Cloud Infrastructure Flashcards

1
Q

Key Drivers for Virtualization

A
  1. SHARING underlying resources to enable more efficient and agile use of hardware
  2. Easier management through REDUCED personnel and maintenance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why is virtualization a key enabling technologies for cloud computing?

A

virtualization enables multitenancy and scalability; it separates compute environments from the physical hardware so that multiple operating systems and applications can run on a single machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Virtualization System Controls (Primary Features)

A
  1. Traffic Isolation - by using a specific security group and transmission encryption
  2. Guest Security - provided through ISOLATION concepts of hypervisor
  3. File and Volume Encryption
  4. Control of Image Provenance - image creation, distribution, storage, use, retirement and destruction
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

hypervisor

A

hypervisor is a computing layer that allows multiple operating systems to run simultaneously on the same piece of hardware, with each operating system seeing the machine’s resources as its own dedicated resources

In other words, hypervisors virtually divide a computer’s resources amongst several virtual machines (VMs) and manages the sharing of those resources between each VM.

Guest VMs are isolated software instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

List and describe the types of Hypervisors?

A

Type 1 hypervisors (also called bare metal hypervisors) run directly on the hardware

Type 2 hypervisors are software-based and run on an operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of Hypervisor is generally more vulnerable and why?

What makes other Hypervisor(s) more secure?

A

Type 2 hypervisors

OS and application vulnerabilities can be exploited and used to attack Type 2 hypervisors and their virtual machines

Type 1 hypervisors, however, generally have embedded operating systems that are tightly controlled by the vendor. This control lends itself to creating hardened operating systems that only have functionality necessary to operate the hypervisors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are security considerations with containers?

A
  1. Access to containers must be tightly controlled
  2. Images must be validated to ensure integrity (not tampered with)
  3. Have a process to patch and routinely update containers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cloud Orchestration

A

The end to end automation workflow or process that coordinates multiple lower level automations to deliver a resource or set of resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Software Defined Network (SDN)

A

System that allows VIRTUALIZATION of the network configuration and infrastructure

Allows reconfiguring the network through software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Layers/Planes of Software Defined Network

A

Management Plane
Control Plane
Data or Forwarding Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Software Defined Network Management Plane

A

Used to provision, configure, and de-provision all cloud resources external and internal CSP customers

Integrates authentication, access control, while also monitoring and logging of resources used

The business applications that manage the underlying Control plane are exposed with northbound interfaces (e.g. exposes control plane to applications that will consume via API)

If compromised then the whole infrastructure could be compromised

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Software Defined Network Control Plane

A

Connects provisioned resources to each other as specified by each individual tenant into segregated networks

Used to interface with devices in the Data plane through southbound interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Software Defined Network Data/Forwarding Plane

A

Used to transfer individual tenant data to and from the specific tenants provisioned virtual compute and storage resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Software Defined Wide Area Network (SD-WAN)

What are the benefits of SD-WAN

A

An extension of SDN that tis used to connect entities via the internal network (internet)

Benefits:

  • Minimizes on-premise hardware procurement and management
  • Micro-segmentation of traffic types (broadband, MPLS, customer/corporate facing, etc.) for greater performance
  • Support for security integration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are compute resources of a CSP

A

Number of CPUs

Amount of RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can be used to help administrators allocate compute resources to a host? How does it/they do so?

A

Reservation - guarantees MINIMUM for resources allocation

Limit - MAXIMUM ceiling for resource allocation, this can be fixed or expandable

Shares - a way to manage issues with computer resources during contention situations by using PRIORITIZATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Network Attached Storage (NAS)

A

Storage array/enclosure to allow USERS to store and retrieve data LOCALLY (on the LAN)

Uses common data transfer protocols such as SMB and CIFS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Storage Area Network (SAN)

A

Network of storage devices (disks, tapes, CD’s, etc.) for SERVERS to access

Not user facing (e.g no direct user access), Users request data from server, servers use SAN storage to retrieve

SAN users higher end faster protocols such as iSCSI, Fibre Channel or FCoE (Fibre-Channel over Ethernet)

19
Q

Virtual Storage Area Network (SAN)

A

Using Fibre-Channel switch to separate a SNA into different logical networks similar to transitional VLANs

20
Q

Hyper Converged Infrastructure (HCI)

A

The combining or clustering of storage, compute, and networking nodes for high availability, load balancing, and centralized management

21
Q

Cloud Interoperability Goal

A

Provide seamless service consumption and management between standalone services and CSPs

22
Q

List and describe facets of Cloud Interoperability

A
  1. Policy - having multiple systems interoperate while complying with laws, regulations, and organizational mandates (governance)
  2. Behavioral - the exchange of information matches the expected outcome
  3. Transport - using communication standards between cloud consumers and CSP (e.s. using HTTPS)
  4. Syntactic - multiple systems understanding each others exchange of information through encoding syntaxes (e.g. using JSON and XML)
  5. Semantic data - the systems exchanging information can understand the meaning of the data model within the context (ex VM, containers, storage, network concepts)
23
Q

Cloud Data Portability Goal

A

to enable cloud customers to move their data/application between standalone services and CSPs

24
Q

List and describe facets of Cloud Portability

A
  1. Policy - transfer of data from source to target system so that governance is being followed
  2. Syntactic - transfer of data from source to target system using formats that the target system can understand (e.g. XML or JSON)
  3. Semantic - transfer of data from source to target system so the data model is understood within the context of the subject area by the target
25
Q

Physical Data Center Environment Goal

A

No single point of failure should exist in the system

26
Q

List Features of Cloud Computing Network Functionality

A
Address Allocation
Access Control
Bandwidth Allocation
Rate Limiting
Filtering
Routing
27
Q

List main types of fire detectors

A
  1. Flame detector (photoelectric - ultraviolet, infrared, visible light)
  2. Smoke detector (photoelectric or ionization)
  3. Heat detector ( rate of rise or fixed temperature)
28
Q

List class of fire and appropriate/popular suppression agent

A

Class A (Hint: Ash) - Common Combustibles > suppressants: Water and foam

Class B (Hint: Boil) - Combustible Liquids > suppressants: Gas, foam, dry chemicals, etc.

Class C (Hint: Current) - Electric Equipment > Gas, dry chemicals, etc.

Class D (Hint: Dentable) - Combustible Metal > suppressants: Dry powders, Dry sand, etc.

Class E (Hint: Kitchen) - Cooking Media > suppressants: Wet chemicals like Potassium Acetate - creates soapy foam layer to hold in vapors and steam in order to smother the fire

29
Q

What will each of the following suppress/stop?

a. water
b. soda acid
c. C02
d. dry power
e. Halon
f. Foam

A

a. temperature
b. fuel supply
c. oxygen
d. fuel supply
e. chemical reaction
f. flammable or combustible vapors

30
Q

List Gas Suppressants that are used to starve fire of oxygen along with if they are safe for exposure to people

A
  1. Halon - was widely used but is known to leave RESIDUE and depletes the ozone layer; not safe for people
  2. Aero-K - an aerosol POTASSIUM compound. Does not damage metals or electronics or media; safe for people
  3. FM-200 - a colorless liquefied compressed gas that leaves no residue; Permissible for use around people at designated concentration
31
Q

List and describe Water Sprinkler system

A
  1. Wet pipe - contains water under pressure
  2. Dry pipe - contains air under pressure - fire causes sprinkler to open, air pressure drops and opens water valve
  3. Pre-action - contains air under pressure to detect pipe leak - two detectors to release the water valve
  4. Deluge - pipes empty, not pressurized, all sprinkler heads are open and ready to deploy water when activated; used in hazardous areas where fire is catastrophic (think gun manufacturing plant or chemical plant)
32
Q

Data Center Best Practices

A
  1. Data center should not touch first floor or outside walls; should be in the center of building
  2. Safe location to prevent outside access - higher floor
  3. If it does touch outside walls be sure windows are shatter proof and one way glass to conceal contents
  4. Recommended height for a raised floors in a data center is 24”
33
Q

Environmental Hot and Cold Aisles

A

racks of equipment face opposite direction, back to back forming aisles

cold air enters the aisles in the front of the servers so it can be drawn into them

hot air goes to the back of the machines forming the hot aisles and heat is pulled back into the HVAC system to be cooled and recirculated

34
Q

Positive Pressuriztion

A

Air pressure in data center is higher inside than the outside

Net effect is that you are blowing contaminants outward

35
Q

What is the recommended humidity for computers?

A

+50%, -10%

40% - 60%

36
Q

What does low and high humidity for computers cause?

A

Low - static discharge, which could degrade or destroy sensitive electronics

High - condensation which could lead to data loss due to short circuits or corrosion

37
Q

Recommended temperature setting for data centers according to ASHRAE?

What would allow temperature to be higher and how much higher, what is the benefit?

A

64-81° Fahrenheit
18-27° Celcius

New economization specifications for data center HVAC systems allow for higher ambient air temperature settings of either A3 - 104° F and A4 - 116° F; saving the data center from high air cooling costs

38
Q

List and describe types of Data Center cooling systems

A

Latent cooling - HVAC system removes moisture

Sensible cooling - HVAC system removes heat that is measured by a thermometer

39
Q

Zero Trust Steps

A
  1. Identify the protect surface
  2. Map the transaction (data) flow for your sensitive data
  3. Build zero trust architecture (ZTA)
  4. Create zero trust policy (automated rule base)
  5. Continuously monitor and maintain
40
Q

Micro-segmentation

A

A principle design and activity of the Zero Trust Model, which aids in the protecting against dynamic threats

Fundamental design requirement is to understand the protection requirements for both:

east-west - traffic within the data center
north-south - traffic to and from the internet traffic flwos

41
Q

List Cloud Attack Vectors

A
  1. Guest Escape
  2. Identity Compromise
  3. API Compromise
  4. Attacks on providers infrastructure and facilities
  5. Attacks on the intermediary infrastructure (cloud carrier)
42
Q

Cyber Kill Chain

A

A framework for the identification and prevention of cyber intrusions activity

Enterprise, AHEAD OF TIME, needs to implement controls that deter, detect, prevent, correct malicious activity

43
Q

List Seven Steps in the Cyber Kill Chain model

A
  1. Reconnaissance - identify the targets
  2. Weaponization - prepare the operation
  3. Delivery - launch the operation
  4. Exploitation - gain access to victim
  5. Installation - established foothold at the victim
  6. Command and Control (C2) - remotely control the implants
  7. Actions of Objective - achieve the mission’s goal