Cloud Security

Question 1

What is Hyperconverged Infrastructure ?

Answer 1

The full integration of the storage network and servers into the cloud without having to perform hardware changes

Question 2

What is a VDI?

Answer 2

Virtual Desktop Infrastructure -

Allows a cloud provider to offer a full desktop OS to an end user from a centralized server

This desktop is non persistent meaning it is destroyed as soon as the user logs off mitigating the risk of being exploited by an attacker

Question 3

What do secure enclaves and volumes do?

Answer 3

Keep stored data confidential and separated from the other logical servers

Question 4

What is a secure enclave?

Answer 4

A mechanism that utilizes two distinct areas that data may be stored and accessed from

Question 5

What is a secure volume?

Answer 5

Method for keeping data a rest secure from prying eyes. When the data is needed, a secure volume is mounted and decrypted to allow access then is unmounted when no longer needed

Question 6

What is multi tenancy ?

Answer 6

A term in cloud computing that refers to your data being hosted on the same physical server as another organization’s data.

Question 7

How can you best mitigate cloud security threats?

Answer 7

• Configure, manage and audit user access to virtualize servers
• Set up virtual servers with proper fail over, redundancy and elasticity (balance the load across several physical machines)
• Complex passwords and strong authentication
• Encryption of data for in use and after deprovisioning

Question 8

What is Saas?

Answer 8

Software as a Service - provides remote access to applications based on a monthly or annual subscription fee

Question 9

What is IaaS?

Answer 9

Infrastructure as a Service - cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?

Question 10

What is PaaS?

Answer 10

Platform as a Service - complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.

Question 11

What is SECaaS?

Answer 11

Security as a Service - provides various types of security services without needing to hire a cybersecurity staff

Question 12

What is Sandboxing?

Answer 12

Utilizing separate virtual networks to allow security professionals to test suspicious files or malware

Question 13

What is CASB?

Answer 13

Cloud Access Security Broker - security policy enforcement software tool or service placed between cloud service users and cloud applications?

Question 14

What is CSA?

Answer 14

Cloud Security Alliance - nonprofit organization promoting best practices related to cloud computing environments

Question 15

What is CCM?

Answer 15

Cloud Controls Matrix - cybersecurity control framework for cloud computing

Question 16

What is VPC?

Answer 16

Virtual Private Cloud - enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Question 17

What is Fog Computing?

Answer 17

local network infrastructure between IoT devices and the cloud designed to speed up data transmission and processing.

Question 18

What is a Public Cloud?

Answer 18

cloud computing deployment model in which the cloud infrastructure is provisioned for open use by the general public

Question 19

What is a Hybrid Cloud?

Answer 19

A cloud deployment model consisting of two or more interlinked cloud infrastructures (private, community, or public)

Question 20

What are the countermeasures against VM escape?

Answer 20

Sandboxing and patch management

Question 21

What can be used to prevent VM sprawl?

Answer 21

Usage audit and asset documentation

Question 22

What is VM Escape?

Answer 22

process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine.

Question 23

What is VM Sprawl?

Answer 23

situation in which large number of deployed virtual machines lack proper administrative controls.

Question 24

A file-based representation of the state of a virtual machine at a given point in time is called:

Answer 24

Snapshot

Question 25

What is MSSP

Answer 25

managed security service provider - company that provides managed security services to help protect a company’s IT systems from cyber threats and attacks. This can include services such as threat monitoring, vulnerability assessments, firewall management, and incident response. The goal of an MSSP is to improve the overall security posture of a company’s IT systems.

Question 26

What is MSP?

Answer 26

managed service provider - company that provides proactive IT management services for businesses. This can include managing a company’s computer systems, networks, servers, and other IT infrastructure. The goal of an MSP is to improve the efficiency and reliability of a company’s IT systems while reducing costs and minimizing downtime.