10. Cloud and Virtualization Security Flashcards
1
Q
What domain covers threats, vulnerabilities, and mitigations in the CompTIA Security+ exam?
A
Domain 2.0
This domain includes various types of vulnerabilities and their implications.
2
Q
What are two types of vulnerabilities mentioned in Domain 2.3?
A
Virtualization (VM escape, Resource reuse) and Cloud-specific
These vulnerabilities present unique challenges in security.
3
Q
What domain focuses on security architecture in the CompTIA Security+ exam?
A
Domain 3.0
This domain includes concepts related to different architecture models.
4
Q
Name two architecture concepts compared in Domain 3.1.
A
- Cloud
- Infrastructure as code (IaC)
Other concepts may include Serverless, Microservices, and Containerization.
5
Q
What is a key general data consideration mentioned in Domain 3.3?
A
Data sovereignty
This pertains to the legal and regulatory considerations surrounding data storage and processing.
6
Q
What domain addresses security operations in the CompTIA Security+ exam?
A
Domain 4.0
This domain includes applying common security techniques to computing resources.
7
Q
What is meant by hardening targets in Domain 4.1?
A
Cloud infrastructure
This involves implementing security measures to protect cloud environments.
8
Q
What advantages does cloud computing offer organizations?
A
- Agility
- Flexibility
- Cost-effectiveness
- Scalability
These advantages have led to widespread adoption across industries.
9
Q
What approach do new businesses often take regarding cloud computing?
A
Born in the cloud
This approach allows businesses to operate without managing physical servers.
10
Q
What are the main concerns for security professionals regarding cloud computing?
A
Common cloud security concerns and security controls
These are essential for ensuring the confidentiality, integrity, and availability of cloud operations.
11
Q
Fill in the blank: The chapter discusses aspects of cloud computing most important for _______.
A
security professionals
This is crucial for those preparing for the Security+ exam.
12
Q
What is cloud computing?
A
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources.
13
Q
What are the key characteristics of cloud computing?
A
- Ubiquitous access
- On-demand self-service
- Rapid provisioning and releasing
- Minimal management effort
- Shared pool of resources
14
Q
What does multitenancy mean in cloud computing?
A
A cloud infrastructure where multiple users share the same physical hardware without knowledge of each other.
15
Q
What is the difference between scalability and elasticity?
A
- Scalability: Rapidly increasing capacity
- Elasticity: Expanding and contracting capacity as needs change
16
Q
What is measured service in cloud computing?
A
Cloud providers track resource usage, allowing customers to pay only for what they use.
17
Q
What are the five key roles in cloud computing?
A
- Cloud service providers
- Cloud consumers
- Cloud partners (brokers)
- Cloud auditors
- Cloud carriers
18
Q
What are the three major cloud service models?
A
- Infrastructure as a Service (IaaS)
- Software as a Service (SaaS)
- Platform as a Service (PaaS)
19
Q
What is Infrastructure as a Service (IaaS)?
A
A model allowing customers to purchase and manage basic computing resources like storage and networks.
20
Q
What is Software as a Service (SaaS)?
A
A model providing fully managed applications running in the cloud accessible via a web browser.
21
Q
What is Platform as a Service (PaaS)?
A
A model that offers a platform for customers to run their own applications, including execution environments and tools.
22
Q
What is the role of Managed Service Providers (MSPs)?
A
Organizations that provide IT services, potentially across both cloud and on-premises deployments.
23
Q
What defines a public cloud?
A
Infrastructure accessible to any customers under a multitenant model.
24
Q
What is a private cloud?
A
Cloud infrastructure provisioned for use by a single customer, either managed by them or a third party.
25
What is a community cloud?
A multitenant cloud service shared among members of a specific community with shared missions or compliance requirements.
26
What does hybrid cloud refer to?
Cloud deployments that blend public, private, and/or community cloud services together.
27
Fill in the blank: In cloud computing, _______ allows customers to quickly increase or decrease their resource capacity.
[elasticity]
28
True or False: Cloud consumers are the organizations that provide cloud services.
False
29
What is the primary advantage of cloud computing regarding resource provisioning?
On-demand self-service computing enables resources to be available when and where needed.
30
List two major players in the IaaS market.
* Amazon Web Services (AWS)
* Microsoft Azure
31
True or False: SaaS applications typically require significant user management of the underlying infrastructure.
False
32
What is an example of Function as a Service (FaaS)?
AWS Lambda
33
What is the HathiTrust digital library an example of?
Community cloud
## Footnote
HathiTrust is a consortium of academic research libraries providing access to their collections.
34
Define hybrid cloud.
A blend of public, private, and/or community cloud services unified into a single platform.
35
What is public cloud bursting?
Using public cloud capacity when demand exceeds private cloud capacity.
36
What is the primary reason for adopting hybrid cloud environments?
To reduce single points of failure by decentralizing technology components.
37
What are AWS Outposts?
A hybrid cloud service where customers manage on-premises AWS equipment.
38
What is the shared responsibility model in cloud computing?
A division of cybersecurity responsibilities between service providers and customers.
39
In an IaaS environment, what security responsibilities does the customer have?
Security for the operating system, applications, and data.
40
True or False: In a PaaS solution, the vendor is responsible for the operating system.
True
41
What is the primary responsibility of the provider in a SaaS environment?
Most operational tasks, including cybersecurity.
42
Why is documenting the division of responsibilities important?
For compliance with external regulations.
43
What does the Cloud Reference Architecture by NIST provide?
A high-level taxonomy for cloud services.
44
What organization developed the Cloud Controls Matrix (CCM)?
Cloud Security Alliance (CSA).
45
What is edge computing?
Processing data close to the sensor to minimize data transferred to the cloud.
46
What does fog computing utilize?
IoT gateway devices located near sensors for preprocessing data.
47
Fill in the blank: Hybrid cloud requires technology that ______ different cloud offerings.
unifies
48
List the three types of cloud services mentioned.
* IaaS
* PaaS
* SaaS
49
What is a significant challenge of traditional cloud models in IoT applications?
Poor network connectivity in remote locations.
50
True or False: In the shared responsibility model, cloud providers are responsible for the security of hardware.
True
51
What technology allows multiple guest systems to share the same underlying hardware?
Virtualization
## Footnote
Virtualization is essential for modern datacenters, particularly in cloud computing.
52
What is the special operating system that runs on virtual host hardware?
Hypervisor
## Footnote
The hypervisor mediates access to underlying hardware resources.
53
What do virtual machines run on top of in a virtualized datacenter?
Virtual infrastructure provided by the hypervisor
## Footnote
Virtual machines can run standard operating systems like Windows and Linux.
54
What is the primary responsibility of a hypervisor?
Enforcing isolation between virtual machines
## Footnote
This ensures that virtual machines do not interfere with each other's operations.
55
What illusion must the hypervisor present to each virtual machine?
A completely separate physical environment
## Footnote
This illusion is crucial for both operational and security aspects.
56
What are the two primary types of hypervisors?
Type I and Type II hypervisors
## Footnote
Each type has different operational mechanisms and efficiencies.
57
What is a Type I hypervisor also known as?
Bare-metal hypervisor
## Footnote
Type I hypervisors operate directly on the underlying hardware.
58
How do Type II hypervisors operate?
As an application on top of an existing operating system
## Footnote
This model introduces inefficiencies compared to Type I hypervisors.
59
Which type of hypervisor is most commonly used in datacenter virtualization?
Type I hypervisor
## Footnote
Type I hypervisors are preferred for their efficiency.
60
Fill in the blank: Type II hypervisors are less efficient than _______.
Type I hypervisors
## Footnote
This is due to the additional layer of the host operating system.
61
True or False: Virtual machines are aware they are running in a virtualized environment.
False
## Footnote
The hypervisor tricks virtual machines into thinking they have normal hardware access.
62
What does IaaS stand for?
Infrastructure as a Service
63
What are the primary resources provided by IaaS environments?
* Compute capacity
* Storage
* Networking
64
What is the main benefit of dynamic resource allocation in cloud computing?
Allows administrators to add and remove resources as needs change
65
What are virtual machines in the context of cloud computing?
The basic building block of compute capacity in the cloud
66
How is the cost of a server instance typically calculated?
Based on an hourly rate, varying by compute, memory, and storage resources
67
What is the purpose of containerization?
Provides application-level virtualization, allowing applications to be portable across systems
68
Name a popular containerization platform.
Docker
69
What security considerations should be enforced for containers?
* Isolation between containers
* Container-specific vulnerability management
* Segmenting by risk profile
70
What are the two major categories of cloud storage offerings?
* Block storage
* Object storage
71
What is block storage?
Allocates large volumes of storage for use by virtual server instances, formatted as virtual disks
72
How does object storage differ from block storage?
Files are treated as independent entities and storage is not preallocated
73
What is a key difference in cost between block storage and object storage?
Block storage is significantly more expensive than object storage
74
What are three key security considerations for cloud storage?
* Set permissions properly
* Consider high availability and durability
* Use encryption to protect sensitive data
75
What is the role of security groups in cloud networking?
Define permissible network traffic using a set of rules similar to a firewall ruleset
76
What is a Virtual Private Cloud (VPC)?
A method to achieve network segmentation in cloud environments by grouping systems into subnets
77
What is the purpose of Infrastructure as Code (IaC)?
Automates the provisioning, management, and deprovisioning of infrastructure services through scripted code
78
True or False: Security groups incur additional costs in cloud environments.
False
79
What is the advantage of integrating APIs in cloud environments?
Allows programmatic provisioning, configuration, and management of cloud resources
80
Fill in the blank: Containers provide _______ virtualization.
application-level
81
What is the function of AWS CloudFormation?
Allows developers to specify infrastructure requirements in formats like JSON and YAML
82
What major disadvantage arises from isolating operations teams from the development process?
Inhibits understanding of business requirements
83
What does SDN stand for in cloud networking?
Software-Defined Networking
84
What is the main feature of cloud service providers' firewalls?
They do not provide direct access to customers to maintain isolation
85
What is the relationship between microservices and APIs in cloud environments?
Microservices communicate with each other through APIs in response to environmental events
86
What does IaaS stand for?
Infrastructure as a Service
87
What are the primary resources provided by IaaS environments?
* Compute capacity
* Storage
* Networking
88
What is the main benefit of dynamic resource allocation in cloud computing?
Allows administrators to add and remove resources as needs change
89
What are virtual machines in the context of cloud computing?
The basic building block of compute capacity in the cloud
90
How is the cost of a server instance typically calculated?
Based on an hourly rate, varying by compute, memory, and storage resources
91
What is the purpose of containerization?
Provides application-level virtualization, allowing applications to be portable across systems
92
Name a popular containerization platform.
Docker
93
What security considerations should be enforced for containers?
* Isolation between containers
* Container-specific vulnerability management
* Segmenting by risk profile
94
What are the two major categories of cloud storage offerings?
* Block storage
* Object storage
95
What is block storage?
Allocates large volumes of storage for use by virtual server instances, formatted as virtual disks
96
How does object storage differ from block storage?
Files are treated as independent entities and storage is not preallocated
97
What is a key difference in cost between block storage and object storage?
Block storage is significantly more expensive than object storage
98
What are three key security considerations for cloud storage?
* Set permissions properly
* Consider high availability and durability
* Use encryption to protect sensitive data
99
What is the role of security groups in cloud networking?
Define permissible network traffic using a set of rules similar to a firewall ruleset
100
What is a Virtual Private Cloud (VPC)?
A method to achieve network segmentation in cloud environments by grouping systems into subnets
101
What is the purpose of Infrastructure as Code (IaC)?
Automates the provisioning, management, and deprovisioning of infrastructure services through scripted code
102
True or False: Security groups incur additional costs in cloud environments.
False
103
What is the advantage of integrating APIs in cloud environments?
Allows programmatic provisioning, configuration, and management of cloud resources
104
Fill in the blank: Containers provide _______ virtualization.
application-level
105
What is the function of AWS CloudFormation?
Allows developers to specify infrastructure requirements in formats like JSON and YAML
106
What major disadvantage arises from isolating operations teams from the development process?
Inhibits understanding of business requirements
107
What does SDN stand for in cloud networking?
Software-Defined Networking
108
What is the main feature of cloud service providers' firewalls?
They do not provide direct access to customers to maintain isolation
109
What is the relationship between microservices and APIs in cloud environments?
Microservices communicate with each other through APIs in response to environmental events
110
What are the advantages of cloud computing?
Operational and financial advantages
## Footnote
These advantages include scalability, cost efficiency, and flexibility.
111
What is a significant availability issue in cloud environments?
High availability is not always guaranteed with base-level cloud services
## Footnote
Organizations often need to purchase or configure high availability services.
112
Define data sovereignty.
Data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed
113
What must security professionals understand regarding data in cloud services?
How their data is stored, processed, and transmitted across jurisdictions
114
What is a virtual machine (VM) escape vulnerability?
An attack where an attacker leverages access to a virtual host to intrude upon resources assigned to a different virtual machine
115
What is virtual machine sprawl?
When IaaS users create virtual service instances and forget about them, leading to accumulated costs and security issues
116
What is resource reuse in cloud computing?
When cloud providers reassign hardware resources originally assigned to one customer to another customer
117
What type of technology should security analysts implement for API-based applications?
API inspection technology
118
What is the function of secure web gateways (SWGs)?
Monitor web requests made by internal users and evaluate them against the organization's security policy
119
What role does technology governance play in cloud computing?
Guides IT organizations' work to ensure consistency with organizational strategy and policy
120
What is an important component of cloud governance?
Auditability
121
True or False: Cloud computing contracts should guarantee the customer's right to audit cloud service providers.
True
122
Fill in the blank: Cloud applications depend heavily on the use of ______ to provide service integration and interoperability.
APIs
123
What is the primary purpose of controls offered by cloud service providers?
Hardening the cloud infrastructure against attack
## Footnote
These controls help organizations achieve their security objectives in the cloud.
124
What are the advantages of using cloud-native controls?
Cost-effective and user-friendly
## Footnote
They integrate directly with the provider's offerings.
125
What is a disadvantage of third-party solutions for cloud security?
More costly
## Footnote
However, they can integrate with a variety of cloud providers.
126
What role do Cloud Access Security Brokers (CASBs) play?
Serve as intermediaries between cloud service users and cloud service providers
## Footnote
They monitor user activity and enforce policy requirements.
127
What are the two approaches CASBs operate using?
* Inline CASB solutions
* API-based CASB solutions
128
How do inline CASB solutions function?
Physically or logically reside in the connection path between the user and the service
## Footnote
They can block requests that violate policy.
129
What is a limitation of API-based CASB solutions?
Cannot block requests that violate policy
## Footnote
They only monitor user activity and correct policy violations post-factum.
130
What are resource policies in cloud security?
Policies that limit the actions users of accounts may take
## Footnote
They help mitigate risks from accidental commands, compromised accounts, or malicious insiders.
131
What is an example of a restriction that a service control policy can impose?
Prohibit access to resources outside certain regions
## Footnote
Example regions: US-East and EU-West.
132
What is a Hardware Security Module (HSM)?
A special-purpose computing device that manages encryption keys and performs cryptographic operations
## Footnote
HSMs provide high security when configured properly.
133
What is a key benefit of using HSMs for encryption key management?
Creates and manages keys without exposing them to humans
## Footnote
This dramatically reduces the risk of key compromise.
134
Do cloud service providers use HSMs for their own operations?
Yes
## Footnote
They also offer HSM services to customers for secure key management.
135
Fill in the blank: The purpose of cloud access security brokers is to _______.
monitor user activity and enforce policy requirements
136
True or False: Inline CASB solutions require configuration of network devices.
True
137
True or False: API-based CASBs can block requests that violate policy.
False
138
What changes does cloud computing bring to the cybersecurity landscape?
It requires cooperation between cybersecurity professionals and cloud service providers.
139
What is the shared responsibility model in cloud security?
It is a model where cloud customers and providers must understand their responsibilities in meeting security control requirements.
140
What types of security controls may organizations adopt in the cloud?
Organizations may implement:
* Cloud-native security controls from providers
* Third-party controls that work across environments
* A mixture of both
141
What is a cloud access security broker (CASB)?
A CASB allows consistent enforcement of security policies across diverse cloud platforms.
142
What vulnerabilities may appear in cloud environments?
Vulnerabilities include:
* Virtual machine escape
* Resource reuse
143
What data sovereignty concerns may arise when using cloud services in different jurisdictions?
Using cloud services in different jurisdictions may introduce data sovereignty concerns.
144
True or False: Cybersecurity professionals are solely responsible for meeting security control requirements in cloud environments.
False
