DION training - Security+ -> Section 15 - Security Architecture Flashcards

1
Q

What is cloud computing?

A

It refers to provisioning of services over the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the concept of responsibility matrix in cloud computing?

A

Responsibility matrix divides the responsibilities of client and the could service provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the different considerations that we should keep in mind while choosing a cloud provider?

A
  1. Availability - what’s the uptime of the service that service provider is providing
  2. Cost - what would be the current cost and what would be the future cost.
  3. Scalability - Does cloud provider has redundant servers and can provide scalability when workload increases
  4. Elasticity -
  5. Risk Transference -
  6. Resilience -
  7. Ease of deployment
  8. Patch availability
    etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is shared physical server vulnerability in cloud computing?

A

On a single host, there are different VMs hosted. If one VM is vulnerable or it is not securely configured, it might impact the security of other machines or host machine as well.

Do proper isolation of VMs
patch-up management
Do regular vulnerability scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are few vulnerabilities related to Cloud computing?

A
  1. Single point of failure - If there is no redundancy.
  2. Unclear security policies
  3. Weak authentication and encryption practices.
  4. Lack of up to date security measures.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are Data Remnants?

A

It is residual data left behind after the deletion or erasure process.
It happens due to inadequate data deletion procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are 2 types of hypervisors?

A

Hypervisor is the program that manages the access to system resources by different virtual machines.

1st Type - Bare metal Hypervisor - It is the hypervisor that directly installs on top of system hardware.
It does not install on top of some OS like windows, MacOS.
Ex - VMware ExXi, Citrix’s xen server.

2nd type - It is installed on top of OS like windows.
Ex - Vmware work station, Oracle Virtual box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the concept of containerization?

A

It is a concept of creating containers for applications that provide all the dependencies required for this particular application. It provides an isolated environment for a application.

It has numerous benefits as compared to virtualization that first requires a VM OS to be installed and only then we can install some application on top it.

In containerization, there is no VM OS, as containerized applications can directly request resources from the host OS and it happens on need per basis.
So it saves the use of resources by VM OS.

Few providers of containerization - Docker, Kubernetes, Red Hat OpenShift

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some virtualization-related vulnerabilities?

A
  1. VM escape -
  2. Privilege escalation - If access controls are not implemented properly.
  3. Resource re-use - It can become a vulnerability when a memory is not properly cleared before it is used by another process. And other processes might get its hand on the sensitive data of the first process.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is serverless concept in computing?

A

It is normally used by app developers and serverless concept takes away the responsibility to managing our own servers as they are managed by the service/cloud provider.

It has number of benefits -
1. More time to focus on actual application instead of managing server.
2. Decreased cost - normally in Serverless service, Cloud provider charges based on how much time resources were used for.

Its drawback is that there might be vendor lock-in as migrating an application to another provider is a difficult task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the concept of Micro-services?

A

In this concept, an application program is divided into independent Micro services instead of one large single program.

It has a number of benefits like following -

  1. It increases resiliency - As one micro-service failure doesn’t bring the whole application down.
  2. Easy to deploy patches or updates - Updates/patches can be deployed only on the concerned service. Whole application doesn’t need to be taken down.
  3. Scalability - Each service can be scaled separately as per its demand.
  4. Flexibility - Micro-services can be written in different languages.

Example of such service - Netflix

Its challenges -

  • complexity
  • Data management
  • Security implication due to increased attack surface area.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is SDN - Software Defined Networking?

A

SDN involves the concept of managing networking devices from a centralized place.
It divides the working of networking devices into 3 panes -

Data plane - this plane just forwards the data from one place to another
Control plane - It is the brain of the network. It decides where data is forwarded.
Application plane - The plane where all network applications interacting with the SDN controller reside.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the concept of infrastructure as code?

A

It is a method in which IT infrastructure is defined in code files that can be versioned, tested and audited.

Code can be written in high level languages like YAML, JSON, HCL etc.

IaS can be written as scripts and can be used to manage and configure computing devices like servers.

Note - Infrastructure as Code can help us eliminate Snowflake systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Snowflake system and term Idempotence?

A

Snow Flake - there are the systems with configurations that lacks consistency that might introduce risks, so it has to be eliminated.

Idempotence - It is the ability of operation to produce the same results as many times as it is executed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are internet of thing devices?

A

These are devices that have smart capabilities (computing functionalities) and are connected to the internet. Like smart fridge.

These devices are prone of number of vulnerabilities and it is recommended to keep these IoT devices on separate network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are ICS and SCADA devices?

A

ICS stands for Industrial Control System.

SCADA - Supervisory Control And Data Acquisition - It is an type of ICS that is used to control, manage geographically dispersed industrial systems/processes.
Like - Gas pipeline distribution system.

These systems normally run on proprietary systems.

17
Q

What are embedded systems?

A

Embedded systems provide a unique functionality and these are installed with firmware.
These systems are also equipped with RTOS (Real Time operating system). There are no buffer delays in RTOS.