Cloud Security Flashcards
What is Hyperconverged Infrastructure ?
The full integration of the storage network and servers into the cloud without having to perform hardware changes
What is a VDI?
Virtual Desktop Infrastructure -
Allows a cloud provider to offer a full desktop OS to an end user from a centralized server
This desktop is non persistent meaning it is destroyed as soon as the user logs off mitigating the risk of being exploited by an attacker
What do secure enclaves and volumes do?
Keep stored data confidential and separated from the other logical servers
What is a secure enclave?
A mechanism that utilizes two distinct areas that data may be stored and accessed from
What is a secure volume?
Method for keeping data a rest secure from prying eyes. When the data is needed, a secure volume is mounted and decrypted to allow access then is unmounted when no longer needed
What is multi tenancy ?
A term in cloud computing that refers to your data being hosted on the same physical server as another organization’s data.
How can you best mitigate cloud security threats?
- Configure, manage and audit user access to virtualize servers
- Set up virtual servers with proper fail over, redundancy and elasticity (balance the load across several physical machines)
- Complex passwords and strong authentication
- Encryption of data for in use and after deprovisioning
What is Saas?
Software as a Service - provides remote access to applications based on a monthly or annual subscription fee
What is IaaS?
Infrastructure as a Service - cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?
What is PaaS?
Platform as a Service - complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.
What is SECaaS?
Security as a Service - provides various types of security services without needing to hire a cybersecurity staff
What is Sandboxing?
Utilizing separate virtual networks to allow security professionals to test suspicious files or malware
What is CASB?
Cloud Access Security Broker - security policy enforcement software tool or service placed between cloud service users and cloud applications?
What is CSA?
Cloud Security Alliance - nonprofit organization promoting best practices related to cloud computing environments
What is CCM?
Cloud Controls Matrix - cybersecurity control framework for cloud computing
What is VPC?
Virtual Private Cloud - enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
What is Fog Computing?
local network infrastructure between IoT devices and the cloud designed to speed up data transmission and processing.
What is a Public Cloud?
cloud computing deployment model in which the cloud infrastructure is provisioned for open use by the general public
What is a Hybrid Cloud?
A cloud deployment model consisting of two or more interlinked cloud infrastructures (private, community, or public)
What are the countermeasures against VM escape?
Sandboxing and patch management
What can be used to prevent VM sprawl?
Usage audit and asset documentation
What is VM Escape?
process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine.
What is VM Sprawl?
situation in which large number of deployed virtual machines lack proper administrative controls.
A file-based representation of the state of a virtual machine at a given point in time is called:
Snapshot
What is MSSP
managed security service provider - company that provides managed security services to help protect a company’s IT systems from cyber threats and attacks. This can include services such as threat monitoring, vulnerability assessments, firewall management, and incident response. The goal of an MSSP is to improve the overall security posture of a company’s IT systems.
What is MSP?
managed service provider - company that provides proactive IT management services for businesses. This can include managing a company’s computer systems, networks, servers, and other IT infrastructure. The goal of an MSP is to improve the efficiency and reliability of a company’s IT systems while reducing costs and minimizing downtime.
