Cloud Security Flashcards

1
Q

Cloud Computing

A

§ A way of offering on-demand services that extend the traditional capabilities of a computer or network
§ Cloud computing relies on virtualization to gain efficiencies and cost savings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Hyperconvergence

A

Hyperconvergence allows providers to fully integrate the storage, network, and
servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Virtual Desktop Infrastructure

A

VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Virtual Desktop Infrastructure

A

VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

secure enclave

A

A secure enclave provides CPU hardware-level isolation and memory encryption on every server, by isolating application code and data from anyone with privileges, and encrypting its memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cloud Types

A
  • Public Cloud
  • Private Cloud
  • Hybrid Cloud
  • Community Cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Public Cloud

A

A service provider makes resources available to the end users over the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Private Cloud

A

§ A company creates its own cloud environment that only it can utilize as an internal enterprise resource
§ A private cloud should be chosen when security is more important than cost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Community Cloud

A

Resources and costs are shared among several different organizations who have common service needs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Software as a Service

A

Provides all the hardware, operating system, software, and applications needed for a complete service to be delivered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Infrastructure as a Service

A

Provides all the hardware, operating system, and backend software needed in order to develop your own software or service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Platform as a Service

A

Provides your organization with the hardware and software needed for a specific service to operate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Security as a Service

A

§ Provides your organization with various types of security services without the need to maintain a cybersecurity staff
§ Anti-malware solutions were one of the first SECaaS products

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

File Servers

A

Servers are used to store, transfer, migrate, synchronize, and archive files for your organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

FTP Server

A

§ A specialized type of file server that is used to host files for distribution across the web
§ FTP servers should be configured to require TLS connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Domain Controller

A

A server that acts as a central repository of all the user accounts and their associated passwords for the network

17
Q

Virtual Private Cloud

A

o A private network segment made available to a single cloud consumer within a public cloud
o The consumer is responsible for configuring the IP address space and routing within the cloud
o VPC is typically used to provision internet-accessible applications that need to be accessed from geographically remote sites
o On-premise solutions maintain their servers locally within the network
o Many security products offer cloud-based and on-premise versions
o Consider compliance or regulatory limitations of storing data in a cloud-based security solution
o Be aware of the possibility of vendor lock in

18
Q

Cloud Access Security Broker

A
Enterprise management software designed to mediate access to cloud services by users across all types of devices
• Single sign-on
• Malware and rogue device detection
• Monitor/audit user activity
• Mitigate data exfiltration
19
Q

Forward Pro

A

o A security appliance or host positioned at the client network edge that forwards user traffic to the cloud network if the contents of that traffic comply with policy
o WARNING: Users may be able to evade the proxy and connect directly

20
Q

Reverse Proxy

A

o An appliance positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with policy
o WARNING: This approach can only be used if the cloud application has proxy support

21
Q

Application Programming Interface

A

o A method that uses the brokers connections between the cloud service and the cloud consumer
o WARNING: Dependent on the API supporting the functions that your policies demand

22
Q

Function as a Service

A

A cloud service model that supports serverless software architecture by provisioning runtime containers in which code is executed in a particular programming language

23
Q

Serverless

A

§ A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances
§ Everything in serverless is developed as a function or microservice

24
Q

Cloud Threats

A

Insecure Application Programming Interface (API)
Improper Key Management
Insufficient Logging and Monitoring
Unprotected Storage
Cross Origin Resource Sharing (CORS) Policy

25
Q

Secure Application Programming Interface (API)

A

§ WARNING: An API must only be used over an encrypted channel (HTTPS)
§ Data received by an API must pass service-side validation routines
§ Implement throttling/rate-limiting mechanisms to protect from a DoS

26
Q

Proper Key Management

A

§ APIs should use secure authentication and authorization such as SAML or OAuth/OIDC before accessing data
§ WARNING: Do not hardcode or embed a key into the source code
§ Do not create one key with full control to access an application’s functions
§ Delete unnecessary keys and regenerate keys when moving into a production environment

27
Q

Sufficient Logging and Monitoring

A

§ WARNING: Software as a service may not supply access to log files or monitoring tools
§ Logs must be copied to non-elastic storage for long-term retention

28
Q

Protected Storage

A

§ WARNING: Access control to storage is administered through container policies, IAM authorizations, and object ACLs
§ Incorrect permissions may occur due to default read/write permissions leftover from creation
§ Incorrect origin settings may occur when using content delivery networks

29
Q

Cloud storage containers are referred to as _______________

A

Cloud storage containers are referred to as buckets or blobs