3.6 Apply cybersecurity solution to the cloud

Question 1

Cloud security controls: what is AZ in cloud ?

Answer 1

Availability Zones are isolated data centers located within specific regions in which you can access public cloud services.
Anything that happen in 1 availibility zone do not affect other availibility zone

Question 2

Cloud security controls: what is HA in cloud ?

Answer 2

High Availability: apps build HA can recognizeq an outage and moves to others AZ

Question 3

Cloud security controls: is IAM should be enforce in cloud ?

Answer 3

Yes

Question 4

Cloud security controls: why IAM should be enforce in cloud ?

Answer 4

To manage the access to resources: who gets access, what they get access to

Question 5

Cloud security controls: what is a secret key in cloud ?

Answer 5

It can be an API keys, passwords or certificate required when you wnt to loggin to specific cloud services

Question 6

Cloud security controls: why audit trail is important ?

Answer 6

To have a traceability of what have been done in the system and regulatory requirement

Question 7

Securing cloud storage: how to secure cloud storage?

Answer 7

By configuring cloud based storage:
- Permission
- Encryption (server & client side)
- Replication

Question 8

Securing cloud storage: why do we need to secure cloud storage ?

Answer 8

To limit and protect access to sensitive data, esp when data are hosted in a public cloud (Microsoft, AWS etc)

Question 9

Securing cloud storage: what is permission?

Answer 9

It defines which user/groups have access to the doc.

Question 10

Securing cloud storage: what is server-side encryption?

Answer 10

Encrypt the data when it’s posted in the cloud. And when a user retrieve information from the cloud, our system decrypt that data so that we’re able to use it.
If someone get acces to that storage drive or files, they won’t be able to read any of the data because it was encrypted when it was stored onto that drive

Question 11

Securing cloud storage: what is client-side encryption?

Answer 11

Encrypt the data locally, sending all of that encrypted data across the network in its secure form, and ultimately saving it as that encrypted data on the storage

Question 12

Securing cloud storage: what is replication ?

Answer 12

Copy data from one place to another for disaster recovery, high availibility and data analysis (analytics, big data) purposes

Question 13

Securing cloud network: what are the different types of cloud network ?

Answer 13

• Virtual network
• Public & private subnets
• Segmentation
• API inspection and integration

Question 14

Securing cloud network: what is virtual network ?

Answer 14

cloud contained virtual devices (switches, routers etc) managed by the organisation

Question 15

Securing cloud network: what is public & private subnets ?

Answer 15

Inc.:
- virtual private cloud (private cloud in a public cloud) that can be accessed using a VPN
- public cloud
- hybrid cloud

Question 16

Securing cloud network: what is segmentation ?

Answer 16

Cloud that contains separate VPCs, containers and microservices

Question 17

Securing compute clouds: what are compute cloud instances?

Answer 17

IaaS component for the cloud computing environment that are launch (for ex) as a VM, container

Question 18

Securing compute clouds: how to manage the access to compute instances?

Answer 18

Via:
- Security groups: firewall, port nb, IP management

Question 19

Cloud security solutions: what is CASB ?

Answer 19

Cloud Access Security Broker implement access management and DLP to help control access to and secure cloud-based assets

Question 20

Cloud security solutions: how the CASB operate ?

Answer 20

Based on 4 characteristics:
- Visibility: provide visibility into app & services used by the organization (inc. shadow IT)
- Control: enable organization to enforce security policies (inc. DLP, encryption, access control)
- Threat protection: detect & respond to cloud threats (malware, phishing)

Question 21

Cloud security solutions: what are the different cloud security solutions?

Answer 21

• CASB
• Application security
• Secure web gateway
• Firewalls
• Cloud native security controls
• 3rd party solutions

Question 22

Cloud security solutions: what is SWG ?

Answer 22

Next-Gen Secure Web Gateway provide security to users across all of theu devices, regardless of where they are connecting from.
It can examine the data being send: type of requests, JSON strings, API requests

Question 23

Cloud security solutions: what is cloud-native security controls ?

Answer 23

Integrated & supported controls & configuration options inthe cloud (no additional cost)