3. Security Architecture

Question 1

3.1 Cloud Architecture Concepts

Answer 1

Responsibility Matrix: outlines division of responsibilities between CSP and customer. Inlcudes things such as data protection and infrastructure management

Hybrid considerations: offers flexibility and scalability, but also complexity

Third-party vendors: SaaS, PaaS, IaaS. Do security assessments and compliance checks to make sure these services meet security requirements

Question 2

3.1 Infrastructure as Code

Answer 2

automates security management which can reduce human error, but introduces large scale risk if code has a vulnerability

Question 3

3.1 Network Infrastructure

Answer 3

Logical segmentation: use VLANs and subnets. limits spread of attacks

SDN: Software defined networking. Centralizes network control and offers consistent policy enforcement, but the SDN controller can be compromised

Question 3

3.1 Serverless

Answer 3

Replaces a server on your network with something else, such as a cloud service like Azure. Reduces the attack surface but introduces risks if the API is insecure.

Question 4

3.1 Centralized vs. decentralized

Answer 4

Centralized is easier to manage but causes a single point of failure.

Question 5

3.1 Containerization

Answer 5

containers provide isolated environments for applications, but require careful management

Question 6

3.1 Virtualization

Answer 6

improves resource utilization but introduces hypervisor vulnerabilities and VM escape

Question 7

3.1 ICS/SCADA

Answer 7

Critical for industrial operations but often run as legacy systems which can be vulnerable

Question 8

3.1 RTOS

Answer 8

Real-Time operating system: used in systems requiring high reliability and real-time processing, they need to operate without interruption

Question 9

3.1 Embedded systems

Answer 9

Specialized computing systems that have limited resources, difficult to implement robust security measures