Virtualizatrion Concepts

Question 1

Virtualization

Answer 1

host computer installed with a hypervisor that can be used to install and manage multiple guest operating systems or virtual machines. (VMs)

Question 2

Type 1 Hypervisor

Answer 2

Type I Hypervisor (Bare Metal)
Runs directly on the host hardware and functions as the
operating system.

Question 3

Type II Hypervisor

Answer 3

Runs within the normal operating system

Question 4

Virtualization

Answer 4

Ensure that each virtual machine runs its own copy of an operating
system

Question 5

Server-based (Terminal services)

Answer 5

Server-based solution that runs the application on servers
in a centralized location

Question 6

Client-based (Application streaming)

Answer 6

Client-based solution that allows an application to be
packaged up and streamed directly to a user’s PC

Question 7

Containerization

Answer 7

Type of virtualization applied by a host operating system to provision an
isolated execution environment for an application
● Docker
● Parallels Virtuozzo
● OpenVZ

Question 8

Containerization Vulnerabilities 1

Answer 8

When a physical server crashes, all the organizations hosted on that same server are affected

Question 9

Containerization Vulnerabilities 2

Answer 9

An organization’s failure to secure the virtual environments hosted on a shared
server poses a security risk for the other organizations

Question 10

How to minimize risk to physical servers from being overwhelmed?

Answer 10

Set up virtual servers in the cloud with proper failover, redundancy, and
elasticity

Question 11

What can be another vulnerability to VMs from attackers?

Answer 11

Hosting all VMs on the same type of hypervisor can also be exploited

Question 12

how to mitigate the risk associated with using the same type hypervisor?

Question 13

How should an organization minimize the risk of attack when using a single platform hypervisor?

Answer 13

The organization should utilize -
● Proper configurations
● Patched and up-to-date hypervisor
● Tight access control

Question 14

What is the purpose of hypervisors?

Answer 14

Manages the distribution of the physical resources of a server to the VMs
● Type I
o Bare metal
● Type II
o Hosted

Question 15

What is the purpose of Container Based Virtualization (Containerization)

Answer 15

▪ Each container relies on a common host OS as the base for each
container
▪ Container-based virtualization has less resources because it doesn’t
require its own copy of the OS for individual container

Question 16

Purpose for Hyperconverged Infrastructure?

Answer 16

Allows for the full integration of the storage, network, and servers
without hardware changes

Question 17

Purpose for Application Virtualization?

Answer 17

Encapsulates computer programs from the underlying OS on which they
are executed

Question 18

Purpose for Virtual Desktop Infrastructure (VDI)

Answer 18

Hosts desktop OSs within a virtualized environment hosted by a
centralized server or server farm

Question 19

Purpose for Sandbox?

Answer 19

An isolated environment for analyzing pieces of malware

Question 20

Purpose for Cross-Platform Virtualization?

Answer 20

Allows for the testing and running of software applications for different
operating systems
● Emulation - System imitation
● Virtualization - New “physical” machine

Question 21

Questions to ask when considering VM?

Answer 21

Should I virtualize?

Question 22

Questions ? Traditional VMs, or Containerization?

Answer 22

What are the risk vs rewards towards each decision.

Question 23

Hypervisor

Answer 23

Manages the distribution of the physical resources of a server to the VMs

Question 24

Type I Hypervisor

Answer 24

Bare metal

Question 25

Type II Hypervisor

Answer 25

Hosted

Question 26

Container-Based Virtualization (Containerization)

Answer 26

▪ Each container relies on a common host OS as the base for each container ▪ Container-based virtualization has less resources because it doesn’t require its own copy of the OS for individual container

Question 27

Hyperconverged Infrastructure

Answer 27

Allows for the full integration of the storage, network, and servers without hardware changes

Question 28

Application Virtualization

Answer 28

Encapsulates computer programs from the underlying OS on which they are executed

Question 29

Virtual Desktop Infrastructure (VDI)

Answer 29

Hosts desktop OSs within a virtualized environment hosted by a centralized server or server farm

Question 30

Sandbox

Answer 30

An isolated environment for analyzing pieces of malware

Question 31

Cross-Platform Virtualization

Answer 31

Allows for the testing and running of software applications for different operating systems ● Emulation - System imitation ● Virtualization - New “physical” machine

Question 32

Resource Requirements

Answer 32

Focus on four main areas - CPU and Virtualization Extensions, Storage, System Memory, and Networking.

Question 33

Resource Requirements - Second Level Address Translation (SLAT)

Answer 33

Improves the performance of virtual memory when running multiple virtual machines on a single physical host

Question 34

Resource Requirements - Second Level Address Translation (SLAT) - Intel

Answer 34

Extended Page Table (EPT)

Question 35

Resource Requirements - Second Level Address Translation (SLAT) - AMD

Answer 35

Rapid Virtualization Indexing (RVI)

Question 36

Resource Requirements - CPU - x86

Answer 36

32-bit processor 32-bit operating system can only access 4GB of RAM

Question 37

Resource Requirements - CPU - x64

Answer 37

16 exabytes of RAM 32-bit processor cannot run a 64-bit application

Question 38

Resource Requirements - CPU - ARM

Answer 38

Reduced instruction set and computer architecture in a computer processor

Question 39

Resource Requirements - System Memory

Answer 39

Amount of physical memory installed on a physical server Barebones Windows installation takes 20-50 gigabytes of space Linux installation takes 4-8 gigabytes of space Mac environment takes 20-40 gigabytes of space

Question 40

Resource Requirements - Networking - NIC teaming configuration allows multiple cards for higher speeds

Answer 40

CPU, processor, and capabilities System memory Networking Storage

Question 41

Security Requirements VM Escape

Answer 41

Threat attempts to get out of an isolated VM and send commands to the underlying hypervisor ▪ VM escape is easier to perform on a Type II hypervisor than a Type I hypervisor Verified always Patched Verify always Up to date

Question 42

Security Requirements VM Hopping

Answer 42

Threat attempts to move from one VM to another on the same host

Question 43

Security Requirements VM Hopping

Answer 43

VM to VM

Question 44

Security Requirements VM Escape

Answer 44

VM to hypervisor or host OS ▪ Up to date ▪ Patched ▪ Securely configured

Question 45

Security Requirements Sandbox

Answer 45

Separates running processes and programs to mitigate system failures or software vulnerabilities

Question 46

Security Requirements Sandbox Escape

Answer 46

Occurs when an attacker circumvents sandbox protections to gain access to the protected OS or other privileged processes o Patched o Up to date o Strong endpoint software protection o Limited extensions or add-ons

Question 47

Security Requirements Live Migration

Answer 47

Migrates the virtual machine from one host to another while it is running ▪ Ensure that live migration only occurs on a trusted network or utilizes encryption

Question 48

Security Requirements Data Remnants

Answer 48

Leftover pieces of data that may exist in the hard drive which are no longer needed ● Encrypt virtual machine storage location ● Destroy encryption key

Question 49

Security Requirements VM Sprawl

Answer 49

VM Sprawl

Question 50

NIC Teaming Configuration

Answer 50

Allows multiple cards for higher speeds

Question 51

Cloud Computing

Answer 51

The practice of using a network of remote servers hosted on the Internet

Question 52

Characteristics of the Cloud - High Availability

Answer 52

Services experience very little downtime when using the cloud ▪ Availability is the percentage of uptime versus downtime

Question 53

Characteristics of the Cloud - Scalability

Answer 53

Ability to increase the number of items in a system at a linear rate or less than a linear rate

Question 54

Characteristics of the Cloud - Vertical Scaling (Scaling Up)

Answer 54

Increasing the power of the existing resources in the working environment

Question 55

Characteristics of the Cloud - Horizontal Scaling (Scaling Out)

Answer 55

Adding additional resources to help handle the extra load being experienced

Question 56

Characteristics of the Cloud - Rapid Elasticity

Answer 56

The ability to quickly scale up or down ● Elasticity is the system’s ability to handle changes to demand in real time

Question 57

Characteristics of the Cloud - Metered Utilization

Answer 57

Being charged for a service on a pay per use basis. The benefit of using the cloud is that most things are done on a metered basis.

Question 58

Characteristics of the Cloud - Measured Services

Answer 58

▪ Charging is based upon the actual usage of the service being consumed ▪ Measured services are charged based on the actual usage of the service being consumed

Question 59

Characteristics of the Cloud - Shared Resources

Answer 59

The ability to minimize the costs by putting VMs on other servers. ▪ Shared resources is pooling together all the hardware to make a cloud provider.

Question 60

Characteristics of the Cloud - File Synchronization

Answer 60

The ability to store data that can spread to other places depending on the configuration.

Question 61

Cloud Deployment Models -Public Cloud

Answer 61

Systems and users interact with devices on public networks, such as the Internet and other clouds

Question 62

Cloud Deployment Models -Public Cloud

Answer 62

Systems and users interact with devices on public networks, such as the Internet and other clouds

Question 63

Cloud Deployment Models -Public Cloud

Answer 63

Systems and users interact with devices on public networks, such as the Internet and other clouds

Question 64

Cloud Deployment Models - Private Cloud

Answer 64

Systems and users that only have access with other devices inside the same private cloud or system

Question 65

Cloud Deployment Models - Hybrid Cloud

Answer 65

Combination of private and public clouds

Question 66

Cloud Deployment Models - Community Cloud

Answer 66

Collaborative effort where infrastructure is shared between several organizations from a specific community with common concerns

Question 67

Cloud Deployment Models - Multitenancy

Answer 67

The ability for customers to share computing resources in a public or private cloud

Question 68

Cloud Deployment Models - Single-Tenancy

Answer 68

Assigns a particular resource to a single organization

Question 69

Cloud Service Models - On-Premise Solution

Answer 69

▪ The need to procure hardware, software, and personnel necessary to run the organization’s cloud ▪ On-premise solution allows the ability to control all the physical and logical access to servers

Question 70

Cloud Service Models - Hosted Solution

Answer 70

Third-party service provider that provides all the hardware and facilities needed to maintain a cloud solution

Question 71

Cloud Service Models

Answer 71

On-Premise, SaaS, PaaS, IaaS

Question 72

On- Premise Cloud Model

Answer 72

On-premise software is installed locally, on your business' computers and servers, where cloud software is hosted on the vendor's server and accessed via a web browser.

Question 73

SaaS Cloud Model

Answer 73

Software as a Service - Software as a Service (SaaS) is a method for delivering software applications over the Internet, on demand and typically on a subscription basis. With SaaS, Cloud Service Providers (CSPs) host and manage the application software and underlying infrastructure, and handle any maintenance, like software upgrades and security patching. Users connect to the application over the Internet, usually by a web browser on their phone, tablet, or PC.

Question 74

PaaS Cloud Model

Answer 74

Platform as a Service - a cloud computing services that supply an on-demand environment for developing, testing, delivering, and managing software applications. PaaS is designed to make it easier for developers to quickly create applications (e.g., web, mobile apps), without worrying about setting up or managing the underlying infrastructure of servers, storage, network, and databases needed for development.

Question 75

IaaS Cloud Model

Answer 75

Infrastructure as a Service - The most basic category of commercial cloud computing services. With Infrastructure as a Service (IaaS), you rent IT infrastructure - servers and virtual machines (VMs), storage, networks, operating systems - from a cloud provider. IaaS is an instant computing infrastructure, provisioned and managed over the Internet. Quickly scale up and down with demand, and pay only for what you use. IaaS helps you avoid the expense and complexity of buying and managing your own physical servers and other datacenter infrastructure. Each resource is offered as a separate commercial service component, and you only need to rent a particular one for as long as you need it. The cloud computing service provider manages the infrastructure, while you purchase, install, configure, and manage your own software - operating systems, middleware, and applications.

Question 76

Virtual Desktop Infrastructure (VDI) -Virtual Desktop Infrastructure (VDI)

Answer 76

Hosts desktop OSs within a virtualized environment hosted by a centralized server or server farm

Question 77

Virtual Desktop Infrastructure (VDI) - Server

Answer 77

Performs all the application processing and data storage

Question 78

Virtual Desktop Infrastructure (VDI) - Centralized Model

Answer 78

Hosts all the desktop instances on a single server or server farm

Question 79

Virtual Desktop Infrastructure (VDI) - Hosted Model/ Desktop as a Service (DAAS)

Answer 79

Maintained by a service provider and provided to the end user as a service

Question 80

Virtual Desktop Infrastructure (VDI) - Remote Virtual Desktop Model

Answer 80

Copies the desktop image to a local machine prior to being used by the end user

Question 81

Cloud Storage Services - Cloud Storage Application

Answer 81

Amount of space on a cloud-based server as file storage

Question 82

Cloud Storage Services - File Synchronization

Answer 82

The ability to synchronize from different devices using a single account

Question 83

Cloud Storage Services - Content Delivery Network (CDN)

Answer 83

Network of servers that locates the nearest server to minimize delay or download time

Question 84

Software Defined Network (SDN)- Software

Answer 84

Software-Defined Networking (SDN) ▪ Enables the network to be intelligently and centrally controlled, or programmed, using software applications ● Can be changed automatically by the network itself using automation and orchestration

Question 85

● Software Defined Network (SDN) - Application Layer

Answer 85

Focuses on the communication resource requests or information about the network as a whole

Question 86

Software Defined Network (SDN) - Control Layer

Answer 86

Uses the information from the applications and decides how to route a data packet on the network

Question 87

Software Defined Network (SDN) - Infrastructure Layer

Answer 87

Contains the network devices that receive information about where to move the data

Question 88

Software Defined Network (SDN) - Management Plane

Answer 88

Used to monitor traffic conditions and the status of the network ● Provides a layer of abstraction between the devices and the control and data flow that happen on the network