Domain 8 - Virtualization and Containers Flashcards

1
Q

What are the cloud provider’s responsibility in secure compute virtualization?

A
  1. Enforce isolation
  2. Secure virtualization infrastructure (hypervisor, control plane, secure image processes etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the cloud user responsibilities in secure compute virtualization?

A
  1. Security settings - IAM, configuration
  2. Monitoring and Logging - both system logs and API
  3. Image asset management
  4. Use dedicated hosting for security sensitive workloads.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the security implications for virtual networking in public cloud?

A
  1. Customers do not have access to the physical network and cannot monitor packages -virtual networks are SDN overlays.
  2. Customers have to use virtual appliances for packet capture
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

With network virtualization, what are the provider’s responsibilities?

A
  1. segregation and isolation of network traffic
  2. Disable packet sniffing
  3. Protect meta data -e.g. SDN tags so that the SDN itself cannot be compromised by a compromised host.
  4. Offer built-in firewall capabilities
  5. Network Perimeter security - e.g. physical security, border gateways (BGP, DDoS etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

With network virtualization, what are the consumer’s responsibilities?

A
  1. Properly security networking (e.g. NACLs, SGs)
  2. Use SDN constructs to limit blast radius -e.g. run each application in its own VPC - something that would be too expensive in on-prem
  3. Use IaC to configure secure networks
  4. Monitor for configuration drift and enforce conformance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the three components of container virtualization?

A
  1. The execution environment (container)
  2. An orchestration and scheduling controller (a collection of multiple tools- K8s?)
  3. A repository for the container images.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does container security include?

A
  • Security of the underlying infra as in any other type of virtualization
  • Security of the management plane (orchestrator and scheduler)
  • Securing image repository
  • Properly configuring images (e.g. no root access to underlying file system)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly