Domain 6 - Management Plane and Business Continuity

Question 1

What are five important facets to building a secure management plane?

Answer 1

1. Perimeter security - defending the API end points and webserver end points of the management plane
2. Customer authentication - signing APIs with OAuth or HTTP signing; support for MFA for console access
3. Internal authentication and credential passing - CSPs management plane should be MFA protected
4. Authorizations and entitlements - customers v/s CSP admins authorizations (prevent employee abuse)
5. Logging, monitoring, alerting - detect and respond to unusual activities.

Question 2

What are the three main aspects of BC/DR in the cloud?

Answer 2

1. Ensuring continuity and recovery within a cloud provider
2. Preparing for and managing cloud provider outages
3. Portability

Question 3

What are the authentication mechanisms for APIs?

Answer 3

1. HTTP Request Signing (which is what AWS uses)

2. OAuth

Question 4

In BC/DR what are the considerations across the logical stack?

Answer 4

1. Metrastructure - backing up cloud configurations
2. Software-defined Infra - backing up CF templates etc.
3. Infrastructure - leveraging AZs and Regions
4. Infostructure - data sync across locations
5. Applicstructure - application assets like code, message queues.