Domain-3 Flashcards
Cloud Service Consumer
maintains a business relationship with, and uses service from, Cloud Service Providers
Cloud Service Provider
responsible for making a service available to service consumers
Cloud Carrier
provides connectivity and transport of cloud services between Cloud Providers and Cloud Consumers
Reservations
Guaranteed MINIMUM
Limits
Absolute MAXIMUM
Shares
If we fight.. we fight based on ranking !!! Used ONLY when we have a resource contention situation (too many requests, not enough resources)
Type 1 Hypervisor
Bare Metal, Embedded or Native Hypervisor
Type 2 Hypervisor
installed on top of the host’s operating system and
then supports other guest operating systems running above it as virtual machines
Network traffic between VMs
not necessarily visible to physical network security controls, which means additional security controls may be necessary
Virtual machines and their disk
are simply files residing somewhere. This means that, for example, a stopped VM is potentially accessible on a file system by third parties if no controls are applied
Management Plane
Provides administrators with the ability to remotely manage
the management plane is the most powerful tool in the entire cloud infrastructure
it will also integrate authentication, access control, and logging and monitoring of resources use
pathway for individual tenants who will have limited and controlled access to the cloud’s resources
management plane’s primary interface is the API
both toward the resources managed as well as toward the users
graphical user interface (i.e., web page) is typically built on top of those APIs. These APIs allow automation of control tasks
the 4 layers of Data Center Security
- Perimeter Security
- Facility Controls
- Computer Room Controls
- Cabinet Controls
Perimeter security
discourage, detect, and delay any unauthorized entry
achieved through a high-resolution video surveillance system, motion-activated security lighting, fiber-optic cable, etc. Video content analytics (VCA) can detect individuals and objects and check for any illegal activity. Track movements of people and avoid false alarms
Facility controls
the second layer of defense restricts access
card swipes or biometrics
High-resolution video surveillance and analytics can identify the person entering and also prevent tailgating
More complex VCA can read license plates, conduct facial recognition, and detect smoke and fire threats
Computer room controls
restricts access through diverse verification methods including:
monitoring all restricted areas, deploying entry restrictions such as turnstile, providing VCA, providing biometric access control devices to verify finger and thumb prints, irises, or vascular pattern, and using radio frequency identification
Cabinet controls
addresses the fear of an “insider threat,” such as a malicious employee
Tier I
Basic Site Infrastructure
Tier II
Redundant Site Infrastructure Capacity Components
Tier III
Concurrently Maintainable Site Infrastructure
Tier IV
Fault-Tolerant Site Infrastructure
Vulnerability
weakness
Likelihood
the chance something might happen
Impact
what a threat will cost (quantitative/qualitative)
Countermeasure (control)
the mechanism applied to minimize risk
Residual Risk
remaining risk(s) after all countermeasures/controls have been applied
Threat
an event or situation that if it occurred, would prevent the organization from operating in its normal manner
