DOMAIN 7 - MICRO-SEGMENTATION & SDP, HYBRID CLOUD, CLOUD COMPUTE & WORKLOAD Flashcards

1
Q

_______leverages virtual network topologies to run more, smaller, and more isolated networks without incurring additional hardware costs that historically
make such models prohibitive.

A

Microsegmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A common, practical example leveraging this capability is running most, if not all, applications on their own virtual network and only connecting those networks as needed. This dramatically reduces the ______ if an attacker compromises an individual system.

A

blast radius

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Although there are no increases in capital expenses since cloud microsegmentation is based on software configurations, it can increase _______ expenses in managing multiple overlapping networks and connectivity.

A

operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The _________has developed a model and specification that combines device and user authentication to dynamically provision network access to resources and enhance security.

A

CSA Software Defined Perimeter Working Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security failure at the _______ will likely compromise the security of all customers. And this security must be managed for arbitrary communications and multiple tenants, some of which must be considered adversarial.

A

root network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

It is absolutely critical to maintain segregation and isolation for the _______ environment

A

multitenant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Providers must also expose _______ to the cloud users so they can properly configure and manage their network security.

A

security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Providers are responsible for implementing ______security that protects the environment, but minimizes impact on customer workloads, for example, Distributed Denial of Service Protection (DDoS) and baseline IPS to filter out hostile traffic before it affects the cloud’s consumers.

A

perimeter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Another consideration is to ensure that any potentially sensitive information is _______ when a virtual instance is released back to the hypervisor, to ensure the information is not able to be read by another customer when the drive space is provisioned.

A

scrubbed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

As mentioned in Domain 1, hybrid clouds connect an enterprise private cloud or data center to a public cloud provider, typically using either a dedicated _______ link or VPN.

A

Wide Area Network (WAN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ideally the hybrid cloud will support arbitrary ______ to help seamlessly extend the cloud user’s network.

A

network addressing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The hybrid connection may ______the security of the cloud network if the private network isn’t at an equivalent security level.

A

reduce

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

One emerging architecture for hybrid cloud connectivity is ______ or “transit” virtual networks

A

“bastion”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This scenario allows you to connect multiple, different cloud networks to a data center using a single hybrid connection

A

Bastion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

_______ networks connect to the data center through the bastion network, but since they aren’t peered to each other they can’t talk to each other and are effectively segregated. Also, you can deploy different security tools, firewall rulesets, and Access Control Lists in the bastion network to further protect traffic in and out of the hybrid connection.

A

Second-level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A _______ is a unit of processing, which can be in a virtual machine, a container, or other abstraction.

A

workload

17
Q

Workloads always run somewhere on a ______ and consume memory

A

processor

18
Q

It’s important to remember that every cloud workload runs on a _______, and the integrity of
this hardware is absolutely critical for the cloud provider to maintain

A

hardware stack

19
Q

______are the most-well known form of compute abstraction, and are offered by all IaaS providers.

A

Virtual machines

20
Q

The Virtual Machine Manager (_______) abstracts an operating system from the underlying hardware.

A

hypervisor

21
Q

Modern hypervisors can tie into underlying hardware capabilities now commonly available on standard ______ (and workstations) to reinforce isolation while supporting high-performance operations.

A

servers

22
Q

Virtual machines are potentially open to certain ______, but this is increasingly difficult due to ongoing hardware and software enhancements to reinforce isolation.

A

memory attacks

23
Q

________are code execution environments that run within an operating system (for now), sharing and leveraging resources of that operating system.

A

Containers

24
Q

container is a ________ place to run segregated
processes while still utilizing the kernel and other capabilities of the base OS.

A

constrained

25
Q

Multiple containers can run on the same virtual machine or be implemented without the use of VMs
at all and run directly on ________.

A

hardware

26
Q

The container provides code running inside a ______
environment with only access to the processes and capabilities defined in the container configuration

A

restricted

27
Q

Containers are newer, with differing isolation capabilities that are very_________.

A

platform-dependent