Identifying Infrastructure Services Flashcards
A cloud engineer is setting up controls between VPCs. What should the engineer use?
In a cloud environment, network access control (NAC) Lists (or “nackles”) control inbound and outbound traffic between networks, or more specifically, between virtual private clouds (VPCs).
What’s a screened subnet?
A screened subnet uses two firewalls placed on either side of the demilitarized zone (DMZ). The edge firewall restricts traffic on the external/public interface and allows permitted traffic to the hosts in the DMZ.
A security consultant is reviewing various aspects of security surrounding live virtual machine vulnerabilities on a Type 1 hypervisor. What should the security consultant cover?
- VM escape
- Privilege escalation
- Live VM migration
VM escape could give the attacker access to the underlying host operating systems and thereby access to all other VMs running on that host machine. This is the most deadly of the attacks.
In a virtualized environment, an attacker with elevated privileges could access the host machine and do anything as an administrator.
Without proper authentication and integrity protocols, hypervisors may enable an attacker to migrate VMs to their own machine or a victim machine. The attacker can then overload the VMs with denial of service (DoS) attacks.
A systems administrator has been running a data center full of physical servers for a small company but is worried about ensuring operations. The administrator begins assessing various Type 1 hypervisors for future migration. What are some major Type 1 hypervisors the sysadmin can evaluate for future migration?
ESXi
Hyper-V
XEN
VMware ESXi Server is a very popular bare metal virtual platform. It allows installing multiple operating systems that can run simultaneously on a single computer.
Microsoft’s Hyper-V is Microsoft’s solution for Type 1 hypervisors. When choosing a solution, the administrator can do a physical to virtual migration to virtualize the servers to run on the hypervisor.
Citrix’s XEN Server is another popular solution for Type 1 hypervisors. The hardware needs to only support the base system requirements for the hypervisor plus resources for the type and number of guest OSs that the sysadmin will install.
A solutions architect is designing a security architecture for a nuclear power plant facility. What would be the best design?
Air Gap
A security analyst is attempting to create efficiencies by automating certain tasks defined in the security playbook. Which automation tool would help the analyst accomplish this?
SOAR
Security orchestration, automation, and response (SOAR) automate some of the routine tasks ordinarily performed by security personnel in response to a security incident.
A network administrator is trying to set up network security so that only trusted devices have network access. What solution should the administrator set up?
NAC
Network Access Control (NAC) allows the creation of policies designed to evaluate connected devices and determine whether to allow access to a network environment.
A security architect is setting up their demilitarized zone to place one firewall on each side. What is this type of configuration called?
Screened subnet
A screened subnet uses two firewalls placed on either side of the DMZ. The edge firewall restricts traffic on the external/public interface and allows permitted traffic to the hosts in the DMZ.
A Linux administrator is configuring ModSecurity for Apache servers. Which type of attacks should the administrator set rule configurations?
File inclusion
Directory traversal
ModSecurity is a popular web application firewall for Apache servers, which helps defend against application layer attacks. File inclusion attacks are one of these application-level attacks.
Directory traversal attacks are also application layer attacks that web application firewalls help defend against.
A cloud engineer is setting up a zero-trust architecture in the company’s cloud environment but is looking for a standard to base the design on. What should the engineer use?
NIST 800-207
NIST SP 800-207 is the standard for Zero Trust Architecture. Zero Trust does not define security via network boundaries but instead via resources such as users, services, and workflows.
What NIST standard identifies the groups that are necessary when responding toan incident?
The NIST SP 800-61 Computer Security Incident Handling Guide
Which NIST standard includes an after-action report template that helps with documentation and findings?
The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-84, “Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities”
A cloud architect is analyzing the benefits of a Content Delivery Network (CDN) to assess the potential value to their organization. What are the benefits of a CDN?
Horizontal scalability
DDoS protection
Improved customer experience
Content Delivery Network (CDN) is an example of implementing horizontal scalability. By scaling horizontally, the system achieves additional capacity by adding servers to help process the same workload.
CDNs provide a level of DDoS protection. CDN architecture improves availability and redundancy, reduces costs, and improves website security by mitigating DDoS attacks.
CDNs aim to improve customer experience by improving website load times.
A security engineer is setting up a security solution that can enforce mandatory access controls between two connected sites. What should the engineer implement?
CDS
Cross Domain Solutions (CDS) operate as guardians between two connected sites. CDSs are typically associated with military establishments whereby the CDS can enforce mandatory access controls (MAC) and interpret data sensitivity levels.
A security architect is designing a strategy to help continue operating in the face of a cyber-attack. What will help to accomplish this objective?
Heterogeneity
Clustering
COA development
Heterogeneity (or diversity) refers to components that are not the same as or similar to each other. This diversity adds a layer of complexity that can slow an adversary from infiltrating an enterprise before detection.
Clustering allows multiple redundant processing nodes that share data with one another to accept connections, providing redundancy.
Part of a resilience strategy is to apply some course of action (COA) development in response to specific events. COA helps to respond accordingly in a prepared manner.
