Module 17 - Cloud security Flashcards
(114 cards)
1
Q
Which component enables running multiple independent operating systems on a single physical system?
A
A hypervisor
2
Q
Which virtualization method involves the guest OS running directly on hardware under host system control?
A
Hardware virtualization/ Type I hypervisor
3
Q
What must be done to the operating systems running in virtual machines for security?
A
They must be patches
3
Q
Which type of hypervisor allows the guest OS to run directly on physical hardware?
A
Type I hypervisor
3
Q
What specialized software helps manage multiple containers at scale?
A
Kubernetes
4
Q
Which type of hypervisor is associated with hosted virtualization?
A
Type II hypervisor
4
Q
Which virtualization method runs as an application on the host OS to create virtual machines?
A
Hosted virtualization / Type II
5
Q
What platform uses OS-level virtualization to deliver software in containers?
A
Docker
5
Q
Which virtualization technology stores user desktop environments remotely and uses thin clients?
A
VDI (Virtual desktop Infrastructure)
6
Q
What risk arises when a virtual machine escapes and interacts with the host OS?
A
VM Escape
7
Q
A
7
Q
What is the term for an overgrowth of underutilized virtual machines wasting resources?
A
VM Sprawls
7
Q
Which technology allows access to computing, storage, software, and servers through the Internet?
A
Cloud based technology
8
Q
Which cloud service model provides access to application software and databases over the Internet?
A
Saas (Software as a service)
8
Q
Which cloud model allows users to store data on a cloud provider’s servers while the provider manages infrastructure?
A
Saas (Software as a service)
8
Q
Which service model provides remote access to development tools and services on a subscription basis?
A
Paas (Platform as a service)
8
Q
Which model allows organizations to build and deploy applications without managing the underlying infrastructure?
A
Paas (platform as a service)
9
Q
Which cloud service model offers virtualized computing resources over the Internet?
A
Iaas (Infrastructure as a service)
9
Q
Which model hosts hardware, software, servers, and storage components for users on a subscription basis?
A
Iaas (Infrastructure as a service)
9
Q
Which type of cloud is hosted on a private platform and gives an organization more control over its data?
A
Private cloud
9
Q
What is a disadvantage of private cloud computing compared to other models?
A
High costs
9
Q
Which cloud type is hosted offsite by a service provider and accessed for a usage fee?
A
Public cloud
9
Q
Which cloud model combines public and private elements for more control and flexibility?
A
Hybrid cloud
9
Q
What type of cloud involves collaboration between multiple organizations using a shared platform?
A
Community cloud
9
Which cloud model is often used by industries like healthcare or energy?
Community cloud
9
Which computing method distributes processing between the device and the cloud data center?
Fog computing
9
Which form of computing is used when milliseconds of latency matter, such as in autonomous vehicles and airlines?
Fog computing
10
In fog computing, where is data processed before reaching the cloud?
On an IoT gateway or fog node within the LAN
10
Which type of computing processes data directly on the device or sensor, without cloud transfer?
Edge computing
10
What is the key difference between fog and edge computing?
Fog computing processes data on a fog node while edge computing processes data on the device itself
10
What has led to the rise of fog and edge computing?
Growth of IoT devices
10
Which organization developed the Security Guidance for Critical Areas of Focus in Cloud Computing v4?
CSA (Cloud Security Alliance)
10
Which domain addresses cloud computing's impact on governance, risk, and security management areas?
Governance and enterprise risk management
10
Which domain ensures that the use of data aligns with organizational strategy, standards, and regulatory needs?
Information governance
10
The protocols and resources used to manage cloud environments are labelled as?
A management plane
10
Which domain outlines how to manage and respond to incidents in cloud environments?
Incident response
10
In cloud security responsibilities:
IaaS: I manage everything except the __________ I am renting.
PaaS: I manage the __________ and __________, the CSP manages the __________ __________, and everything else is __________.
SaaS: I manage the __________, we both manage __________ and __________, and everything else is managed by the __________.
I manage everything except the (Physical infrastructure) I am renting.
I manage the (data) and (endpoints), the CSP manages the (physical infrastructure), (operating system), and everything else is (shared)
I manage the (data), we both manage (endpoints) and (accounts), and everything else is managed by the (CSP).
10
In cloud security responsibilities:
IaaS: I manage everything except the __________ I am renting.
physical hardware
10
In cloud security responsibilities:
PaaS: I manage the __________ and __________, the CSP manages the __________ __________, and everything else is __________.
endpoints, data............physical infrastructure, operating system...........shared
10
In cloud security responsibilities:
SaaS: I manage the __________, we both manage __________ and __________, and everything else is managed by the __________.
data.......accounts and endpoints.........CSP
10
What domain describes cloud-specific aspects of compute, storage, and network security?
Infrastructure security
10
What forms the foundation of virtualized cloud resources like compute and storage?
Cloud infrastructure
10
What are the two major layers of cloud infrastructure?
Physical/logical infrastructure and virtual infrastructure
10
What are virtual appliances and software agents used for in cloud security?
To secure virtual virtual environments
11
What risks do virtual appliances and software agents introduce in cloud infrastructure?
Resource bottlenecks and processor overloading
11
What network architecture enables flexible, software-based security control in the cloud?
SDN (Software Defined Networking)
11
Who is responsible for securing the physical infrastructure in cloud computing?
The CSP (Cloud Service Provider)
11
In IaaS, who manages the operating system and applications?
The client
11
In PaaS, who manages the application layer?
Its shared between the User and CSP
11
In SaaS, who handles operating system and application security?
The CSP
11
In which service model does the client retain full control over all layers?
On-premise
11
Which two components are always the client’s responsibility in all cloud models?
Data and endpoints
11
What are the four cloud layers that can be secured using a layered approach?
Hardware, Infrastructure, platform, application
11
What allocates private subnets logically isolated from the internet?
VPC (Virtual Private Cloud)
11
What is used to monitor traffic across network interfaces in the cloud?
Flow logs
11
What service manages credentials, authentication, and authorization in the cloud?
IAM (Identity Access Management)
11
Which method is designed to detect accidental data corruption by producing a short, simple value?
A checksum
11
Which method provides a fixed-length, irreversible output used for verifying authenticity or integrity?
A hash function
11
What is the name of the value produced by a checksum algorithm?
A checksum
11
What environment is used for building, testing, and debugging code before deployment?
A development environment
11
Why is the development environment considered less secure than the live environment?
It is more permissive to support code testing and debugging
11
What tool tracks and manages software code changes during development?
Version control software
11
What isolated environment allows developers to test without overwriting live code?
A sandbox environment
11
What process identifies how code interacts with its environment and helps catch defects early?
Testing phase
11
What role does Quality Assurance (QA) play in software testing?
It finds defects so they can be fixed before production
12
What environment should closely match the production environment to verify application behavior and security?
A staging environment
13
What term describes creating or updating software within an organization?
Provisioning
14
What tool can automate both provisioning and deprovisioning processes?
A self service portal
14
What coding technique hides or disguises the internal logic of software to prevent reverse engineering?
Obfuscation
14
What term refers to the removal or deactivation of software when it's no longer needed?
Deprovisioning
15
A precompiled group of SQL statements that accept input parameters and reduce network traffic
A stored procedure
16
What technique converts an input string to a standard form for security and data consistency?
Normalization
16
Why is normalization used in application security?
To identify malicious inputs
16
Why is input validation critical in application development?
To maintain database integrity
17
What method replaces real data with fake but realistic values to mask sensitive information?
Camouflage
18
What do SDKs and third-party libraries provide to developers?
Reusable code
19
What practice involves using pre-existing software to build new applications efficiently?
Code reuse
20
What are the three primary states in which data can exist?
Data at rest, data in transit, data in process
21
What is the scientific field focused on creating and breaking secret codes?
Cryptography
21
Which state describes data stored but not actively accessed or modified?
Data at rest
22
Which data state involves movement across systems or networks?
Data in transit
23
Which state describes data during computation or active use?
data in process
23
Which two technologies are essential for protecting data in transit, especially in the cloud?
Cryptography and hashing
24
What is plaintext?
Readable form of data before encryption
24
What is ciphertext?
Scrambled, unreadable version of encrypted data
25
What does decryption do in an encryption system?
Converts ciphertext into plaintext
26
What critical component is needed to perform encryption and decryption?
A cryptographic key
27
What is symmetric encryption also known as?
Private key encryption
28
What are the fixed block size and possible key sizes for AES?
128, 192 or 256 bit key sizes
28
What is the name of the U.S. government-approved symmetric encryption algorithm?
AES (Advanced encryption standard)
28
Which encryption method uses the same key for both encryption and decryption?
Symmetric/Private key encryption
29
What kind of keys does asymmetric encryption use?
One for encryption and another for decryption
29
Which algorithms are examples of asymmetric encryption?
RSA and ECC (elliptic curve cryptography)
30
What is the main purpose of hashing in cybersecurity?
Ensuring data integrity and verifying that data has not been altered
31
What is the output of a hash function called?
A hash value
32
What is a key difference between encryption and hashing?
Encryption is reversible with a key and hashing is not reversible
32
What type of function is a hash function in terms of directionality?
One way function (unreversible)
33
Which organization developed the SHA algorithm?
NIST (National institute of standards and technology)
34
What is the full name of SHA as a standard?
Secure hash standard
35
What are the four hash functions included in the SHA-2 family?
SHA 224, 256, 384, 512
35
Which outdated hashing algorithm is no longer considered secure?
MD5 (Message digest 5)
36
What must be done to VMs regularly, just like physical machines, to keep them secure?
Regularly patching and updating
36
What network planning measure limits external exposure of VM instances?
Careful subnet placement
36
What security principle ensures users only have access necessary for their role?
Least privilege
37
Which validation type checks the number of characters in a data field?
size
37
What do we call The unmanaged proliferation of virtual machines within an organization?
VM sprawl
37
Which validation criterion ensures that codes in related data items follow logical relationships?
consistency
38
Which validation type confirms that data matches a specific structure or template?
format
38
Which validation method checks whether a numeric value falls between a defined minimum and maximum?
range
39
What cryptographic method compares data to a known value to ensure its integrity?
Hash function
40
Which hash algorithms are commonly used to verify file integrity? (4)
MD5, SHA-1, SHA-256, SHA-512
41
What is the purpose of version control in protecting data integrity?
Prevents simultaneous changes by multiple users
42
What is the purpose of code signing in software security?
To prove a programs authenticity
43
What does a digital signature attached to executable software ensure?
The software is from a verified author
