Chapter 4: Exploring Virtualization and Cloud Concepts

Question 1

the cloud is like a pay as you go model where one day you can increase resources and then the next day you can scale down the resources. You can add more processor power, faster disks, more memory, or dual network cards whenever you want.

Answer 1

Elasticity

Question 2

is the ability of a company to grow while maintaining a resilient infrastructure. The cloud enables a company to grow and to do so without the worry of needing to make capital expenditure while doing so.

Answer 2

Scalability

Question 3

most common cloud model, where CSP provides the cloud services multiple tenants. This is like being one of many people who rent an apartment in an apartment block.

Answer 3

Public Cloud

Question 4

is where a company purchases all of its hardware or the CSP hosts them on separate servers from other companies. This gives them more control than other cloud models. They normally host their own cloud because they do not want to share resources with anyone else, but at the same time, their workforce has all of the mobile benefits of the cloud. The private cloud needs isolation from other companies, which is why they are single tenant. (Single Tenant)

Answer 4

Private Cloud

Question 5

cloud type is where companies from the same industry collectively pay for a bespoke application to be written, and the cloud manufacturer host it.

Answer 5

Community Cloud

Question 6

companies that decided not to host their company in the cloud are known as on-premise but during their peak time they may expand into the cloud—This is known as cloud bursting—mixture of both on premise and the cloud

Answer 6

Hybrid Cloud

Question 7

provides security, rolls out updates, has visibility of devices, and enforces the company’s policies between the on-premises situation and the cloud.

Answer 7

Cloud Access Security Broker (CASB)

Question 8

Cloud model–preconfiguring devices, install operating system, maintain patch management. –wit IaaS you install the operating system, configure, and patch it. This is the cloud service that you have more control over. The private cloud is the cloud model that gives you more control.

Answer 8

Infrastructure as a Service (IaaS)

Question 9

This is where the CSP hosts a bespoke software application that is accesses through a web server.
-bespoke vendor application that cannot be modified; you use it with a pay per use model

Answer 9

Software as a Service (SaaS)

Question 10

this provides the environment for developers to create applications, an example of this is Microsoft Azure. The platform provides a set of services to support the development and operation of applications, rolling them out to iOS, Android devices, as well as Windows devices. You could migrate your bespoke software applications under PaaS. Bespoke means customized.

Answer 10

Platform as a Service (PaaS)

Question 11

cloud model that provides Identity and Access Management (IAM): which provides identity management that allows people to have secure access to applications from anywhere at any time.

Answer 11

Security as a Service (SECaaS)

Question 12

describes a multitude of other available cloud services, such as Network as a Service (NaaS)-providing network resources; Desktop as a Service (DaaS), Backup as a Service (BaaS); and many more—new services will appear under ____

Answer 12

Anything as a Service (XaaS)

Question 13

will maintain the security environment for companies that will include enterprise firewalls, intrusion prevention and detection systems, and SIEM systems. They have a very highly skilled workforce who will take this away from a company.

Answer 13

Managed Security Service Provider (MSSP)

Question 14

complements cloud computing by processing data from IoT devices. It allows you to analyze the data before committing it to the cloud.

Answer 14

Fog Computing

Question 15

all the processing of data storage is closer to the sensors rather than being thousands of miles away on a server at a data center

Answer 15

Edge Computing

Question 16

a client that has limited resources that are insufficient to run applications. It connects to a server and processes the application on its resources

Answer 16

Thin Client

Question 17

allows the isolation of an application and its files and libraries so that they are not dependent on anything else. It allows software developers to deploy applications seamlessly across various environments. ______ are used by Platform as a Service products.

Answer 17

Containers

Question 18

Traditional networks route packets via a hardware router and are decentralized; however in todays networks, people are using virtualization including cloud providers. A SDN is where packets are routed through a controller rather than traditional routers, which improves performance.

Answer 18

Software Defined Network (SDN)

Question 19

this gives you visibility of the network traffic use. It can collect and aggregate the data on the network traffic and provide good reports to the network administrators.

Answer 19

Software Defined Visibility

Question 20

is a virtual network that consists of cloud resources where the VMs for one company are isolated from the resources from another company. This is part of IaaS. VPCs can be isolated using public and private networks or segmentation.

Answer 20

Virtual Private Cloud (VPC)

Question 21

enforces the company’s policies between the on premise situation and the cloud. There is no group policy in the cloud. CASB has visibility of all cloud clients and is responsible for their security and rolling out updates

Answer 21

Cloud Access Security Broker (CASB)

Question 22

acts like a reverse proxy, content filter, and an inline NIPS. An example of this is Netskope, which provides advanced web security with advanced data and threat protection with the following features: Cloud Security, Remote Data Access, Managed Cloud Applications, Monitor and Assess.

Answer 22

Next Generation Secure Web Gateway (SWG)

Question 23

this is an enterprise version that can be installed on a computer without an operating system, called bare metal—examples are VMWare, Hyper-V, or Zen

Answer 23

Type I Hypervisor

Question 24

this needs an operating system such as Server 2016 or Windows 10, and then the hypervisor is installed like an application—examples are VM Virtual Box

Answer 24

Type II Hypervisor

Question 25

where an application is placed in its own VM for patching and testing, or because it is a dangerous application. You want these applications to be isolated from your network

Answer 25

Sandboxing

Question 26

this is like taking a picture with your camera—whatever the virtual machines setting is at the time is what you capture in another virtual machine instance. You might want to take a snapshot before you carry out a major upgrade of a VM, so that if anything goes wrong, you can roll the machine setting back to the original.

Answer 26

Snapshot

Question 27

this is where the virtual host is running out of resources or is overutilizing resources. This could end up with the host crashing and taking out the virtual network. A way to avoid this is to use thin provisioning; this means only allocating the minimum resources that your VM needs, gently increasing the resource required.

Answer 27

System Sprawl

Question 28

This is where an unmanaged VM has been placed on your network. Because the IT administrator doesn’t know its there, it will not be patched, and over time can be used for a VM escape attack

–the best ways to protect against this is to have robust security policies for adding VMs to the network and use either a NIDS or Nmap to detect new hosts.

Answer 28

VM Sprawl

Question 29

is where an attacker gains access to a VM, then attacks either the host machine that holds all the VMs, the hypervisor, or any of the other VMs

–way to protect against this is to ensure that the patches on the hypervisor and all VMs are always up to date

Answer 29

VM Escape