive)
FM-200: liquified compressed gas (does not displace oxygen – can be used in populated spaces)
Cyber Kill Chain
Reconnaissance Weaponization Delivery Exploitation Installation Command and Control Actions of objectives
A model for event and incident management:
Reconnaissance: attacker surveils target environment
Weaponization: attacker determines and optimizes exploits
Delivery: attacker delivers the exploits
Exploitation: exploits find purchase in the target environment
Installation: attacker seeks to persist their presence in the target environment
Command and Control: attackers seeks to establish two-way, persistent, communication channel – i.e. maintain persistence
Actions of objectives: attacker exfiltrates, destroys, etc., per their attack objective
