Chapter 8 Securing Public Servers Flashcards

1
Q

What is a Distributed Denial of Service (DDoS) attack?

A

A DDoS attack floods a network or host with excessive traffic, rendering it unavailable to legitimate users. Attackers use a botnet, a collection of infected computers, to launch these attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can DDoS attacks be mitigated?

A

DDoS attacks can be mitigated through techniques such as throttling (slowing down excessive traffic) and black hole routing (routing malicious traffic to a null destination).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is DNS hijacking?

A

DNS hijacking occurs when attackers redirect DNS queries, leading users to fake websites or altering search results. It can be mitigated by hardening DNS servers and implementing secure DNS protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is typo squatting?

A

Typo squatting is a form of URL hijacking where attackers create fake websites with similar names to popular ones, exploiting users’ typing mistakes to deceive them. User awareness and careful verification of URLs can help mitigate this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is session hijacking?

A

Session hijacking involves attackers gaining unauthorized access to an authenticated user’s session. Mitigation involves implementing secure web application practices, such as setting the “HTTP Only” flag for cookies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a pass-the-hash attack?

A

A pass-the-hash attack exploits password hashes stored in memory to gain unauthorized access to network resources. Mitigation involves using updated operating systems that prevent the retrieval of password hashes from memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Managed Security Service Provider (MSP)?

A

An MSP is a third-party provider that offers outsourced cybersecurity services, including 24/7 security monitoring, vulnerability scans, and penetration testing to mitigate attacks and enhance overall security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a monolithic app?

A

A monolithic app is a large program that is not broken down into smaller components. It is not how modern software development is done.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are containers?

A

Containers are lightweight, isolated environments that contain application files and dependencies. They run on a host operating system and do not require a separate operating system like virtual machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Docker?

A

Docker is a popular containerization engine that allows the management and deployment of containers. It enables developers to package their applications and dependencies into containers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do containers differ from virtual machines (VMs)?

A

Containers only contain application files and dependencies, while VMs contain an entire operating system. Containers start up quickly as they utilize the underlying host OS, unlike VMs that require the OS to start.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can containers be managed in Linux?

A

In Linux, Docker is installed as the container engine. Containers can be pulled from Docker Hub and run using the “docker run” command. They provide an isolated environment for running applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is software-defined networking (SDN)?

A

SDN is an approach that abstracts network configuration and management from physical network devices. It allows users to configure network settings easily through a GUI or command line without needing detailed knowledge of underlying network equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the benefits of using containers?

A

Containers provide portability, scalability, and rapid deployment of applications. They enable efficient utilization of resources, simplify application management, and improve software development workflows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does understanding containers help with security?

A

Understanding containers is crucial for securing environments. Containers can run services and applications that might not be visible when scanning the host OS. It is essential to have awareness of containerized services to properly secure the environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How are containers used in cloud computing?

A

Containers can be deployed in cloud-based virtual networks. This allows for easy creation and management of network components without needing in-depth knowledge of the underlying infrastructure. Software-defined networking interfaces facilitate this process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a hypervisor?

A

A hypervisor is an operating system that manages virtual machine guests. It supports the execution and management of multiple virtual machines on a single physical server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the two main types of hypervisors?

A

The two main types of hypervisors are type one (bare metal) and type two. Type one hypervisors run directly on the host’s hardware, while type two hypervisors run as an application on top of an existing operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the benefit of using on-premises hypervisors?

A

On-premises hypervisors provide full configuration control, allowing organizations to manage the hypervisor and virtual machines according to their specific requirements. However, they require upfront investment and ongoing support.

20
Q

What is the benefit of using cloud-based hypervisors?

A

Cloud-based hypervisors, provided by cloud service providers, offer the convenience of quickly deploying virtual machines without the need to manage the underlying infrastructure. Organizations can benefit from scalability, flexibility, and reduced hardware maintenance.

21
Q

What vulnerabilities exist with virtual machines?

A

Virtual machines are vulnerable to the same vulnerabilities as physical servers. It is necessary to patch the operating system, applications, and harden both the host and virtual machines. VM sprawl and VM escape are additional concerns that can increase the attack surface if not properly managed.

22
Q

What is VM sprawl?

A

VM sprawl refers to the proliferation of virtual machines without proper management. It can lead to forgotten or unused virtual machines, increasing the attack surface and resource consumption.

23
Q

What is VM escape?

A

VM escape is a type of attack where a malicious actor exploits vulnerabilities in a virtual machine to gain unauthorized access to the underlying hypervisor or host operating system. Proper patching and security measures are essential to prevent VM escape.

24
Q

How can virtual machines be hardened?

A

Virtual machines should undergo standard security practices such as patching, disabling unnecessary services and user accounts, implementing strong passwords, limiting internet visibility, and utilizing encryption. Hardening the underlying hypervisor is also crucial for overall security.

25
Q

How can virtual machines be encrypted?

A

Virtual machine encryption adds an extra layer of security by encrypting the virtual machine’s files and preventing unauthorized access. Encryption can be enabled through the hypervisor’s settings, requiring a decryption passphrase to access the VM.

26
Q

What is fog or edge computing?

A

Fog or edge computing refers to the concept of caching cloud-stored content on an on-premises device, allowing local access to the content for on-premises users. It provides faster access compared to accessing the content over the internet.

27
Q

How can on-premises networks be linked to the public cloud?

A

On-premises networks can be connected to the public cloud through internet connections using protocols like HTTP(S) or by establishing a site-to-site VPN to create a secure connection between the on-premises network and the cloud.

28
Q

What are the characteristics of cloud computing?

A

The characteristics of cloud computing include pooled resources, broad network access, self-service provisioning, rapid elasticity, metered usage, and a shared responsibility model between the cloud service provider and the customer.

29
Q

What is a public cloud?

A

A public cloud is a cloud deployment model where cloud services are provided over the internet and available to the general public. It is owned and managed by a cloud service provider, and customers have isolated environments and pay for the services they use.

30
Q

What is a private cloud?

A

A private cloud is a cloud deployment model where cloud services are used by a single organization. It is typically hosted on-premises or in a dedicated data center and offers more configuration flexibility but requires upfront capital investment and full responsibility for management.

31
Q

What is a hybrid cloud?

A

A hybrid cloud is a cloud deployment model that combines public and private clouds. It allows organizations to leverage the benefits of both models, with mission-critical workloads running in a private cloud and other workloads replicated or extended into the public cloud for scalability and redundancy.

32
Q

What is a community cloud?

A

A community cloud is a cloud deployment model designed to serve specific communities or industries with similar requirements. It caters to tenants with common cloud computing needs, such as government agencies, healthcare organizations, or financial institutions.

33
Q

What are the key considerations for cloud security?

A

Cloud security involves ensuring proper access controls, encryption of data, regular patching and hardening of virtual machines, monitoring and logging for security events, and understanding the shared responsibility model between the cloud service provider and the customer.

34
Q

What is Infrastructure as a Service (IaaS)?

A

Cloud provider manages infrastructure, customers manage virtual machines and networks.

35
Q

What is Platform as a Service (PaaS)?

A

Cloud provider manages infrastructure and middleware, customers focus on app development.

36
Q

What is Software as a Service (SaaS)?

A

Cloud provider delivers software applications, customers access and use them.

37
Q

Characteristics of IaaS?

A

Provider manages infrastructure, customers manage virtual machines and networks.

38
Q

Characteristics of PaaS?

A

Provider manages infrastructure and middleware, customers focus on app development.

39
Q

Characteristics of SaaS?

A

Provider delivers software applications, customers access and use them.

40
Q

Benefit of Managed Services/Serverless?

A

Provider manages infrastructure, customers focus on app development or tasks.

41
Q

Responsibility shift in cloud service models?

A

In IaaS, customers manage infrastructure; in PaaS, provider manages infrastructure; in SaaS, provider manages infrastructure and software.

42
Q

What are the responsibilities of cloud service providers (CSPs)?

A

CSPs are responsible for managing hardware, firmware updates, physical infrastructure in data centers, and certain software components in specific service models.

43
Q

What are the responsibilities of cloud customers or tenants?

A

Cloud customers are responsible for accessing the cloud, implementing alternate network connections, enabling cross-region replication, and implementing cloud security controls.

44
Q

What are some cloud security controls specific to the cloud environment?

A

Cloud security controls include CASB (Cloud Access Security Broker), SWG (Secure Web Gateway), network security groups (NSGs), policy enforcement tools like Azure Policy, and data loss prevention measures like Azure Information Protection (AIP).

45
Q

Why is monitoring important in cloud security?

A

Monitoring helps detect anomalies and suspicious activities in cloud services. It involves reviewing logs, aggregating log data, and analyzing it to ensure the security of cloud environments.

46
Q

What is log forwarding and why is it beneficial?

A

Log forwarding is the process of sending log data to a central monitoring system. It helps in aggregating and analyzing log data from various cloud services, making it easier to detect and respond to security incidents.