Chapter 6: Securing the Cloud Flashcards Preview

CompTIA Security+ > Chapter 6: Securing the Cloud > Flashcards

Flashcards in Chapter 6: Securing the Cloud Deck (8)
Loading flashcards...

Four Different Cloud Delivery Options

Private Cloud
-Usually means it's owned and operated by the same person.
Public Cloud
-Someone owns the cloud infrastructure and leases it out
Community Cloud
-Exclusive use by a specific community, generally one with common goals
Hybrid Cloud
-A combination of the types listed above


Type I vs. Type II Hypervisor

Type I Hypervisor, AKA bare metal
-Independent of the Operating System and boots before it
Type II Hypervisor, AKA hosted
-The VMware is dependent on the OS and cannot be booted up until the OS is ready. This is common in consumer-grade VMware.



Saving the state of the VM so you can revert it in case of system failure.
-This can also be used for VM cloning.


Patch Compatibility

You need to make sure before you roll a patch out to all your virtual machines that it's not gonna break them. Make sure to have a test machine readily available any time you want to make a significant change.


Host Availability/Elasticity

Not only is it important for Cloud hosts to have their infrastructure up and running 99.999% of the time, but they also need to be very flexible. A consumer needs to be able to scale up their environment as much as they need to. You should make it feel limitless for them.


Security Control Testing

Essentially penetration testing on the Virtual Machine. Throw everything you have at it so you can find its weaknesses and append/report them.



Running the applications in restricted memory store, limiting the possibility of app crash, which could let the client server hop and fuck someone else up.



Cloud computing is so damned cost efficient pretty much only because they run one giant machine that all of their clients use at the same time. If a security flaw can be found, a client could start accessing other peoples' information.

What you need to do is see if you can segregate your data, encrypt everything you have, keep an eye on the logs, and try to use a VPN if you can. YOU are responsible for your own data, whether someone else is hosting it or not.