Cloud Computing

Question 1

Describe Infrastructure as a Service (IaaS)

Answer 1

Provides virtualized computing resources
Third party hosts the servers with hypervisor running the VMs as guests

Question 2

Provide 2 examples of IaaS

Answer 2

AWS, Microsoft Azure, Google Cloud

Question 3

Describe Platform as a Service (Paas)

Answer 3

Geared towards software development
Hardware and software hosted by provider
Provides ability to develop without having to worry about hardware or software
e.g: Heroku, SalesForce

Question 4

Provide 2 examples of PaaS

Answer 4

AWS Lambda, Google App Engine

Question 5

Describe Software as a Service (SaaS)

Answer 5

Software that is centrally hosted and managed for the end customer.

Question 6

Describe Identity-as-a-Service (IDaaS)

Answer 6

Managed authentication services

Question 7

Provide 2 examples of SaaS

Answer 7

adobe photoshop, zendesk

Question 8

Describe Security-as-a-Service (SECaaS)

Answer 8

Integrates security services into corporate infrastructure

Question 9

Provide 3 examples of SECaaS

Answer 9

penetration testing * authentication * intrusion detection * anti-malware * security and incident management.

Question 10

Describe Container-as-a-Service (CaaS)

Answer 10

cloud-based service offering management and hosting of containers

Question 11

Provide 3 examples CaaS

Answer 11

Kubernetes, Docker Swarm, and Microsoft Azure

Question 12

Describe Function-as-a-Service (FaaS)

Answer 12

Provides a platform allowing to develop, run, and manage functionalities without any infrastructure effort.

Question 13

Provide 2 examples of FaaS

Answer 13

AWS Lambda, Google Cloud Functions, Azure Functions

Question 14

Describe the Private cloud model of Cloud Deployment Models

Answer 14

Provisioned for exclusive use of single organization

Question 15

Describe the Public cloud model of Cloud Deployment Models

Answer 15

Provisioned for open use by the general public

Exists on the premises of the cloud provider.

Question 16

Describe the Community cloud model of Cloud Deployment Models

Answer 16

Shared infrastructure between several organizations with shared concerns (e.g. compliance)

Question 17

Describe the Multi cloud model of Cloud Deployment Models

Answer 17

Multi-cloud is a environment where an organization leverages two or more cloud computing platforms to perform various tasks

Question 18

Name the 5 components of NIST definition of cloud computing

Answer 18

1 - On-demand self-service
2 - Broad network access
3 - Resource pooling - shared underlying
4 - Rapid elasticity - instant scalability
5 - Measured service - Metering

Question 19

What are the 3 types of cloud defined by the NIST?

Answer 19

Software as a Service (SaaS),

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Question 20

What is the NIST definition of Cloud Consumer?

Answer 20

User of the cloud products and services

Question 21

What is the NIST definition of Cloud Provider?

Answer 21

Delivers cloud computing based products and services

Question 22

What is the NIST definition of Cloud Auditor?

Answer 22

independent assessor of cloud services

Question 23

What is the NIST definition of Cloud Broker?

Answer 23

Manages the use, performance and delivery of cloud services

Question 24

What is the NIST definition of Cloud Carrier?

Answer 24

Provides connectivity and transport of cloud services from providers to consumers.

Question 25

Describe Trusted Computing (TC)

Answer 25

Attempts to resolve computer security problems through hardware enhancements

Roots of Trust (RoT): set of functions within TCM that are always trusted by the OS

Question 26

What is the Cloud Wrapping attack?

Answer 26

XML rewriting attack

Changes the content of the signed part without invalidating the signature

sending/replaying envelope with changed data.

Question 27

What is the Cloud Session riding?

Answer 27

CSRF in cloud

Question 28

What is the Cloud Side(effect) channel attack?

Answer 28

A side-channel attack is any attack based on the physical implementation of a system (as opposed to attacks which are based on an algorithm) which is performed via channels or mediums that are created as a side effect of the main operation of the attacked system

Question 29

Describe the Cloud Hopper attack?

Answer 29

Initiated by delivering malware through spear-phishing emails

Goal is to compromise the accounts of staff or cloud service firms to obtain confidential information

Question 30

Describe the Cloudborne attack?

Answer 30

BMCs are a third-party component designed to enable remote server management for initial provisioning, operating system reinstallation, and troubleshooting. The attacker then implants a backdoor that gives them direct access to the hardware itself

Question 31

Describe the Man-In-The-Cloud (MITC) attack

Answer 31

MITC attacks do not rely on compromising credentials and they do not require malicious code or exploits. Instead, cybercriminals infiltrate end-user machines, steal synchronization tokens directly from the computer’s registry and place them on different devices. Google Drive does not care which machine uses the token, as long as it’s authentic

Question 32

What is the Cloud security tool CloudInspect?

Answer 32

Penetration-testing as a service from Amazon Web Services for EC2 users

Question 33

What is the Cloud security tool CloudPassage Halo?

Answer 33

Automates cloud computing security and compliance controls

Question 34

What is the Cloud security tool privacy.sexy?

Answer 34

increases privacy by reducing third party cloud-based data collection
Can also be used to harden virtual machine images and OSes that are talking to cloud services