DOMAIN 6 - MANAGEMENT PLANE SECURITY Flashcards

1
Q

APIs and _______ are the way the management plane is delivered.

A

web consoles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_______ allow for programmatic management of the cloud. They are the glue that holds the cloud’s components together and enables their orchestration.

A

Application Programming Interfaces

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cloud providers and platforms will also often offer _______ and Command
Line Interfaces (CLIs) to make integrating with their APIs easier.

A

Software Development Kits (SDKs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

_______are managed by the provider. They can be organization-specific [typically using Domain Name Server (DNS) redirection tied to federated identity].

A

Web consoles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

APIs are typically _______ for cloud services, since REST is easy to implement across the Internet. ________ APIs have become the standard for web-based services since they run over HTTP/S and thus work well across diverse environments.

A

REST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

there is no single standard for authentication in REST. HTTP request signing and _______ are the most common; both of these leverage cryptographic techniques to validate authentication requests.

A

OAuth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

No matter the platform or provider there is always an account owner with _______ privileges to manage the entire configuration.

A

super-admin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Separate from the ______ you can usually create super-admin accounts for individual admin
use.

A

account-owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Your platform or provider may support lower-level administrative accounts that can only manage parts of the service. We sometimes call these ________ or “day to day administrators”.

A

“service administrators”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

All privileged user accounts should use _______.

A

multi-factor authentication (MFA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Protecting from attacks against the management plane’s components itself, such as the web and API servers. It includes both lower-level network defenses as well as higher-level defenses against application attacks.

A

Perimeter security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Providing secure mechanisms for customers to authenticate to the management plane. This should use existing standards (like OAuth or HTTP request signing) that are cryptographically valid and well documented

A

Customer authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The mechanisms your own employees use to
connect with the non-customer-facing portions of the management plane. It also includes any translation between the customer’s authentication and any internal API requests.

A

Internal authentication and credential passing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Granular _______ better enable customers to securely manage their own users and administrators

A

entitlements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Robust _________ of administrative is essential for effective security and compliance. This applies both to what the customer does in their
account, and to what employees do in their day-to-day management of the service. Alerting of unusual events is an important security control to ensure that monitoring is actionable, and not merely something you look at after the fact. Cloud

A

logging and monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Since cloud configurations are controlled by software, these configurations should be backed up in a restorable format

A

Metastructure

17
Q

_________allows you to create an infrastructure template to configure all or some aspects of a cloud deployment.

A

Software-Defined Infrastructure

18
Q

As mentioned, any provider will offer features to support higher availability than can comparably be achieved in a traditional data center for the same cost. But these only work if you adjust your architecture

A

Infrastructure

19
Q

Data synchronization is often one of the more difficult issues to manage across locations, even if the actual storage costs are manageable.

A

Infostructure

20
Q

_____includes all of the above, but also the application assets like code, message queues, etc.

A

Applistructure

21
Q

_________ include a range of functions we used to manually implement in applications, everything from authentication systems to message queues and notifications

A

Platform services

22
Q

_______is often used to help build resilient cloud deployments

A

“Chaos Engineering”

23
Q

_______ may often be the biggest provider outage concern, due to total reliance on the provider.

A

SaaS

24
Q

This is completely on the provider’s shoulders, and _____ includes everything down to the physical facilities. RTOs and RPOs will be stringent, since if the cloud goes down, everything goes down.

A

BC/DR

25
Q

For super-high-availability applications, start with ______ BC before attempting cross-provider BC.

A

cross-location