1.5 Virtualization and Cloud

Question 1

The grouping of virtual hardware (cpu, ram, storage, nic, etc) to form an entire virtual computer.

Answer 1

Virtual machine

Question 2

Software layer that creates virtual hardware components and facilitates the communication from the virtual hardware to the physical hardware and vice versa.

Answer 2

Hypervisor

Question 3

A layer of abstraction down to the process execution level, where the software installed on a VM is isolated away from the VM itself.

Answer 3

Application level virtualization

Question 4

A series of files on a computing system that, when used by a hypervisor, function as an independent computing device.

Answer 4

Virtual machine

Question 5

Software technology that isolates a desktop environment and it’s associated application software from a physical host machine that is used to access it.

Answer 5

VDI - Virtual desktop infrastructure.

Question 6

One of the most important security functions that can be performed today. Including but not limited to understanding how a piece of malware works, understanding the command and control functions presented by a piece of malware, and gaining an understanding into the motivations and potential end goals of an adversary.

Answer 6

Malware analysis

Question 7

Term that is used to describe data that we collect from an IT asset.

Answer 7

Digital evidence

Question 8

Virtualization security risk that results from the ease at which VMs can be cloned and forgotten about. Virtual machines that exist but are no longer needed.

Answer 8

VM sprawl

Question 9

The process of creating different tiers of physical host computers where each tier of physical host is only allowed to run guest VMs of that same trust level.

Answer 9

Virtualization physical segmentation.

Question 10

Code run from inside a guest VM being executed on the host computer. Being able to execute code outside the bounds of the isolation that is supposed to be afforded to a VM.

Answer 10

VM escape

Question 11

Type of cloud deployment where all services are operated by a third party provider

Answer 11

Public cloud

Question 12

Type of cloud deployment where IT resources are built, operated, and managed by a single company or organization, typically in their own data centers.

Answer 12

Private cloud

Question 13

type of cloud deployment where an organization uses a combination of public cloud services with on-premise or private services. Typically done when there are legacy systems that, for various reasons, cannot be moved to the cloud.

Answer 13

Hybrid cloud

Question 14

cloud service model where the provider grants access to a console that allows the customer to provision servers on a virtual Network according to their needs.

Answer 14

IaaS - infrastructure as a service

Question 15

Cloud service model that allows customers to access a platform that enables them to run custom code or applications. Customers do not need to manage the underlying infrastructure.

Answer 15

PaaS - platform as a service

Question 16

Cloud delivery model where the service provider provides access to a hosted web application. Subscription based.

Answer 16

SaaS - software as a service

Question 17

Cloud service model where managing the actual hardware is fully assumed by the cloud service provider. Development teams only define and deploy application functions that need to be called.

Answer 17

Serverless, or FaaS - functions as a service.

Question 18

Cloud computing trend where software changes to running applications are delivered using automation.

Answer 18

CI/CD - continuous integration, continuous delivery

Question 19

This allows us to create infrastructure from templates. Entire architectures that are software defined, with version control, using OOP concepts.

Answer 19

IaC - infrastructure as code

Question 20

In regards to cloud security, this term makes it clear that neither a cloud provider nor subscriber is solely responsible for security.

Answer 20

Shared responsibility

Question 21

An organization focused on a mission to help raise awareness of cloud security issues and the development of best practices. They publish the GRC stack.

Answer 21

CSA - cloud security alliance

Question 22

A logically isolated virtual Network inside an AWS account.

Answer 22

AWS virtual private cloud VPC

Question 23

These divide cloud VPCs into smaller virtual Network segments

Answer 23

Subnets

Question 24

Resources and private subnets do not have outbound internet access. This is the workaround.

Answer 24

Deploy a Network Address Translation (NAT) gateway in the public subnet.

Question 25

Leveraging cloud functionality for security purposes is referred to as

Answer 25

Security as a service

Question 26

Planning for how to handle impact to an organization’s operational capabilities, including IT assets.

Answer 26

BCP - Business continuity planning.

Question 27

Subset of business continuity planning that focuses on the recovery of key, critical IT assets.

Answer 27

Disaster recovery