chapter 22 terms and definitions

Question 1

1st layer of OSI

Answer 1

Physical

Question 2

2nd layer of OSI

Answer 2

Data link

Question 3

3rd layer of OSI

Answer 3

Network

Question 4

4th layer of OSI

Answer 4

Transport

Question 5

5th layer of OSI

Answer 5

Session

Question 6

6th layer of OSI

Answer 6

Presentation

Question 7

7th layer of OSI

Answer 7

Application

Question 8

Cloud computing model in which a third party CSP offers virtualized compute resources such as servers, data storage and network equipment on demand over the internet to clients.

Answer 8

IaaS

Question 9

Provides customers with a complete cloud platform, including hardware, software, and infrastructure.

Answer 9

PaaS

Question 10

Cloud-based software delivery model that allows end-users to access software applications over the internet.

Answer 10

SaaS

Question 11

Separating network elements into segments and regulating traffic between them.

Answer 11

Segmentation

Question 12

A capability that must be enabled on firewalls, secured web gateways, and CASB’s to determine if the next system in a communication chain is legitimate or not.

Answer 12

Instance Awareness

Question 13

How did cloud security contributed to business continuity during the 2020 Covid-19 pandemic?

Answer 13

By keeping remote security going when it was rushed to be implemented.

Question 14

To combine multiple security policies to ensure cloud app security across authorized and unauthorized applications, managed and unmanaged devices.

Answer 14

CASB

Question 15

A set of defined rules that enable different software components to communicate and transfer data.

Answer 15

API

Question 16

An active measure to prevent errors from propagating through a system and causing trouble.

Answer 16

API content inspection

Question 17

A term used to denote the policies and procedures employed to connect to the IAM systems of the enterprise.

Answer 17

Secrets Management

Question 18

Practice that enables organizations to securely store, access, and manage digital authentication credentials, including passwords, keys, APIs, tokens, and certificates.

Answer 18

Secrets Manager

Question 19

How are permissions handled in a cloud environment?

Answer 19

Putting people in groups with certain checks and privileges based on their position in the environment.

Question 20

What are the purposes of public and private subnets in the cloud?

Answer 20

To separate public and private communication and data into two controlled environments of the cloud.

Question 21

What is the purpose of a Next-Gen SWG?

Answer 21

To protect enterprises from sophisticated cloud-enabled threat and data risks.

Question 22

What are Next-Gen SWG capabilities

Answer 22

Application control, user and entity behavior analytics and machine learning.

Question 23

A systematic procedure for allocating resources to mobile users in a time-varying environment.

Answer 23

dynamic resource allocation

Question 24

Who should maintain the keys when data in encrypted in the cloud?

Answer 24

The enterprise

Question 25

What is a common mistake in cloud computing, in terms of security?

Answer 25

Not encrypting data in a cloud system.

Question 26

In what OSI RM layers do next-gen firewalls operate?

Answer 26

Layer 4-7

Question 27

How is high availability achieved?

Answer 27

Having multiple different physical systems working together to ensure data is redundantly and resiliently stored.

Question 28

Why is it important to define cloud security requirements in the ToS agreement?

Answer 28

Because the responsibility of the security to the cloud server is up to the enterprise.

Question 29

With what two entities are cloud security controls shared?

Answer 29

Cloud Service Provider and third party solutions.

Question 30

What is the purpose of security groups?

Answer 30

Set rules and policies to manage scalability in a cloud environment.

Question 31

How do firewalls work when operating in the cloud

Answer 31

By blocking unauthorized connections to the cloud.

Question 32

A framework of business processes, policies, and technologies that manage electronic or digital identities.

Answer 32

IAM

Question 33

Cloud Service that enables the creation of a private connection between a VPC and a supported AWS by PrivateLink using its private IP address.

Answer 33

VPC Endpoint

Question 34

Packages, apps, and dependencies all bundled together.

Answer 34

Manifest

Question 35

What are some common data-specific security frameworks?

Answer 35

SOC1, SOC2, HITRUST, PCI, and FedRAMP

Question 36

How are zones used in cloud security?

Answer 36

Replicate, load-balancing, and High Availability

Question 37

What are two requirements of cloud-specific audits?

Answer 37

Understanding the cloud system and Data Security.

Question 38

How are cloud-based resources controlled?

Answer 38

Policy.