1.6 Explain the security concerns associated with various types of vulnerabilities.

Question 1

Attacks and related concepts to be aware of as a cloud user:

Answer 1

Increased chances of data loss or disclosure

Target of attacker also using the cloud

CSP having insecure APIs and UIs

Potential failure of isolation

Presence of malicious insiders

Weak auth techs

Loss of reputation due to activities of other cloud tenants

Vulns allowing for privilege escalation

Virtualization attacks resulting in VM escaping

Unauthorized access to backups

Question 2

Zero-day

Answer 2

Newly discovered attacks w/no specific defense available from the vendor

Question 3

Weak configurations

Answer 3

Open permissions

Unsecured root accounts

Errors

Weak encryption

Unsecure protocols

Default settings

Open ports and services

Question 4

Third-party risks

Answer 4

Vendor management
-System integration
-Lack of support

Supply chain

Outsourced code development

Data storage

Question 5

Improper or weak patch management

Answer 5

Firmware

Operating System (OS)

Applications

Question 6

Legacy platforms

Answer 6

May still function but are no longer supported by original vendor

Question 7

Impacts

Answer 7

Data loss

Data breaches

Data exfiltration

Identity theft

Financial

Reputation

Availability loss