3.6 Given a Scenario, apply Cybersecurity Solutions to the cloud Flashcards

1
Q

High availability and high availability across zones.

A

High availability indicates a system or service remains operational with almost zero downtime. It’s typically achieved by using multiple load-balancing nodes. High availability across zones indicates that the nodes are located in different cloud locations, such as separate geographic locations. If one node fails, other nodes can take on its load.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Resources policies

A

In this context, resources refer to cloud-based resources such as folders, projects, and virtual machine instances. Customers rent access to resources, and the CSP resource policies ensure customers don’t create more resources than their plan allows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

secret’s management

A

Secrets refer to passwords and encryption keys that users create. A secrets management system stores and manages secrets, including keeping them secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Integration and auditing.

A

The CSP integrates security controls into the cloud-based resources, and auditing methods help customers identify the effectiveness of security controls at protecting the confidentiality, integrity, and availability of cloud-based resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Storage

A

Cloud-based storage allows customers to store data in the cloud. AWS stores data in buckets. Google uses Google Drive and allows users to store files in a hierarchical format similar to folders in Windows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Permissions

A

Permissions identify who can access the data. While the processes differ with different CSPs, the concepts are similar to file system permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Encryption.

A

Encryption protects the confidentiality of data, and CSPs commonly provide encryption services. This prevents unauthorized personnel from accessing data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Replication

A

Data replication is the process of creating a copy of data and storing it in a different location. For example, you can replicate data on a desktop computer to a removable drive. Cloud data replication creates a copy of data in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

High availability

A

High availability indicates a system or service remains operational with almost zero downtime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Networks

A

CSPs provide entire networks to organizations that need them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Virtual Networks

A

A CSP creates virtual networks for customers that need them. These typically use software-defined network technologies (described later in this chapter) instead of physical routers and switches. A single server can host an entire virtual network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Public and private subnets.

A

Public subnets have public IP addresses and are accessible via the Internet. Private subnets have private IP addresses and aren’t directly accessible via the Internet. Organizations typically use screened subnets for any public subnets that need to be accessible via the Internet. Virtual networks can mimic this design with both public and private subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Segmentation.

A

Just as local networks support segmentation with virtual local area networks (VLANs) and screened subnets, cloud-based networks can segment computers or networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

API inspection and integration

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Compute

A

The CSPs compute engine lets customers create and run a variety of solutions from single websites to full virtual networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Security groups.

A

Security groups are similar to groups used in Windows and described in the role-based access control model, Administrators assign permissions to a group and add users to the account.

17
Q

Dynamic resource allocation

A

Cloud-based resources typically support elasticity. Elasticity indicates the CSP can dynamically allocate additional resources, such as more processors, more memory, or more disk space to a cloud-based resource when it’s needed. When the additional resources are no longer needed, the CSP can dynamically remove them.

18
Q

Instance awareness.

A

Instance awareness refers to the ability of the CSP to know and report how many instances of cloud-based resources an organization is renting. This can help an organization avoid VM sprawl.

19
Q

Virtual private cloud (VPC) endpoint.

A

A VPC endpoint is a virtual device within a virtual network. Users or services can connect to the VPC endpoint and then access other resources via the virtual network instead of accessing the resources directly via the Internet. This can significantly reduce the bandwidth required to access resources directly.

20
Q

Container security.

A

Container virtualization (described earlier) runs services or applications within containers. CSPs commonly use containers with cloud resources, and container security protects these containers.

21
Q

CASB

A

A CASB is a software tool or service deployed between an organization’s network and the cloud provider.

22
Q

Application Security

A
23
Q

Next-Generation Secure Web Gateway

A

A next-generation secure web gateway (SWG) is a combination of a proxy server and a stateless firewall. The SWG is typically a cloud-based service, but it can be an on-site appliance.

24
Q

Firewall Considerations in a cloud environment

A

When creating virtual networks in the cloud, there are some additional items to consider. Just as physical networks need firewalls to prevent unauthorized access, virtual networks also need firewalls. It’s common to use two firewalls to create a screened subnet, This provides segmentation and helps reduce an attacker’s success when attacking the virtual network.

25
Q

Cost

A

The cost of cloud-based firewalls varies depending on how they’re used. Smaller organizations can rent access to a firewall for employees on a per-user basis. This relieves the organization from managing the firewall.

26
Q

Need for segmentation

A
27
Q

Open systems

A
28
Q

Interconnection (OSI) layers

A

Cloud-based firewalls typically operate on all seven layers of the Open Systems Interconnection (OSI) model, allowing them to filter traffic on the application layer. Appendix D, “The OSI Model,” provides a refresher on the OSI model if you need it.

29
Q

Cloud native control vs. third-party solutions

A

CSPs employ native controls to protect cloud-based resources. This may be enough for some customers, but other customers want more security features and seek third-party solutions, such as a cloud access security broker (CASB).