Cloud Processes Flashcards
What are the steps to Cloud Hardening Practices?
- Isolate (4)
Networks
Cloud Mgmt Networks ie PROD/ DEV
IP storage network
Subscriber data network - SP isolates custom data
networks from mgmt networks - Secure (2)
Subscriber Access to Resources – supply w/ mgmt
console encrypted use SSL
Restoration of Svc - opt secure restoration of Svcs - Strong Authentic / Authorize – use least privilege
- Lib of secure templates – misconfiguration is sec risk,
stored in Repos or LIB of templates, Keep templates
patch and update - Resource Mgmt = used to prevent DoS
What are the (4) Cloud Hardening Isolate steps?
What do we isolate?
- Networks
- Cloud Mgmt Networks ie PROD/ DEV
- IP storage network
- Subscriber data network - SP isolates custom data
networks from mgmt networks
What are the (2) Cloud Hardening Secure steps?
What do we Secure?
- Subscriber Access to Resources – supply w/ mgmt
console encrypted use SSL - Restoration of Svc - opt secure restoration of Svcs
What is Due Diligence with Cloud? (4)
- EULA/SLAs – good to meet operational rqmts.
- ISO 27001: method to demonstrate implem of good
SEC practices. (FISMA) - SSAE 16: These reports required by customers w/
SOX Sarbanes Oxley (SOX) - SOC 2/3: Svc org relevant to Security, Availability,
processing, Integrity, Confidentiality, or Privacy.
Report beyond traditional FIN audit scope.
Which of the following is the BEST way to mitigate the security and privacy issues associated with cloud computing?
A. Allowing only cloud administrators to have access to cloud resources
B. Removing firewalls and access control routers from the network
C. Implementation and enforcement of a comprehensive security policy
D. Removing virtualized hardware from the organization
C. Implementation and enforcement of a comprehensive security policy
Purpose of FEDRAMP CONOPS? (3)
- (FISMA) Ensure cloud-based svcs have adequate info
Sec
2.(DeDupe) Eliminate duplication of effort and reduce
risk mgmt costs - (Elasticity/On Demand) Enable rapid and cost-
effective procurement of info sys/svcs for federal
agencies
- FEDRAMP CONOPS: *Exam
Which of the following is a definition of virtualization?
A. Virtualization is a method to organize servers in a more efficient manner to double the number of
accessible users
B. Virtualization is a set of techniques for hiding software resources behind hardware abstractions.
C. Virtualization is a set of techniques for hiding hardware resources behind software abstractions.
D. Virtualization is a method to structure data in a more efficient manner with less cost to the user.
C. Virtualization is a set of techniques for hiding hardware resources behind software abstractions.
How does scalability work with cloud computing?
A. Servers and storage can be added quickly.
B. Servers and storage can be released quickly.
C. Users can be added and removed quickly.
D. All of the above is correct.
D. All of the above is correct.
Which of the following can be deployed by a cloud provider to reduce storage costs?
A. Journaling file systems
B. Two-factor authentication
C. Data de-duplication
D. Data encryption
C. Data de-duplication
What are Cloud Service Subscribers leading practices for Hardening (5)?
- Secure OS *same in cloud as data center
2.Encrypt Critical data *Adds layer protection - Security Compute profile *Patches, AV status, File level
access restrictions same as internal corporate network - OS Mgmt *Virtual machines patches incl DMZ
- Security Authentication/Authorization * i.e.: multi-
factor in user instances, AC & failures through portal or
via method to pull data back to Enterprise
Top SLA Factors(14)?
- Change Cntl, CM, CR
- Data Asset Mgmt
- DR/ BCP
- Secure Config/Server Hardening
- Malware / IPS
- Network Vuln / PEN Testing
- SW Lifecycle / Patch Mgmt
- Security Incident Handling
- Secure Network Protocols / Data Transport
- Security Event Logging
- Secure Application / Program Interfaces
- Data Protection/Portability/Retention/Destruction
- Encryption / Key Mgmt
- Application / Db Logging
Key Attribute of Cloud Networking (5)?
- Scalability
- Low Latency
- Reliable APIs * REST, SOAP, Java Script
- Program Mgmt *Reduce long term costs, Pkt
prioritizing, SDN, OpenFlow - Self Heal Resiliency *Containers
Which of the following can cause user response times to deteriorate?
A. High CPU usage and low network bandwidth
B. High network latency and high volume of data stored
C. Low network bandwidth and high network latency
D. Low network bandwidth and high volume of data stored
B. High network latency and high volume of data stored
What is SDN?
Software Defined Netwkg
What Protocol does SDN use?
OpenFlow Protocol