Chapter 4: Exploring Virtualization and Cloud Concepts Flashcards

1
Q

the cloud is like a pay as you go model where one day you can increase resources and then the next day you can scale down the resources. You can add more processor power, faster disks, more memory, or dual network cards whenever you want.

A

Elasticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

is the ability of a company to grow while maintaining a resilient infrastructure. The cloud enables a company to grow and to do so without the worry of needing to make capital expenditure while doing so.

A

Scalability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

most common cloud model, where CSP provides the cloud services multiple tenants. This is like being one of many people who rent an apartment in an apartment block.

A

Public Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

is where a company purchases all of its hardware or the CSP hosts them on separate servers from other companies. This gives them more control than other cloud models. They normally host their own cloud because they do not want to share resources with anyone else, but at the same time, their workforce has all of the mobile benefits of the cloud. The private cloud needs isolation from other companies, which is why they are single tenant. (Single Tenant)

A

Private Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

cloud type is where companies from the same industry collectively pay for a bespoke application to be written, and the cloud manufacturer host it.

A

Community Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

companies that decided not to host their company in the cloud are known as on-premise but during their peak time they may expand into the cloud—This is known as cloud bursting—mixture of both on premise and the cloud

A

Hybrid Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

provides security, rolls out updates, has visibility of devices, and enforces the company’s policies between the on-premises situation and the cloud.

A

Cloud Access Security Broker (CASB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cloud model–preconfiguring devices, install operating system, maintain patch management. –wit IaaS you install the operating system, configure, and patch it. This is the cloud service that you have more control over. The private cloud is the cloud model that gives you more control.

A

Infrastructure as a Service (IaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This is where the CSP hosts a bespoke software application that is accesses through a web server.
-bespoke vendor application that cannot be modified; you use it with a pay per use model

A

Software as a Service (SaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

this provides the environment for developers to create applications, an example of this is Microsoft Azure. The platform provides a set of services to support the development and operation of applications, rolling them out to iOS, Android devices, as well as Windows devices. You could migrate your bespoke software applications under PaaS. Bespoke means customized.

A

Platform as a Service (PaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

cloud model that provides Identity and Access Management (IAM): which provides identity management that allows people to have secure access to applications from anywhere at any time.

A

Security as a Service (SECaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

describes a multitude of other available cloud services, such as Network as a Service (NaaS)-providing network resources; Desktop as a Service (DaaS), Backup as a Service (BaaS); and many more—new services will appear under ____

A

Anything as a Service (XaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

will maintain the security environment for companies that will include enterprise firewalls, intrusion prevention and detection systems, and SIEM systems. They have a very highly skilled workforce who will take this away from a company.

A

Managed Security Service Provider (MSSP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

complements cloud computing by processing data from IoT devices. It allows you to analyze the data before committing it to the cloud.

A

Fog Computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

all the processing of data storage is closer to the sensors rather than being thousands of miles away on a server at a data center

A

Edge Computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

a client that has limited resources that are insufficient to run applications. It connects to a server and processes the application on its resources

A

Thin Client

17
Q

allows the isolation of an application and its files and libraries so that they are not dependent on anything else. It allows software developers to deploy applications seamlessly across various environments. ______ are used by Platform as a Service products.

A

Containers

18
Q

Traditional networks route packets via a hardware router and are decentralized; however in todays networks, people are using virtualization including cloud providers. A SDN is where packets are routed through a controller rather than traditional routers, which improves performance.

A

Software Defined Network (SDN)

19
Q

this gives you visibility of the network traffic use. It can collect and aggregate the data on the network traffic and provide good reports to the network administrators.

A

Software Defined Visibility

20
Q

is a virtual network that consists of cloud resources where the VMs for one company are isolated from the resources from another company. This is part of IaaS. VPCs can be isolated using public and private networks or segmentation.

A

Virtual Private Cloud (VPC)

21
Q

enforces the company’s policies between the on premise situation and the cloud. There is no group policy in the cloud. CASB has visibility of all cloud clients and is responsible for their security and rolling out updates

A

Cloud Access Security Broker (CASB)

22
Q

acts like a reverse proxy, content filter, and an inline NIPS. An example of this is Netskope, which provides advanced web security with advanced data and threat protection with the following features: Cloud Security, Remote Data Access, Managed Cloud Applications, Monitor and Assess.

A

Next Generation Secure Web Gateway (SWG)

23
Q

this is an enterprise version that can be installed on a computer without an operating system, called bare metal—examples are VMWare, Hyper-V, or Zen

A

Type I Hypervisor

24
Q

this needs an operating system such as Server 2016 or Windows 10, and then the hypervisor is installed like an application—examples are VM Virtual Box

A

Type II Hypervisor

25
Q

where an application is placed in its own VM for patching and testing, or because it is a dangerous application. You want these applications to be isolated from your network

A

Sandboxing

26
Q

this is like taking a picture with your camera—whatever the virtual machines setting is at the time is what you capture in another virtual machine instance. You might want to take a snapshot before you carry out a major upgrade of a VM, so that if anything goes wrong, you can roll the machine setting back to the original.

A

Snapshot

27
Q

this is where the virtual host is running out of resources or is overutilizing resources. This could end up with the host crashing and taking out the virtual network. A way to avoid this is to use thin provisioning; this means only allocating the minimum resources that your VM needs, gently increasing the resource required.

A

System Sprawl

28
Q

This is where an unmanaged VM has been placed on your network. Because the IT administrator doesn’t know its there, it will not be patched, and over time can be used for a VM escape attack

–the best ways to protect against this is to have robust security policies for adding VMs to the network and use either a NIDS or Nmap to detect new hosts.

A

VM Sprawl

29
Q

is where an attacker gains access to a VM, then attacks either the host machine that holds all the VMs, the hypervisor, or any of the other VMs

–way to protect against this is to ensure that the patches on the hypervisor and all VMs are always up to date

A

VM Escape