Cloud Security Flashcards
What is Cloud?
Refers to a cloud computing which is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider interaction.
What is Cloud Computing?
Concept of creating a service using shared resources that may hosted on the internet or private networks.
What are the benefits of Cloud Computing?
Scalable, Flexibility, Integration, Fast Access, Lower Cost, Simplicity
What are the 3 Cloud Computing Service Models?
IaaS (Infrastructure as a Service)
PaaS (Platform as a Service)
Saas (Software as a Service)
What are the 3 Deployment Model?
Public Cloud, Private Cloud and Hybrid Cloud
What are the 3 Service Models?
Xaas (Anything as a Service), Saas (Desktop as a Service), DRaaS (Disaster Recovery as a Service)
What are the 2 Cloud Vendors?
AWS (Amazon Web Services), Microsoft Azure, Google Cloud Platform
What is the responsibility of the Cloud Provider?
Responsible mainly for infrastructure, in accordance with the service plan.
What is the responsibility of the Cloud Client?
Responsible for the data and accountability within the framework of the service plan (data, OS, apps, etc.)
What is Public Cloud?
Uses provider resources and host services open to others (sharing)
What is Private Cloud?
Separate for each customer, private customizable environment, offers a higher level of reliability
What is Hybrid Cloud?
Public and Private combined, running app interchangeably, privately, or public
What is EC2?
Amazons Elastic Compute Cloud
A type of cloud infrastructure available solely for a single organization is known as?
Private Cloud
Which is a cloud computing delivery model in which cloud infrastructure is provisioned for open use by the general public?
Public Cloud
A cloud delivery model consisting of two or more interlinked cloud infrastructures (private, community, or public) is referred to as a hybrid cloud.
True
Which cloud infrastructure type would be the most suitable for a group of organizations sharing common interests?
Community cloud
Which is a cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?
IaaS
A cloud computing service model offering remote access to applications based on monthly or annual subscription fee is called:
SaaS
Which cloud service model would provide the best solution for a web developer intending to create a web app?
PaaS
In cloud computing, the term “Metered service” refers to the cloud provider’s ability to track the computing resources consumers are accessing as well as the amount of resources they are consuming. It provides transparency for both the provider and consumer and is used, among other applications, for the purpose of billing.
False
In cloud computing, the term “Measured service” refers to a situation in which gaining access to resources does not require a flat fee. This type of billing model allows consumers to be charged variable rates depending on the exact amount of utilized resources.
False
Which of the terms listed below refers to a cloud computing feature that allows for automatic allocation of computing resources in proportion with the demand?
Rapid elasticity
What is metered service?
A fee charged by cloud service providers on the basis of how much of a resource was used.
What is measured service?
A billing model cloud service providers use to charge for services in small increments based on the computing resources the customer consumes
What is persistent VDI?
each user gets his or her own persistent virtual desktop – also known as a one-to-one ratio. User connects to the same desktop each time, and user can personalize the desktop for their needs since changes are saved even after the connection is reset.
What is nonpersistent VDI?
Nonpersistent desktops are many-to-one, meaning that they are shared among end users. In nonpersistent none of the users’ configurations or application data gets saved
What is VM escape?
Is an attack that allows an attacker to access the host system from within the virtual system. attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor.
How do mitigate VM escape?
Updating software regularly. Installing updates and patches the moment they are available will reduce the risk of someone exploiting bugs in the virtualization software or other software running in the virtual environment. Isolating virtual environments.
What is VM sprawl?
VM sprawl - occurs when the number of virtual machines (VMs) on a network reaches a point where administrators can no longer manage them effectively.
How do mitigate VM sprawl?
Audit VMs. It may seem like a simple solution, but make it a policy that every VM and virtual server must be documented and registered.
Optimize storage and implement data policies. …
Implement lifecycle management tools. …
Implement VM archiving.
What is an example of on-premises VDI solution?
Local server hosting virtualized OS
What its a characteristic of persistent VDI: (Select 2 answers)
Each user runs their own copy of virtual desktop, At the end of a session, user data and personal settings are saved
What its a characteristic of a non-persistent VDI? (Select 2 answers)
At the end of a session, user desktop reverts to its original state, Virtual desktop is shared among multiple users
Which of the following answers refers to a cloud-based VDI service?
DaaS
Which of the terms listed below refers to a solution that allows multiple operating systems to work simultaneously on the same hardware?
Virtualization
What is virtualization?
a solution that allows multiple operating systems to work simultaneously on the same hardware? Share resources
What is a hypervisor?
is used to virtualize a system and manage virtual system resources.
In virtualization technology, a software program that manages multiple operating systems (or multiple instances of the same operating system) on a single computer system is known as:
Hypervisor
Which of the following statements describe disadvantages of virtualization? (Select 2 answers)
Multiple virtual machines run on a single host share hardware resources which has a degrading effect on performance
Hardware used for hosting virtual machines becomes a single point of failure
For best performance, a custom workstation designed for virtualization tasks needs: (Select 3 answers)
Large, fast hard drive, Maximum RAM, Maximum CPU cores
A set of Intel CPU HAV enhancements is called?
VT-x
Which of the answers listed below refers to HAV enhancements developed by AMD for its CPUs?
AMD-V
The term “VM sprawl” is used to describe a situation in which large number of deployed virtual machines lack proper administrative controls.
True
The term “VM escape” refers to the process of breaking out of the boundaries of a guest operating system installation to access the primary hypervisor controlling all the virtual machines on the host machine
True
Which of the following security measures can be used to prevent VM sprawl? (Select 2 answers)
Usage audit and asset documentation
What are the countermeasures against VM escape?
Sandboxing and patch management
What is the difference in Hypervisor Type 1 and Hypervisor Type 2
Type 1 runs directly on system hardware and Type 2 runs on the host operating system
What is on-premise?
Computing services that operated locally
What is off-premise?
Computing services that operated remotely
What are containers?
Containers are packages of software that contain all of the necessary elements to run in any environment.
What is used to run containers run on and what platform?
Docker is a PaaS that uses virtualization to deliver software in packages called
containers
Virtual Containers and virtual machines are the same?
False Virtual machine is has its own OS kernal container share hot OS kernal
VM separate libraries and config file, container share
boot time quicker on container and smaller size
What is Security as a Service (SECaaS)?
A cloud-based method of outsourcing your cybersecurity. Outsourced security can cover data protection, VoIP security, database security, and general network security.
What are the benefits of SECaas?
Cost savings, outsource experts, intelligence sharing, flexibility new information
What are concerns of SECaas?
Visibility and data concealment, regulation, monitoring restrictions, information leakage, switching providers
What is Cloud Access Security Broker (CASB)
A software or service (such as Forcepoint ONE) that acts as a gatekeeper and monitors data flow. Provides techniques for encryption, monitoring, identity management, and more.
What is a Virtual Appliance?
Software appliance installed on a virtual machine. Preconfigured and ready to use OSs. They do not require installation. Use Open Virtualization Format (OVF) and
Open Virtual Appliance (OVA
What is OVF?
Open Virtualization Format (OVF) is an open standard which contains multiple files as a package. For example, .ovf, .vmdk, .nvram, and so on. OVF supports exchange of virtual appliances across products and platforms.
What is OVA?
Open Virtual Appliance (OVA) OVA is a single file distribution of the OVF file package.
What is Data Center?
Collection of computing and network devices placed in a centralized location for more powerful computing power
What is a SLA?
An agreement between the service provider and client regarding the provided service features and implementation
What is the purpose of Virtualization?
Use a single machine for multiple simulated environments.
What is the purpose of Cloud Computing?
Pool resources and automate for on-demand-use
