DOMAIN 7 - MICRO-SEGMENTATION & SDP, HYBRID CLOUD, CLOUD COMPUTE & WORKLOAD Flashcards
_______leverages virtual network topologies to run more, smaller, and more isolated networks without incurring additional hardware costs that historically
make such models prohibitive.
Microsegmentation
A common, practical example leveraging this capability is running most, if not all, applications on their own virtual network and only connecting those networks as needed. This dramatically reduces the ______ if an attacker compromises an individual system.
blast radius
Although there are no increases in capital expenses since cloud microsegmentation is based on software configurations, it can increase _______ expenses in managing multiple overlapping networks and connectivity.
operational
The _________has developed a model and specification that combines device and user authentication to dynamically provision network access to resources and enhance security.
CSA Software Defined Perimeter Working Group
A security failure at the _______ will likely compromise the security of all customers. And this security must be managed for arbitrary communications and multiple tenants, some of which must be considered adversarial.
root network
It is absolutely critical to maintain segregation and isolation for the _______ environment
multitenant
Providers must also expose _______ to the cloud users so they can properly configure and manage their network security.
security controls
Providers are responsible for implementing ______security that protects the environment, but minimizes impact on customer workloads, for example, Distributed Denial of Service Protection (DDoS) and baseline IPS to filter out hostile traffic before it affects the cloud’s consumers.
perimeter
Another consideration is to ensure that any potentially sensitive information is _______ when a virtual instance is released back to the hypervisor, to ensure the information is not able to be read by another customer when the drive space is provisioned.
scrubbed
As mentioned in Domain 1, hybrid clouds connect an enterprise private cloud or data center to a public cloud provider, typically using either a dedicated _______ link or VPN.
Wide Area Network (WAN)
Ideally the hybrid cloud will support arbitrary ______ to help seamlessly extend the cloud user’s network.
network addressing
The hybrid connection may ______the security of the cloud network if the private network isn’t at an equivalent security level.
reduce
One emerging architecture for hybrid cloud connectivity is ______ or “transit” virtual networks
“bastion”
This scenario allows you to connect multiple, different cloud networks to a data center using a single hybrid connection
Bastion
_______ networks connect to the data center through the bastion network, but since they aren’t peered to each other they can’t talk to each other and are effectively segregated. Also, you can deploy different security tools, firewall rulesets, and Access Control Lists in the bastion network to further protect traffic in and out of the hybrid connection.
Second-level