CH13 Cloud Security Flashcards
The Pass Certs Fast corporation has recently been embarrassed by a number of high profile data breaches. The CIO proposes improving the cybersecurity posture of the company by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?
a. This approach assumes that the clod will provide better security than is currently done on-site
b. This approach only changes the location of the network and not the attack surface of it
c. The company has already paid for the physical servers and will not fully realize their ROI on them due to the migration.
d. This is a reasonable approach that will increase the security of the servers and infrastructure.
b. This approach only changes the location of the network and not the attack surface of it
A poorly implemented security model at a physical location will still be a poorly implemented security model in a virtual location. Unless the fundamental causes of the security issues that caused the previous data breaches have been understood, mitigated, and remediated, then migrating the current images into the cloud will simply change the location of where the processing occurs without improving the security of the network. While the statement concerning unrealized ROI may be accurate, it simply demonstrates the fallacy of the sunk cost argument.
Which of the following would a virtual private cloud infrastructure be classified as?
a. Infrastructure as a Service
b. Platform as a Service
c. Software as a Service
d. Function as a Service
a.Infrastructure as a Service
Infrastructure as a Service (IaaS) is a computing method that uses the cloud to provide any or all infrastructure needs. In a VPC environment, an organization may provision virtual servers in a cloud-hosted network. The service consumer is still responsible for maintaining the IP address space and routing internally to the cloud.
Dave’s company utilizes Google’s G-Suite environment for file sharing and office productivity, Slack for internal messaging, and AWS for hosting their web servers. Which of the following cloud models type of cloud deployment models is being used?
a. Multi-cloud
b. Community
c. Private
d. Public
a. Multi-Cloud
Multi-cloud is a cloud deployment model where the cloud consumer uses multiple public cloud services. In this example, Dave is using the Google Cloud, Amazon’s AWS, and Slack’s cloud-based SaaS product simultaneously.
A private cloud is a cloud that is deployed for use by a single entity.
A public cloud is a cloud that is deployed for shared use by multiple independent tenants.
A community cloud is a cloud that is deployed for shared use by cooperating tenants.
Your company is making a significant investment in infrastructure-as-a-service (IaaS) hosting to replace its data centers. Which of the following techniques should be used to mitigate the risk of data remanence when moving virtual hosts from one server to another in the cloud?
a. Use full-disk encryption
b. Use data masking
c. Span multiple virtual disks to fragment data
d. Zero-wipe drives before moving systems
a. Use full-disk encryption
OBJ-1.5: To mitigate the risk of data remanence, you should implement full disk encryption. This method will ensure that all data is encrypted and cannot be exposed to other organizations or the underlying IaaS provider. Using a zero wipe is typically impossible because VM systems may move without user intervention during scaling and elasticity operations. Data masking can mean that all or part of a field’s contents is redacted, by substituting all character strings with “x,” for example. Data masking will not prevent your corporate data from being exposed by data remanence. Spanning multiple disks will leave the data accessible, even though it would be fragmented, and would make the data remanence problem worse overall.
