3.6 cards Flashcards
What is an Availability Zone (AZ)
Isolated locations with a cloud region
Each AZ has independent power, HVAC, and networking
Name the two encryption types and name some attributes associated with them
Server-side encryption - Encrypt data in the cloud - Data is encrypted when stored on disk Client-side encryption - Data is already encrypted when it's sent to the cloud - performed by the application
What is Identity and Access Management (IAM)
Used to define who gets access and who gets access to what
What connects cloud compoents, allows users communication with the cloud, and allows cloud devices communicate between each other
Cloud Networks
What are some differences between the private and public cloud
private cloud - All internal IP addresses - Connects to the private cloud over a VPN - No access from the internet public cloud - External IP addresses - Connects to the cloud from anywhere
Virtualized security technologies
Web application Firewall (WAF)
Next-Generation Firewall (NGFW)
- Intrusion Prevention System (IPS)
microservice architecture is the underlying application which is a security concern
API monitoring should include the following:
- View specific API queries
- Monitor incoming and outgoing data
The IaaS component for the cloud computing environment. Also manages computing resources
Compute cloud Instances
List security groups for Securing Compute Clouds
A firewall for compute instances
Layer 4 port number
Layer 3 address
What is Dynamic Resource Allocation
Provision resources when they are needed
Scale up and down
Ongoing monitoring
What is instance awareness
Granular security control
Ability to define and set policies
This cloud security solution is great for determining visibility, compliance, threat prevention, and data security
CASB
- Cloud access security broker
What are 4 factors associated with CASB
Visibility
Compliance
Threat prevention
Data security
What does a Next-Gen Secure Web Gateway (SWG) do?
- Protects users and devices
- Go beyond URLs and GET requests
- Examine JSON strings and API requests
- Instance-aware security
True or False, can a cloud have a firewall? If true, name some properties?
Control traffic flows in the cloud
Cost
Segmentation
OSI layers