3.1 Flashcards

Cloud infrastructures, network infrastructure concepts, other infrastructure concepts, infrastructure considerations

1
Q

When using a cloud responsibility matrix, how do you know who is responsible for security?

A

Each CSP has their own policies
Contractual agreements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

5 security considerations when using a hybrid cloud (more than one CSP for additional clouds)

A

Authentication across platforms
Firewall configurations
Server settings
^These 3 things need to match between clouds

Log monitoring - each CSP might have different types of logs using different terminology

Data leakage - data is constantly transferred from one cloud to another across the public internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Enables the management and maintenance of security for third-party technologies/applications implemented in your organization’s private cloud

A

Vendor risk management policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True/False

You must perform a third-party impact assessment for incident response

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

True/False

You can trust third party process to have robust security practices, so you don’t need to constantly monitor them for unusual activity or changes in availability

A

False

You cannot trust that third parties have not been compromised, so you always need to be monitoring them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A method of defining cloud infrastructure (servers, networks, application instances, databases) as code, rather than as hardware.

This allows the administrator to quickly build, modify, and create versions of the infrastructure

A

Infrastructure as code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True/False

IaC allows an administrator to build out code and then copy/paste this layout to other CSPs. This way, the administrator can create their perfect layout and use it again and again.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

FaaS stands for

A

Function as a Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A cloud computing service where an application instance is serverless.

Instead of accessing the application, you are accessing only the individual, autonomous functions of the application. The microservices.

This method removes the emphasis on the OS. These microservices can run on any OS needed.

A

FaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does serverless FaaS work?

A

Developers separate applications into individual, autonomous functions that are stored in the cloud server

Once the function is no longer needed, it is removed from the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is it called serverless?

A

Because the developers do not need to worry about server infrastructure or server space.

Backend computing is provided on an as-used basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Difference between IaaS, PaaS, and serverless

A

IaaS is paid for as pre-purchased units of capacity. The client can set up a data collection system, etc.

PaaS charges the client for the resources used. However, the client must request the provider for more resources. The client does not have to set up the OS or anything about the underlying infrastructure. It is used for building apps.

Serverless is paid for as an as-used basis. Resources are automatically scaled. There is no backend/resource management at all. Serverless microservices are much more lightweight than PaaS applications, so it is faster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True/False

In serverless architecture, ALL security concerns are the responsibility of the third party

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True/False

In serverless architecture, microservices can be triggered and ephemeral

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An application that is built as a single unified unit. It does everything, and all code needs to be present for the application to execute correctly. Takes care of user interface, business logic, I/O, etc.

It is self-contained and independent from other application. It is made from ONE code base.

A

Monolithic application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What enables the use of microservices in cloud architecture? It acts as the “glue” between microservices.

It allows you to programmatically control the way that an application works

A

APIs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

True/False

In comparison to a monolithic architecture, microservice architecture is more secure, more resilient, and more scalable.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A physical or digital separation that prevents a system from being reached by anyone or anything.

This means that this device also cannot connect to other computers or networks either wirelessly or physically.

A

Air gap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Why would an organization utilize airgapping?

A

Separate database servers and web servers

A managed service provider might use it to put one customer on one switch, and a different customer on another, physically isolated switch

It prevents attackers from gaining access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Describe physical segmentation

A

Each segment has its separate physical devices and infrastructure. Not easily scalable, since more segments means more hardware needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Describe logical segmentation

A

VLANs are used. You can configure one switch to have a group of interfaces belong to VLAN A, and the other group of interfaces to belong to VLAN B. This saves on hardware costs and is more scalable than physical segmentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

True/False

Because logical segments are connected by the same physical switch, the VLANs have an inherent ability to communicate with each other.

A

False

The segmented VLANs need a Layer 3 device/router to communicate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

SDN stands for

A

Software-Defined Networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The 3 functional planes involved in SDN

A

Data plane
Control plane
Management plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

The functional plane that:
Processes network frames and packets
Forwards packets
Enables trunking, encrypting, and NAT

A

Data plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The functional plane that:
Manages routing tables, session tables, NAT tables
Executes dynamic routing protocol updates
Tells the data plane how to get data from point A to point B

A

Control plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

The functional plane that:
Enables configuration changes for the device through SSH, a browser, or an API

A

Management plane

28
Q

True/False

Logically separating networking devices into multiple control planes allows you to extend the functionality and management of a single device, as well as use the device for the cloud.

A

True

29
Q

A network architecture created by separating network devices into logical functional planes.

A

SDN

30
Q

True/False

It is easier to secure a decentralized network than a centralized network

A

False

It’s difficult to manage diverse systems, especially when they’re in separate physical locations

31
Q

True/False

Using a centralized management console to control the security of decentralized/diverse devices can introduce a single point of failure and potential performance issues due to lack of scalability.

A

True

32
Q

What is the main challenge with virtualization/VMs?

A

Each VM needs to have its own OS, even if every VM is identical.

This adds overhead and complexity, and causes virtualization to be expensive.

33
Q

VMs can sometimes be inefficient–especially when the organizations runs multiple identical VMs. What solves this problem?

A

Using containers instead of VMs

34
Q

How do containers solve the VM inefficiency problem?

A

Multiple applications can run simultaneously on one OS/hardware.

Each container has only the application–no OS. It uses the OS on the host machine.

35
Q

True/False

Containers are self-contained and cannot interact with each other, even if they are operating on the same machine. Just like VMs.

A

True

36
Q

SCADA stands for

A

Supervisory Control and Data Acquisition System

37
Q

SCADA is AKA

A

ICS

38
Q

ICS stands for

A

Industrial Control System

39
Q

How do you secure SCADA/ICS?

A

Extensive segmentation

NO access should come from outside! Compromise can affect the system severely.

40
Q

RTOS stands for

A

Real-Time Operating System

41
Q

An OS where no one process can take complete control over the device’s resources

A

Non-deterministic OS

42
Q

Does industrial/manufacturing/automobile/military equipment commonly use deterministic or non-deterministic OSs?

A

Deterministic

43
Q

An OS that may allow one process to take complete control over the device’s resources.

A

Deterministic OS

44
Q

Why can deterministic OSs be helpful in some situations?

A

Some processes MUST take priority for safety. For example, when you press your brake while driving your car, that will take priority over everything else.

45
Q

True/False

Security is critical in RTOSs because the operations they perform are extremely necessary

A

True

46
Q

A small device that’s part of a larger device, machine, or system, and is designed to control a specific function within it. They are less complex than computers and only exist inside other systems.

They normally only have a limited amount of tasks they can perform, but advanced ones can control entire OSs.

A

Embedded system

47
Q

True/False

Embedded systems are often created/built for ONE sole purpose, and to do that thing very well and efficiently.

A

True

48
Q

Examples of embedded systems

A

Traffic light controllers
Digital watches
Medical imaging systems

49
Q

HA means that something is ____ available.

A

ALWAYS

50
Q

MTTR stands for

A

Mean Time to Repair

51
Q

The average time it takes to fix a system/piece of equipment after it has failed

A

Mean Time to Repair

52
Q

A metric that measures how quickly a system delivers responses after having been given a request

A

Responsiveness

53
Q

A metric measuring the ease with which you can increase or decrease capacity for use.

A

Scalability

53
Q

The ability to automatically acquire and release resources as needed to meet changing demands

A

Elasticity

54
Q

Difference between scalability and elasticity

A

Scalability deals with long-term changes

Elasticity deals with short-term, daily changes

55
Q

True/False

When scaling your network infrastructure according to demand, it is important to also extend the security functions of your network

A

True

56
Q

The acting of transferring risk to a third party

A

Risk transference

57
Q

Cybersecurity insurance is a method of

A

Risk transference

58
Q

True/False

An organization that rarely patches is a significant security concern.

A

True

59
Q

What types of systems often do not have patches released for them?

A

Embedded systems

ex. HVAC controls, time clocks

60
Q

True/False

Because embedded systems almost never have patches available, it is recommended to implement additional security measures around them. ex. Firewalls

A

True

61
Q

UPS stands for

A

Uninterruptable Power Supply

62
Q

The component that provides the heavy lifting in processing

A

Compute component

63
Q

True/False

The compute component is AKA a CPU

A

False

The compute component is more than just a single CPU.

64
Q

In a cloud architecture, the component that does the actual thinking and processing of the data.

It may be a single processor in a datacenter, or it may be multiple CPUs across multiple clouds.

Using this in a multi-cloud architecture (as referenced above) enhances scalability with the cost of some additional complexity.

A

Compute engine