10 - Cloud and Virtualization Security Flashcards
Summarize virtualization and cloud computing concepts; and, given a scenario, apply cybersecurity solutions to cloud-based systems & networks
Kevin discovered that his web service was being overwhelmed by traffic, causing a CPU bottleneck. Using the interface offered by his cloud service provider, he added another CPU to the server. What term best describes Kevin’s actions?
Vertical Scaling
Fran’s Organization uses Type 1 hypervisor to implement an IaaS offering that is sells to customers. What security control doesn’t apply to this environment?
A provider maintaining security patches on the host operating system
In what cloud security model does the cloud service provider bear the most responsibility for implementing security controls?
Software as a Service (SaaS)
Greg would like to find a reference document that describes how to map cloud security controls to different regulatory standards. What document would best assist with this task?
The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) -or- CSA CCM
Wanda is responsible for some seismic sensors placed at remote locations. The sensors have low-bandwidth connections and she would like to place computing power on the sensors to allow them to preprocess data before it is sent back to the cloud. What term best describes this computing approach?
Edge Computing
True or False: Cloud computing customers provision resources through the service provider’s sales team.
False
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in Amazon Web Service (AWS) and her customers access it through the web. What tier of cloud computing best describes Helen’s service?
Software as a Service (SaaS)
Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers?
Hybrid Cloud
What would commonly be available as an IaaS service offering?
Storage, Networking, and Computing
What is NOT an example of infrastructure as code?
- JSON (Java)
- Code interacting with a cloud provider’s API
- Using a provider’s web to provision resources
- YAML
Using a cloud provider’s web interface to provision resources is NOT IaC.
Brian is selecting a CASB for his org and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is the most appropriate for his needs?
API-Based CASB
In what categories are customers typically charged ($$) based on the number of virtual server instances dedicated to their use?
IaaS and PaaS
Brian would like to limit the ability of users inside his org to provision expensive cloud server instances without permission. What type of control would best help him achieve this goal?
Resource Policy
Ursula would like to link the networks in her on-premises datacenter with cloud VPCs in a secure manner. What technology would help her best achieve this goal?
Transit Gateway
What component of a virtualization platform is primarily responsible for preventing Virtual Machine (VM) escape attacks?
Hypervisor
Ryan is selecting a new security control for his org. He would like to use it in their multi-cloud environment, and would like to minimize the admin work required from his fellow technologists. What approach would best meet his needs?
Third-Party Control
Kira would like to implement a security control that can restrict access across all of the SaaS solutions used by her org. What control would best meet her needs?
Cloud Access Security Brokers (CASB)
Howard is assessing the legal risks to his org based on its handling of PII. The org that is based in the U.S., handles the data of customers located in Europe, and stores info in Japanese datacenters. What law(s) would be most important to Howard during his assessment?
U.S. Law, Japanese Law, and European Law
Brenda’s company provides a managed incident response service to its customers. What term best describes this type of service offering
Managed Security Service Provider (MSSP)
Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his org. What model of cloud computing is this?
Public Cloud
