Chapter 6 Flashcards

1
Q

Cloud Computing

A

Is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Multitenancy

A

Many different customers share access to the same physical resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Isolation Controls

A

Cloud provider is responsible for implementation isolation controls that prevent the actions of one customer from interfering with or accessing data from another customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Software as a Service (SaaS)

A

Offerings provide a customer with a complete application that is built and maintained by the service provider and runs in an infrastructure that is either operated or procured by the service provider. The customer of an SaaS offering typically accesses the service through a web browser and performs only limited application configuration. Almost all the responsibility for operating the service rests in the hands of the cloud service provider and, possibly, other cloud service providers who offer the SaaS provider access to underlying infrastructure resources. Example: Gmail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Infrastructure as a Service (IaaS)

A

Offerings operate under a very different service model. SaaS offerings endeavor to hide implementation details from the customer, but IaaS offerings expose basic infrastructure building blocks that customers may use to design and implement their own service offerings. These offerings include compute processing, storage, networking, and other basic components of a technology infrastructure. Includes greater responsibility for monitoring, management and security. Examples: AWS, Azure and Google Compute Platform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Platform as a Service (PaaS)

A

Approaches occupy a middle ground between SaaS and IaaS services. In this approach, the service provider operates an infrastructure that is fully managed and configurable to run customer applications. Customers then deploy applications that they either developed themselves or purchased from vendors onto the service provider’s platform, where they run with minimal customer management. Example: Heroku

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Function as a Service (FaaS)

A

Cloud customers are increasingly embracing a technology called FaaS that allows for a serverless application architecture. Developers write functions in common programming languages and can then configure the FaaS platform to execute (or “trigger”) those functions in response to events. Functions deployed in this manner are discrete units of code that are easily scaled to millions, or even billions, of executions per day. Example: Lambda

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Public Cloud

A

Public cloud service providers deploy infrastructure and then make it accessible to any customers who wish to take advantage of it in a multitenant model. A single customer may be running workloads on servers spread throughout one or more datacenters, and those servers may be running workloads for many different customers simultaneously.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Private Cloud

A

Used to describe any cloud infrastructure that is provisioned for use by a single customer. This infrastructure may be built and managed by the organization that will be using the infrastructure, or it may be built and managed by a third party. The key distinction here is that only one customer uses the environment. For this reason, private cloud services tend to have excess unused capacity to support peak demand and, as a result, are not as cost efficient as public cloud services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Community Cloud

A

Service shares characteristics of both the public and private models. Community cloud services run in a multitenant environment, but the tenants are limited to members of a specifically designed community. Community membership is normally defined based on shared mission, similar security and compliance requirements, or other commonalities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Hybrid Cloud

A

Is a catch-all term used to describe cloud deployments that blend public, private, and/or community cloud services together. It is not simply purchasing both public and private cloud services and using them together. Hybrid cloud requires the use of technology that unifies the different cloud offerings into a single coherent platform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Bursting

A

For example, a firm might operate their own private cloud for the majority of their workloads and then leverage public cloud capacity when demand exceeds the capacity of their private cloud infrastructure. This approach is known as public cloud bursting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Shared Responsibility Model = Security of IaaS, PaaS, SaaS - Data -> Application -> OS -> Hardware -> Datacenter

A

IaaS = Data, Application, OS - Customer Responsbilities
Hardware & Datacenter = Shared Responsibilities
PaaS = Data - Customer Responsibility
Application - Shared Responsiblities
OS, Hardware, DataCenter - Shared Responsiblity
SaaS = Data - Shared
Application, OS, Hardware, Datacenter - Vendor Responsiblities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Infrastructure as a Code (IaC)

A

Is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing solutions. IaC is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. IaC is one of the key features of all major IaaS environments, including AWS, Microsoft Azure, and Google Cloud Platform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Advantages of using IaC

A
  • Increasing the reusability of code
  • Reducing the time spent by operations team creating infrastructure components
  • Increasing the speed of infrastructure creation
  • Reducing the likelihood of configuration errors by leveraging common templates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

API

A

APIs are standard interfaces used to interact with web-based services in a programmatic fashion. Cloud service providers create APIs and then expose them to their customers to allow customer code to provision, manage, and deprovision services.

17
Q

API Keys

A

Similar to passwords. When a user sends a request through an API, they also send their API key to authenticate the request. Cloud provider validates the API key and checks that the user, system, or application associated with that key is authorized to perform the requested action.

18
Q

Three Open Source Cloud Assessment Tools

A

ScoutSuite, Pacu and Prowler

19
Q

ScoutSuite

A

Is a multicloud auditing tool that reaches into the users accounts with cloud service providers and retrieves configuration information using those services API’s. Deeply probes the service configuration and searches for potential security issues

20
Q

Pacu

A

Is not a scanning tool but rather a cloud-focused exploitation framework, similar to Metasploit. Works specifically with AWS accounts and is designed to help attackers determine what they can do with the access they have to an existing AWS account.

21
Q

Prowler

A

Is a security configuration testing tool, quite similar to ScoutSuite in purpose. Prowler performs deeper testing of some parameters, but it is limited to scanning AWS environments.

22
Q

Cloud Access Security Brokers (CASBs)

A

Software tools that serve as intermediaries between cloud service users and cloud service providers. This positioning allows them to monitor user activity and enforce policy requirements.

23
Q

Inline CASB Solution

A

Physically or logically reside in the connection path between the user and the service. They may do this through a hardware appliance or an endpoint agent that routes requests through the CASB. This approach requires configuration of the network and/or endpoint devices. It provides the advantage of seeing requests before they are sent to the cloud service, allowing the CASB to block requests that violate policy.

24
Q

API-based CASB

A

Do not interact directly with the user but rather interact directly with the cloud provider through the provider’s API. This approach provides direct access to the cloud service and does not require any user device configuration. However, it also does not allow the CASB to block requests that violate policy. API-based CASBs are limited to monitoring user activity and reporting on or correcting policy violations after the fact.

25
Q

Describe the 4 Types of Cloud Services

A

Infrastructure as a service (IaaS) offerings provide customers with access to storage, computing, and networking capabilities—the basic building blocks of technology solutions. Software as a service (SaaS) offerings provide customers with a complete application, built and managed by the provider. Platform as a service (PaaS) offerings allow customers to run their own applications on an infrastructure managed by the provider. Function as a service (FaaS) offerings allow customers to execute discrete units of code on the provider’s infrastructure.