Domain 8 - Virtualisation and Containers Flashcards Preview

CCSK v4 flashcards > Domain 8 - Virtualisation and Containers > Flashcards

Flashcards in Domain 8 - Virtualisation and Containers Deck (13)
Loading flashcards...

________ is the core technology for enabling
cloud computing. It is the technology
used to convert fixed infrastructure into these pooled resources.It provides the abstraction needed for resource pools, which are then managed using orchestration.



Virtualisation adds 2 new layers of security controls

- Security of the virtualisation technology itself (e.g. securing hypervisor)
- Security control for the virtual assets


True/False: The cloud
provider will always be responsible for securing the physical infrastructure and the virtualization
platform itself. Meanwhile, the cloud customer is responsible for properly implementing the
available virtualized security controls and understanding the underlying risks, based on what is
implemented and managed by the cloud provider.



True/False: Compute virtualization abstracts the running of code (including operating systems) from the
underlying hardware. Instead of running directly on the hardware, the code runs on top of an
abstraction layer that enables more flexible usage, such as running multiple operating systems on
the same hardware (virtual machines). T



2 Cloud Provider responsibilities in Compute Virtualisation

- Enforce Isolation
- Securing virtualisation infrastructure


True/False: The primary responsibility of the cloud user in Compute Virtualisation is to properly implement the security of whatever it deploys within the virtualized environment



Cloud User Security Controls in Managing Compute Virtualisation

- Security settings such as identity management to the virtual resources
- Monitoring and logging
- Image Asset management
- Use of dedicated hosting
- Standard security of the workload
- Deployment of secure configurations


2 General Compute Security concerns

- Virtualised resources tend to be more ephemeral and change a rapid space

- Host Level monitoring/logging may not be available


True/False: The cloud provider is primarily responsible for building a secure network infrastructure and
configuring it properly. The absolute top security priority is segregation and isolation of network
traffic to prevent tenants from viewing another’s traffic. This is the most foundational security
control for any multitenant network.



True/False: Cloud users are primarily responsible for properly configuring their deployment of the virtual
network, especially any virtual firewalls.



True/False: The cloud user is, again, responsible for proper rights management and configuration of exposed
controls in the management plane. When virtual firewalls and/or monitoring don’t meet security
needs, the consumer may need to compensate with a virtual security appliance or host security



___________ are a special kind of WAN virtualization technology for created networks
that span multiple “base” networks. For example, an overlay network could span physical and
cloud locations or multiple cloud networks, perhaps even on different providers.

Cloud overlay networks


3 Components of Software container

- The execution environment
- An orchestration and scheduling controller
- A repository for the container images or code to execute