Domain 3 (Security Architecture) Flashcards
Practice questions unofficial sources
When computing resources are delivered to a remote customer over a network
Cloud computing (simple definition)
This is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction
Cloud computing (NIST definition)
This is the business that offers cloud computing services for sale to third parties
Cloud service provider
The consumers of cloud computing services who use the services as the infrastructure, platforms, and/or applications that help them run their own business
Cloud customer
Third-party companies who offer some product or service that interacts with the primary offerings of a cloud service provider
Cloud service partner
Cloud service providers who offer a managed identity and access management service to cloud customers
Cloud access security broker (CASB)
This adds more servers to the pool to meet increased user demand
Horizontal scaling
This adds more resources (such as CPU or memory) to existing servers to meet increased demand
Vertical scaling
This refers to both increasing and decreasing capacity as short-term needs fluctuate
Elasticity
Paying only for what you consume
Measured Service
Many different customers share use of the same computing resources
Multitenancy
Multitenancy cloud users don’t impact each other; one customer should never be able to see data belonging to another
Principle of Isolation
Sold capacity exceeds actual capacity; cloud providers can oversell because customer use varies at different times, different peaks
Oversubscription
CPU and memory shared among users; in the physical environment they are shared among many different users and can be reassigned as needed
Resource pooling
Vendors that provide security services for other organizations
Managed Security Service Providers (MSSPs)
This term may also describe Managed Security Service Providers when the service being performed has more of a software as a service feel; almost like a subcategory of MSSP but people blur the lines
Security as a Service (SECaaS)
A category of security service that add a third party security layer to the interactions that users have with other cloud services
Cloud Access Security Brokers (CASBs)
Security service where the broker sits in between the users and the cloud service, monitoring requests and watching for potential violations of security policy, broker blocks requests if necessary
Network-Based CASB
Security service where the broker does not sit in the line of communication, uses API to interact with the cloud service. Broker may be unable to block requests, and the service entirely in the cloud
API-Based CASB
When the hypervisor runs directly on top of the hardware, and then hosts guest operating systems on top of that; the most common form of virtualization found in data centers
Type 1 Hypervisor (Bare Metal Hypervisor)
In the past decade we have a shift in the computing landscape from the client/server model to _____ technology
Virtualization
_____ technology allows many virtual servers to make use of the same underlying hardware, easily shifting processing power to wherever it’s needed at the time
Virtualization
When the physical machine runs an operating system of its own and the hypervisor runs as a program on top of the operating system; commonly used on personal computers; virtual boxes and parallels
Type 2 hypervisor
In virtualization, the ___ tricks each guest into thinking it runs on its own dedicated hardware
Hypervisor