DOMAIN 7 - CHALLENGES OF VIRTUAL APPLIANCES, SDN SECURITY BENEFITS Flashcards

1
Q

Virtual appliances thus become ______, since they cannot fail open, and must intercept all traffic.

A

bottlenecks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

________may take significant resources and increase costs to meet network performance requirements.

A

Virtual appliances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When used, virtual appliances should support _______ to match the elasticity of the resources they protect.

A

auto-scaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Virtual appliances should also be aware of operating in the cloud, as well as the ability of instances to move between different geographic and availability zones. The ______ of change in cloud networks is higher than that of physical networks and tools need to be designed to handle this important difference.

A

velocity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

______ will change far more quickly than on a traditional network, which security tools must account for.

A

IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_______ are less likely to exist at static IP addresses

A

Assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

It becomes possible to build out as many ______ networks as you need without constraints of physical hardware.

A

isolated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

________ (e.g., security groups) can apply to assets based on more flexible criteria than hardware-based firewalls, since they aren’t limited based on physical topology.

A

SDN firewalls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SDN firewalls are typically______ sets that define ingress and egress rules that can apply to single
assets or groups of assets, regardless of network location (within a given virtual network).

A

policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

________is often the starting point, and you are required to open connections from there, which is the opposite of most physical networks

A

Default deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Many network attacks are eliminated by default (depending on your platforms), such as _______ and other lower level exploits, beyond merely eliminating sniffing. This is due to the inherent nature of the SDN and application of more software based
rules and analysis in moving packets.

A

ARP spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

As with security groups, other routing and network design can be dynamic and tied to the cloud’s ________ layer, such as bridging virtual networks or connecting to internal PaaS services.

A

orchestration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly