Cloud Processes

Question 1

What are the steps to Cloud Hardening Practices?

Answer 1

1. Isolate (4)
   Networks
   Cloud Mgmt Networks ie PROD/ DEV
   IP storage network
   Subscriber data network - SP isolates custom data
   networks from mgmt networks
2. Secure (2)
   Subscriber Access to Resources – supply w/ mgmt
   console encrypted use SSL
   Restoration of Svc - opt secure restoration of Svcs
3. Strong Authentic / Authorize – use least privilege
4. Lib of secure templates – misconfiguration is sec risk,
   stored in Repos or LIB of templates, Keep templates
   patch and update
5. Resource Mgmt = used to prevent DoS

Question 2

What are the (4) Cloud Hardening Isolate steps?

What do we isolate?

Answer 2

1. Networks
2. Cloud Mgmt Networks ie PROD/ DEV
3. IP storage network
4. Subscriber data network - SP isolates custom data
   networks from mgmt networks

Question 3

What are the (2) Cloud Hardening Secure steps?

What do we Secure?

Answer 3

1. Subscriber Access to Resources – supply w/ mgmt
   console encrypted use SSL
2. Restoration of Svc - opt secure restoration of Svcs

Question 4

What is Due Diligence with Cloud? (4)

Answer 4

1. EULA/SLAs – good to meet operational rqmts.
2. ISO 27001: method to demonstrate implem of good
   SEC practices. (FISMA)
3. SSAE 16: These reports required by customers w/
   SOX Sarbanes Oxley (SOX)
4. SOC 2/3: Svc org relevant to Security, Availability,
   processing, Integrity, Confidentiality, or Privacy.
   Report beyond traditional FIN audit scope.

Question 5

Which of the following is the BEST way to mitigate the security and privacy issues associated with cloud computing?

A. Allowing only cloud administrators to have access to cloud resources
B. Removing firewalls and access control routers from the network
C. Implementation and enforcement of a comprehensive security policy
D. Removing virtualized hardware from the organization

Answer 5

C. Implementation and enforcement of a comprehensive security policy

Question 6

Purpose of FEDRAMP CONOPS? (3)

Answer 6

1. (FISMA) Ensure cloud-based svcs have adequate info
   Sec
   2.(DeDupe) Eliminate duplication of effort and reduce
   risk mgmt costs
2. (Elasticity/On Demand) Enable rapid and cost-
   effective procurement of info sys/svcs for federal
   agencies

• FEDRAMP CONOPS: *Exam

Question 7

Which of the following is a definition of virtualization?

A. Virtualization is a method to organize servers in a more efficient manner to double the number of
accessible users
B. Virtualization is a set of techniques for hiding software resources behind hardware abstractions.
C. Virtualization is a set of techniques for hiding hardware resources behind software abstractions.
D. Virtualization is a method to structure data in a more efficient manner with less cost to the user.

Answer 7

C. Virtualization is a set of techniques for hiding hardware resources behind software abstractions.

Question 8

How does scalability work with cloud computing?

A. Servers and storage can be added quickly.
B. Servers and storage can be released quickly.
C. Users can be added and removed quickly.
D. All of the above is correct.

Answer 8

D. All of the above is correct.

Question 9

Which of the following can be deployed by a cloud provider to reduce storage costs?

A. Journaling file systems
B. Two-factor authentication
C. Data de-duplication
D. Data encryption

Answer 9

C. Data de-duplication

Question 10

What are Cloud Service Subscribers leading practices for Hardening (5)?

Answer 10

1. Secure OS *same in cloud as data center
   2.Encrypt Critical data *Adds layer protection
2. Security Compute profile *Patches, AV status, File level
   access restrictions same as internal corporate network
3. OS Mgmt *Virtual machines patches incl DMZ
4. Security Authentication/Authorization * i.e.: multi-
   factor in user instances, AC & failures through portal or
   via method to pull data back to Enterprise

Question 11

Top SLA Factors(14)?

Answer 11

1. Change Cntl, CM, CR
2. Data Asset Mgmt
3. DR/ BCP
4. Secure Config/Server Hardening
5. Malware / IPS
6. Network Vuln / PEN Testing
7. SW Lifecycle / Patch Mgmt
8. Security Incident Handling
9. Secure Network Protocols / Data Transport
10. Security Event Logging
11. Secure Application / Program Interfaces
12. Data Protection/Portability/Retention/Destruction
13. Encryption / Key Mgmt
14. Application / Db Logging

Question 12

Key Attribute of Cloud Networking (5)?

Answer 12

1. Scalability
2. Low Latency
3. Reliable APIs * REST, SOAP, Java Script
4. Program Mgmt *Reduce long term costs, Pkt
   prioritizing, SDN, OpenFlow
5. Self Heal Resiliency *Containers

Question 13

Which of the following can cause user response times to deteriorate?

A. High CPU usage and low network bandwidth
B. High network latency and high volume of data stored
C. Low network bandwidth and high network latency
D. Low network bandwidth and high volume of data stored

Answer 13

B. High network latency and high volume of data stored

Question 14

What is SDN?

Answer 14

Software Defined Netwkg

Question 15

What Protocol does SDN use?

Answer 15

OpenFlow Protocol

Question 16

How does SDN work?

Why is it popular?

Answer 16

Control is decoupled from hardware (where traffic destination occurs) and given to SW application called controller

1. Dynamic, manageable, cost-effective, adaptable, ideal
   for high-bandwidth
2. Could improve automated Malware Quarantine AMQ
   & Security zones across layers

Question 17

Leading practices SDN?

Answer 17

1. SSL/TLS btw controller / Switch
2. Develop threat stategy to avoid certain malware
   attacks

Question 18

Warnings or issues with SDN?

Answer 18

• Defense in Depth – security must be implement all
  layers of SDN
• Single point failure

Question 19

Security Advantages of Virtualization?(3)

Answer 19

1. Better Forensics, faster recovery after attack
2. Patch safer/more effective i.e.: rollbacks
3. More cost effective sec devices: i.e.: IDS, Vulnerability scanner, appliances, uses VMs…

Question 20

Virtual Infrastructure (Best Practices)?

Answer 20

Use basic principals like:

1. Hardening / lock-down
2. Defense in Depth
3. Authorization/ Authentication/ Accounting
4. Sep of Duties & Least Privilege
5. Admin Controls

Question 21

What are the (6) Greatest Virtualization Attack Vectors ?

Answer 21

1. Hyper V
2. VM Escape
3. VLAN Attacks
4. VM Theft
5. Hyper Jacking
6. VM Hopping

Question 22

How does Hyper-V occur?

Answer 22

Vulnerability: Escalation of Privilege function parameter in hyper call from existing running VM to hyper-visor

Question 23

How does VM Escape occur?

Answer 23

Breaking out of VM w/ host OS

Question 24

How does VLAN Attacks occur?

Answer 24

Attacking Network resources on VLAN (VLAN hopping) by Switch Spoofing / Double Tagging. Fix Switch port config.

Question 25

How does VM Theft occur?

Answer 25

Ability to steal VM file electronically. Mount and run later.

Question 26

How does Hyper Jacking occur?

Answer 26

(Physical) Insert Rogue hyper-visor. Hacker can control any VM running on physical server

Question 27

How does VM Hopping occur?

Answer 27

Hacker jumps from one Virtual Server to other on same physical HW

Question 28

MelStar has BU policy to take complete BU of their IT system and move that offsite using portable HDD? Org uses snapshot BU for their VMs. Which security threat is this BU most prone to?

A. VM Escape
B. Hyper Jacking
C. VM Hopping
D. VM Theft

Answer 28

D. VM Theft

Question 29

ABC Co has bus requirement for creating multi Sec zones btw data and transport layer. Choose one. 
A. SDN
B. Controller
C. SDN Service Mgr
D. AMQ

Answer 29

A. SDN

Question 30

An attacker subscribes to cloud svc as consumer. From the VM that has been allocated, it tries to get access to VMs of other consumers and manages to get access to VMs on same physical server. What kind of attack generated?
A. VM Hopping
B. VM Escape
C. VM Theft
D. VM Jacking

Answer 30

A. VM Hopping