Cloud Sec Flashcards
(73 cards)
1
Q
CNCF
A
Cloud Native Computing Foundation
2
Q
CNCF defines 3 properties of cloud native technologies. What are they?
A
- Container Packaged
- Dynamically Managed
- Microserviced.
3
Q
Hypervisor
A
Allows multiple, virtual OS to run concurrently on a single physical host computer.
4
Q
Native
A
aka Type 1
Hypervisor runs directly on the host computer’s hardware.
5
Q
Hosted
A
Type 2
Hypervisor that runs within an Operating System environment.
6
Q
What is the foundation of cloud computing?
A
Virtualization
7
Q
What is a hypervisor?
A
Allows multiple, virtual guest OS to run concurrently on a single physical host computer.
8
Q
Where does the Hypervisor function?
A
Between the computer OS and the hardware kernal.
9
Q
What are dormant VMs and why are they a problem?
A
inactive VMs are routinely (often automatically) shut down when they are not in use.
If this goes on for awhile, they could miss vital updates.
10
Q
What is a container?
A
A package of software that allows application to run independently within a host operating system
11
Q
What is the most common open-source orchestration platform for containers?
A
Kubernetes
12
Q
What does Kubernetes do?
A
Provides an API that enables developers to define container infrastructure in a declarative fashion. IaC
13
Q
CaaS
A
Containers as a Service
manages the underlying compute, storage, and network hardware by default for highly optimaized container workloads.
14
Q
Difference between Hypervisors and Docker Containers
A
Hypervisors - abstract hardware and allow you to run OS
Containers abstract the OS and allow you the run applications.
15
Q
Micro-VMs
A
Scaled-down, lightweight VMs that run on hypervisor software.
Contain only the Linux OS kernel features necessary to run a container
16
Q
Name of AWS Compute service?
A
EC2
17
Q
Name of AWS Object Storage service?
A
S3
18
Q
Name of AWS Database service?
A
RDS
19
Q
Name of AWS Networking Service?
A
Direct Connect
20
Q
Name of Azure Compute service?
A
Azure VM
21
Q
Name of Azure Object Storage service?
A
Blob storage
22
Q
Name of Azure Database service?
A
SQL Database
23
Q
Name of Azure Networking Service?
A
Virtual Network
24
Q
Name of GCP Computer service?
A
Compute Engine
25
Name of GCP Object Storage service?
Cloud Storage
26
Name of GCP Database service?
Cloud SQL
27
Name of GCP Networking service?
Cloud Interconnect
28
FaaS
Function as a Service
Serverless architectures
Enable orgs to build and deploy software and services without maintain or provision any physical or virtual servers.
29
Major Benefits of using Serverless Computing and FaaS?
Focus on Core Product Functionality
Not Responsible for Security Patches
Secure Data Center, Network, and Servers
30
How does a serverless model impact application development?
1. Reduced Operational Overhead
2. Increased Agility
3. Reduced Costs
31
Issues with Serverless Architecture?
1. Increased Attack Surface
2. Attack Surface Complexity
3. Overall System Complexity
4. Inadequate Security Testing
5. Traditional Security Protections
32
Common Scanning Tools
DAST
SAST
IAST
33
DAST
Dynamic Application Security Testing
- Tests coverage for HTTP interfaces
34
SAST
Static Application Security Testing
Rely on data-flow analysis, control flow, and semantic analysis
35
IAST
Interactive Application Security Testing
Better odds of success, but require the tester to deploy an instrumentation agent on the local machine.
36
What allows multiple, virtual operating systems to run concurrently on a single physical host computer?
Hypervisors
37
In which model do applications rely on managed services that abstract away the need to manage, patch, and secure infrastructure and virtual machines?
Serverless
38
What are scaled-down, lightweight virtual machines that run on hypervisor software and contain only the Linux operating system kernel features necessary to run a container?
Micro-Vms
39
What are the primary benefits of organizations moving to a serverless computing model? (Choose three.)
Reduced Operational Overhead
Reduced Costs
Increased Agility
40
Which type of hypervisor is hosted and runs within an operating system environment?
Type 2
41
Which security consideration is associated with inadvertently missed anti-malware and security patch updates to virtual machines?
Dormant VMs
42
What are the three properties of cloud native technologies according to the Cloud Native Computing Foundation’s charter? (Choose three.)
Container Packaged
Dynamically Managed
Microserviced
43
What do containers abstract that hypervisors do not?
Operating Systems
44
In serverless applications, developers only have to upload which of the following?
App Package
45
Benefits of Cloud Computing
1. Segmented Administration
2. Scalability
3. Reduced Captial and OPertional Expenses
4. Ability to Share IP address to Username Mapping
46
IAM
Identity and Access Management
Framework of business processes, policies, and technologies that facilitates the management of electronic or digital identities
47
Technical Debt
is a software development concept, which also has been applied more generally to IT, in which additional future costs are anticipated for rework due to an earlier decision or course of action that was necessary for agility but was not necessarily the most optimal or appropriate decision or course of action.
48
RBAC
Role-based access control (RBAC) is a method of restricting network and resource access based on the roles of individual users within an enterprise.
49
Shift-left
seeks to move security activities from the end of the workflow to activities that are earlier in the development process. This can improve security impacts and lower costs by finding issues earlier in the CI/CD process.
50
SaaS
Software as a Service
Customers are provided access to an application, such as Google Docs, running on a cloud infrastructure and the application is accessible from internet-connected client devices.
51
What is the customer responsible for in a SaaS environment?
The customer is responsible for securing user-specific data created using the SaaS application.
52
PaaS
Platform as a Service (PaaS)
Using PaaS, customers can deploy supported applications onto the Cloud Service provider’s (CSP) infrastructure without the burden of fully managing and controlling the underlying cloud infrastructure.
53
What is the customer responsible for in a PaaS Environment?
The customer is responsible for securely storing data and for securely configuring the application.
54
IaaS
Infrastructure as a Service (IaaS)
Using IaaS, customers securely configure, manage, and deploy the virtual environment running their applications.
55
What are customer's responsible for in an IaaS environment?
Customers are responsible for securing their virtual machines, the virtual machine operating systems, operating system runtime environments, application software, and application data.
56
What are the cloud deployment models?
Public
Private
Hybrid
Community
57
Multi-Tenancy Cloud Environments
In multi-tenancy (multiple customers of a cloud vendor are using the same computing resources) cloud environments, particularly in SaaS models, the customer controls and resources are limited by the cloud provider.
58
What is a Dynamic Environment?
In a dynamic environment, pools of computing resources are available to support application workloads that can be accessed anywhere, anytime, from any device.
59
Bolted-on feature sets
are used to describe products and systems that can be quickly but securely attached to an existing operating system or website.
60
Contiguous ports
Contiguous ports permit or deny firewall traffic through sequential ports in order, such as TCP ports 20-25.
61
bursty demand load
A bursty demand load is a configuration set up between a private cloud and a public cloud to handle peaks in IT demand. When a private cloud configuration reaches 100 percent of its resource capacity, the overflow traffic is directed to a public cloud so there’s no interruption of services
62
form factor
A form factor is an aspect of design that defines and prescribes the size, shape, and other physical specifications of hardware components.
63
Security in a hybrid cloud evolves incrementally in four phases.
What are the 4 phases?
Phase 1: Consolidating Servers Within Trust Levels
Phase 2: Consolidating Servers Across Trust Levels
Phase 3: Selective Network Security Virtualization
Phase 4: Dynamic Computing Fabric
64
In which three cloud computing service models does a provider secure the physical computers running the virtual environment? (Choose three.)
IaaS
PaaS
SaaS
65
Which cloud infrastructure comprises two or more cloud deployment models, bound by standardized or proprietary technology that enables data and application portability?
Hybrid
66
What is the purpose of the shared responsibility model?
Defines who is responsible for what, related to security, in the public cloud
67
Organizations are using which resource to expand their on-premises private cloud compute capacity?
Public Cloud
68
Which value can be achieved by the ability to pool resources in cloud computing?
economies of scale and agility
69
Which cloud solution is hosted in-house and usually is supported by a third party?
on prem
70
Which software development concept that also has been applied more generally to IT says that additional future costs for rework are anticipated due to an earlier decision or course of action that was necessary for agility but was not necessarily the most optimal or appropriate decision or course of action?
technical debt
71
In which cloud service model are customers responsible for securing their virtual machines and the virtual machine operating systems, and for operating system runtime environments, application software, and application data?
IaaS
72
Which phased approach of hybrid cloud security requires networking and security solutions that not only can be virtualized but also are virtualization-aware and can dynamically adjust as necessary to address communication and protection requirements, respectively?
dynamic computer fabric
73
