Domain 8 - Virtualization and Containers Flashcards
1
Q
What are the cloud provider’s responsibility in secure compute virtualization?
A
- Enforce isolation
- Secure virtualization infrastructure (hypervisor, control plane, secure image processes etc.)
2
Q
What are the cloud user responsibilities in secure compute virtualization?
A
- Security settings - IAM, configuration
- Monitoring and Logging - both system logs and API
- Image asset management
- Use dedicated hosting for security sensitive workloads.
3
Q
What are the security implications for virtual networking in public cloud?
A
- Customers do not have access to the physical network and cannot monitor packages -virtual networks are SDN overlays.
- Customers have to use virtual appliances for packet capture
4
Q
With network virtualization, what are the provider’s responsibilities?
A
- segregation and isolation of network traffic
- Disable packet sniffing
- Protect meta data -e.g. SDN tags so that the SDN itself cannot be compromised by a compromised host.
- Offer built-in firewall capabilities
- Network Perimeter security - e.g. physical security, border gateways (BGP, DDoS etc.)
5
Q
With network virtualization, what are the consumer’s responsibilities?
A
- Properly security networking (e.g. NACLs, SGs)
- Use SDN constructs to limit blast radius -e.g. run each application in its own VPC - something that would be too expensive in on-prem
- Use IaC to configure secure networks
- Monitor for configuration drift and enforce conformance.
6
Q
What are the three components of container virtualization?
A
- The execution environment (container)
- An orchestration and scheduling controller (a collection of multiple tools- K8s?)
- A repository for the container images.
7
Q
What does container security include?
A
- Security of the underlying infra as in any other type of virtualization
- Security of the management plane (orchestrator and scheduler)
- Securing image repository
- Properly configuring images (e.g. no root access to underlying file system)