Domain 1 and Some 2 Flashcards
Many different customers accessing cloud resources hosted on shared hardware.
Multitenancy
Only Matthew’s company has access to any resources hosted on the same physical hardware.
Private cloud
Matthew’s organization is combining resources of public and private cloud computing.
Hybrid cloud
Resource use is limited to members of a particular group.
Community cloud
A strong sanitization technique that involves encrypting data with a strong encryption engine and then taking the keys generated in that process, encrypting them with a different encryption engine, and destroying the resulting keys of the second round of encryption.
Cryptographic erasure
Cryptographic erasure is effective on:
Magnetic and solid-state drives.
T/F: Degaussing and overwriting are not effective on SSDs
True
T/F: Containers provide easy portability.
False, because they are dependent on the host operating system.
Hypervisors are used to:
Host virtual machines on a device.
A platform as a service model that allows cloud customers to run their own code on the provider’s platform without provisioning servers.
Serverless computing
Virtual machines are self-contained and have their own internal operating system, which can be moved between:
different host operating systems.
Responsibilities of the customer
Use cloud services
perform service trials
monitor services
administer service security
provide billing and usage reports
handle problem reports
administer tenancies
perform business administration
select and purchase service
request audit reports.
The ability of a system to dynamically grow and shrink based on the current level of demand.
Elasticity
The ability of a system to grow as demand increases but does not require the ability to shrink.
Scalability
Zero trust decisions are not based on network location, such as IP address. Instead, it’s based on:
User’s identity, the nature of the requested access, and the user’s geographic (not network!) location.
Bare-metal (Type 1) hypervisor is preferable to the hypervisor that runs off the OS (Type 2) because:
It will offer less attack surface.
Network security groups provide functionality equivalent to:
Network firewalls for cloud-hosted server instances.
_____ restrict traffic that might reach a server instance.
Network Security Groups
T/F Only cloud provider can modify network firewalls
True
Restrict the geographic locations from which users may access the servers.
Geofencing
_____ may be used to examine the traffic reaching the instance.
Traffic inspection
Susceptible to disk failures and user error that may unintentionally destroy or modify data.
Vulnerable to ransomware attacks that infect systems with access to the object store and then encrypt data stored on the service.
Object storage flaws
Geofencing may be used to trigger actions, such as an alert, when:
a user or device leaves a defined geographic area.
Geotagging annotates log records or other data with:
the geographic location of the user performing an action.