Cloud Security

Question 1

On-Premises

Answer 1

Operates locally

Question 2

Off-Premises

Answer 2

Operates via the cloud

Question 3

CTSS

Answer 3

Compatible Time-Sharing System
Distributes resources of a single machine for simultaneous multiple user access

Question 4

IaaS

Answer 4

Infrastructure as a Service
Maintaining server on a cloud-based VM
Provides virtual resources
Customer Responsible for: Accountability, Data, Application, Runtime, Middleware, OS
Provider Responsibility: Virtualization, Servers, Storage, Network

Question 5

PaaS

Answer 5

Platform as a Service
Creation of platforms for applications & eliminates platform maintenance
Customer Responsible for: Accountability, Data, Application
Provider Responsibility: Runtime, Middleware, OS, Virtualization, Servers, Storage, Network

Question 6

SaaS

Answer 6

Software as a Service
Running software off-premises (Ex. Dropbox, Gmail, Office365)
Customer Responsible for: Accountability, Data
Provider Responsibility: Application, Runtime, Middleware, OS, Virtualization, Servers, Storage, Network

Question 7

XaaS

Answer 7

Anything as a Service
All types of products that can be provided via the cloud

Question 8

DaaS

Answer 8

Desktop as a Service
Hosting an OS on a virtual machine
Provide desktop interfaces for users

Question 9

Public Cloud

Answer 9

Uses provider resources
Hosts services open to others

Question 10

DRaaS

Answer 10

Disaster Recovery as a Service
Replication of servers to the cloud (failover solution)

Question 11

Private Cloud

Answer 11

Separate for each customer
Private customizable environment
Offers a higher level of reliability

Question 12

Hybrid Cloud

Answer 12

Public and private models combined
Running apps interchangeably, privately,
or publicly

Question 13

Hypervisor

Answer 13

Manages virtual system resources
Type 1 runs on system hardware (also known as bare metal)
Type 2 runs on host OS as an application

Question 14

Virtualization Security

Answer 14

Cloud Provider Responsibility: physical infrastructure security and virtualization platform security
Cloud Customer Responsibility: Virtualized security controls (virtualized host encryption)

Question 15

Cloud Availability Zones

Answer 15

Regions: Multiple availability zones
Availability Zones (AZ) : Geographical (closer is better), Legal/compliance/corporate policy constraints of where data resides, Cost, Offerings

Question 16

SLA

Answer 16

Service Level Agreement
Agreement between service provider and client regarding the features provided and implementation

Question 17

IAM

Answer 17

Identity & Access Management
Framework for management of control of permissions, authentication, and identification using digital identities

Question 18

Data Center Disaster Recovery

Answer 18

Redundancy
Resiliency
Disaster Recovery
Data Backups

Question 19

EC2

Answer 19

Amazon cloud computing service platform

Question 20

S3

Answer 20

Amazon data storage services

Question 21

POLP

Answer 21

Principle of Least Privilege

Question 22

WAF

Answer 22

Web Application Firewall
Helps protect web applications by filtering and monitoring HTTP traffic
Uses ACLs
Layer 7

Question 23

NGFW

Answer 23

Next Generation Firewall
3rd generation firewall that provides capabilities beyond a traditional

Question 24

Volumetric Attacks

Answer 24

Focus on consuming network resources through amplification or botnets.

Question 25

SDN

Answer 25

Software-Defined Networking
network architecture approach that enables the network to be intelligently and centrally controlled, or ‘programmed,’ using software applications

Question 26

SDP

Answer 26

Software-Defined Perimeter
Authentication outside app
Layer 2

Question 27

Virtualization

Answer 27

Single physical machine for multiple simulated environments.
Based on images
Lifespan: year/long-term

Question 28

Cloud Computing

Answer 28

Pool and automate resources for on-demand use.
Based on templates
Lifespan: Max hours to months/short-term

Question 29

VA

Answer 29

Virtual Appliances
IaaS: VAs are crucial regarding file format (OVA, OVF). Can be network devices (routers, switches)
SaaS: VAs provide direct route when a quick SaaS setup is needed. Prevent the need to redesign large apps.

Question 30

Container

Answer 30

Standard units of software packaging code and dependencies
Lightweight/standalone
Ensure secure implementation of apps

Question 31

Docker

Answer 31

A PaaS that uses virtualization to deliver software in containers

Question 32

SDP Core Pillars

Answer 32

Identity-Centric: identities rather than IP addresses
Zero Trust: Must authenticate first
Build for the Cloud: Works w/ SDN & prevents unauthorized network access

Question 33

DLP

Answer 33

Data Loss Prevention

Question 34

CASB

Answer 34

Cloud Access Security Broker
Gatekeeper and manages security-related policies