chapter 22 terms and definitions Flashcards
1st layer of OSI
Physical
2nd layer of OSI
Data link
3rd layer of OSI
Network
4th layer of OSI
Transport
5th layer of OSI
Session
6th layer of OSI
Presentation
7th layer of OSI
Application
Cloud computing model in which a third party CSP offers virtualized compute resources such as servers, data storage and network equipment on demand over the internet to clients.
IaaS
Provides customers with a complete cloud platform, including hardware, software, and infrastructure.
PaaS
Cloud-based software delivery model that allows end-users to access software applications over the internet.
SaaS
Separating network elements into segments and regulating traffic between them.
Segmentation
A capability that must be enabled on firewalls, secured web gateways, and CASB’s to determine if the next system in a communication chain is legitimate or not.
Instance Awareness
How did cloud security contributed to business continuity during the 2020 Covid-19 pandemic?
By keeping remote security going when it was rushed to be implemented.
To combine multiple security policies to ensure cloud app security across authorized and unauthorized applications, managed and unmanaged devices.
CASB
A set of defined rules that enable different software components to communicate and transfer data.
API
An active measure to prevent errors from propagating through a system and causing trouble.
API content inspection
A term used to denote the policies and procedures employed to connect to the IAM systems of the enterprise.
Secrets Management
Practice that enables organizations to securely store, access, and manage digital authentication credentials, including passwords, keys, APIs, tokens, and certificates.
Secrets Manager
How are permissions handled in a cloud environment?
Putting people in groups with certain checks and privileges based on their position in the environment.
What are the purposes of public and private subnets in the cloud?
To separate public and private communication and data into two controlled environments of the cloud.
What is the purpose of a Next-Gen SWG?
To protect enterprises from sophisticated cloud-enabled threat and data risks.
What are Next-Gen SWG capabilities
Application control, user and entity behavior analytics and machine learning.
A systematic procedure for allocating resources to mobile users in a time-varying environment.
dynamic resource allocation
Who should maintain the keys when data in encrypted in the cloud?
The enterprise
What is a common mistake in cloud computing, in terms of security?
Not encrypting data in a cloud system.
In what OSI RM layers do next-gen firewalls operate?
Layer 4-7
How is high availability achieved?
Having multiple different physical systems working together to ensure data is redundantly and resiliently stored.
Why is it important to define cloud security requirements in the ToS agreement?
Because the responsibility of the security to the cloud server is up to the enterprise.
With what two entities are cloud security controls shared?
Cloud Service Provider and third party solutions.
What is the purpose of security groups?
Set rules and policies to manage scalability in a cloud environment.
How do firewalls work when operating in the cloud
By blocking unauthorized connections to the cloud.
A framework of business processes, policies, and technologies that manage electronic or digital identities.
IAM
Cloud Service that enables the creation of a private connection between a VPC and a supported AWS by PrivateLink using its private IP address.
VPC Endpoint
Packages, apps, and dependencies all bundled together.
Manifest
What are some common data-specific security frameworks?
SOC1, SOC2, HITRUST, PCI, and FedRAMP
How are zones used in cloud security?
Replicate, load-balancing, and High Availability
What are two requirements of cloud-specific audits?
Understanding the cloud system and Data Security.
How are cloud-based resources controlled?
Policy.
