10 - Cloud and Virtualization Security Flashcards
Summarize virtualization and cloud computing concepts; and, given a scenario, apply cybersecurity solutions to cloud-based systems & networks
Kevin discovered that his web service was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin’s actions?
Vertical Scaling
Fran’s Organization uses Type 1 hypervisor to implement an IaaS offering that is sells to customers. What security control doesn’t apply to this environment?
A provider maintaining security patches on the host operating system
In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls?
Software as a Service (SaaS)
Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?
The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) -or- CSA CCM
Wanda is responsible for some seismic sensors placed at remote locations. The sensors have low-bandwidth connections and she would like to place computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this computing approach?
Edge Computing
True or False: Cloud computing customers provision resources through the service provider’s sales team.
False
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in Amazon Web Service (AWS) and her customers access it through the web. What tier of cloud computing best describes Helen’s service?
Software as a Service (SaaS)
Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers?
Hybrid Cloud
What would commonly be available as an IaaS service offering?
Storage, Networking, and Computing
What is NOT an example of infrastructure as code?
- JSON (Java)
- Code interacting with a cloud provider’s API
- Using a provider’s web to provision resources
- YAML
Using a cloud provider’s web interface to provision resources is NOT IaC.
Brian is selecting a CASB for his org and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is the most appropriate for his needs?
API-Based CASB
In what categories are customers typically charged ($$) based on the number of virtual server instances dedicated to their use?
IaaS and PaaS
Brian would like to limit the ability of users inside his org to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?
Resource Policy
Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal?
Transit Gateway
What component of a virtualization platform is primarily responsible for preventing Virtual Machine (VM) escape attacks?
Hypervisor
