SEC+ Chapter 6 Flashcards
(42 cards)
What are Cloud Deployment Models?
They classify how cloud services are owned and provisioned, impacting threats and vulnerabilities. The main types are Public (Multi-Tenant) Cloud, Hosted Private Cloud, Private Cloud, Community Cloud, and Hybrid Cloud.
What is a Public (Multi-Tenant) Cloud?
Offered over the Internet by Cloud Service Providers (CSPs) to multiple consumers. Characteristics include subscription or pay-as-you-go models and shared resources. Risks include performance issues and security vulnerabilities. Multi-Cloud involves using services from multiple CSPs for flexibility and redundancy.
What is a Hosted Private Cloud?
A cloud environment hosted by a third party exclusively for one organization. It offers enhanced security and performance but comes with higher costs.
Define Private Cloud.
A completely private infrastructure owned by the organization, providing greater control over privacy and security. Use cases include banking and governmental services requiring strict access control. Deployment can be on-premises or off-site.
What is a Community Cloud?
Shared by several organizations with common concerns, pooling resources for standardization and security policies.
Describe a Hybrid Cloud.
Combines public and private (or other) cloud infrastructures, offering flexibility, scalability, and cost savings. Use cases include switching between private and public clouds based on demand. Challenges involve data risk when moving between environments and maintaining consistent security policies.
What is Single-Tenant Architecture in cloud security?
Dedicated infrastructure for a single customer, offering the highest security and complete control but at a higher cost with customer-managed security.
What is Multi-Tenant Architecture in cloud security?
Shared infrastructure among multiple customers, making it cost-effective but increasing the risk of unauthorized access or data leakage.
What defines Hybrid Architecture in cloud security?
Combines public and private clouds, offering flexibility and control over sensitive data but posing challenges in managing multiple environments and maintaining consistent security policies.
What is Serverless Architecture?
The cloud provider manages the infrastructure and automatically scales resources. Advantages include enhanced security managed by the provider, while customers are responsible for securing access to applications and data.
What are the advantages of Hybrid Cloud?
Flexibility and scalability by utilizing public cloud resources when needed, cost savings by optimizing resource usage based on demand, and data redundancy by replicating data across on-premises and cloud environments.
What are the challenges of Hybrid Cloud?
Security management for consistent policies across environments, ensuring compliance with regulatory requirements, mitigating vendor lock-in with multi-cloud strategies, and addressing network latency issues due to data transfers between environments.
What are the Cloud Service Models (XaaS)?
Differentiates based on complexity and pre-configuration. The main types are Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
What is Software as a Service (SaaS)?
Access software applications hosted by CSPs on a subscription basis. Examples include Microsoft Office 365, Salesforce, and Google G Suite. Advantages include quick provisioning and no need for local installations. CSP manages infrastructure security, while users manage application-level security.
What is Platform as a Service (PaaS)?
Provides infrastructure plus a platform for developing and deploying applications. Examples include Oracle Database, Microsoft Azure SQL Database, and Google App Engine. Advantages include simplified development and scalable resources. Shared responsibility model where CSP manages platform security and users secure their applications.
What is Infrastructure as a Service (IaaS)?
Provides virtualized computing resources over the Internet. Examples include Amazon EC2, Microsoft Azure Virtual Machines, Oracle Cloud, and OpenStack. Advantages include high flexibility and scalable infrastructure. CSP manages physical infrastructure, while users manage OS, applications, and data security.
What are Third-Party Vendors in Cloud Computing?
External entities providing cloud services (IaaS, PaaS, SaaS). Considerations include vendor selection based on security practices and compliance, contract negotiation to define SLAs and responsibilities, service performance reliability, compliance with regulations, mitigating vendor lock-in through multi-cloud or hybrid strategies, and ensuring data portability and interoperability.
What is the Shared Responsibility Model in cloud security?
Division of security responsibilities between the Cloud Service Provider (CSP) and the customer. CSP handles physical security, infrastructure security, data center backup and recovery, resource isolation, infrastructure monitoring, and incident response. Customers are responsible for user identity management, configuring data storage locations, access controls, data and application security configurations, securing operating systems, managing encryption and key protection.
What is the difference between Centralized and Decentralized Computing?
Centralized Computing: All data processing and storage in a single location (e.g., mainframes, client-server models). Advantages include strict control and centralized management. Disadvantages include a single point of failure and scalability limitations.
Decentralized Computing: Data processing and storage distributed across multiple locations or devices. Advantages include improved fault tolerance, scalability, and flexibility. Examples include Blockchain, Peer-to-Peer (P2P) Networks, Content Delivery Networks (CDNs), Internet of Things (IoT), Distributed Databases, and TOR (The Onion Router).
What are Resilient Architecture Concepts in cloud services?
Cloud services designed to withstand and recover from failures at various levels. Key features include a virtualization layer for resource pooling and redundancy, data replication across multiple servers/datacenters, and High Availability (HA) guaranteeing 99.99% uptime using redundant hardware and failover mechanisms.
What are the types of Data Replication in cloud architectures?
Local Replication: Within a single datacenter, protecting against localized failures.
Regional Replication (Zone-Redundant Storage): Across multiple datacenters within a region, protecting against datacenter outages.
Geo-Redundant Storage (GRS): Across multiple regions, protecting against regional disasters.
What are the best practices for Resilient Architecture in cloud services?
Implement redundancy by ensuring multiple copies of data and resources, use automated failover to quickly switch to backup systems in case of failure, and regularly test disaster recovery (DR) plans to ensure effectiveness.
What is Application Virtualization?
Runs applications hosted on a server or streamed to clients without full desktop virtualization. Examples include Citrix XenApp, Microsoft App-V, and VMware ThinApp. Advantages include simplified application deployment and reduced client-side management. Use cases include remote access to applications via web browsers (clientless solutions).
What is Container Virtualization?
Isolates applications at the OS level using containers instead of full virtual machines. Key features include resource separation (allocating CPU and memory to containers) and a shared OS kernel for isolated processes. Examples include Docker and Kubernetes. Advantages are lightweight and efficient support for microservices and serverless architectures. Risks involve integration issues and complexity in managing distributed containers. Best practices include using Infrastructure as Code (IaC) and implementing security best practices like isolating containers and managing secrets securely.
