Lesson 6: Secure Cloud Network Architecture Flashcards
What are the four cloud deployment models?
Public (Multi-Tenant): Shared resources, cost-efficient but less secure.
Private: Exclusive to one organization; more secure and controlled.
Hybrid: Combines private and public clouds for flexibility and scalability.
Community: Shared by organizations with common interests like regulatory compliance.
What are the security considerations for the 4 cloud architectures?
Single-Tenant: Fully dedicated infrastructure; most secure but costly.
Multi-Tenant: Shared infrastructure; cost-effective but needs strong separation.
Hybrid Architecture: Requires careful integration and consistent policies.
Serverless: Cloud provider manages resources; customers focus on access security.
What are the three cloud service models, and what do users manage in each?
SaaS (Software as a Service): Fully hosted applications; users handle data configuration.
PaaS (Platform as a Service): Hosts platform for app development; users manage app security.
IaaS (Infrastructure as a Service): Provides IT infrastructure components; users handle OS and app security.
What do Third-Party Vendors and Service Level Agreements (SLAs) do?
Third-party vendors are entities with access to an organization’s data or systems, posing security risks.
Service Level Agreements (SLAs) are contracts that define the level of service and security expected from these vendors, ensuring accountability and mitigating risks.
How can vendor lock-in be mitigated?
By adopting multi-cloud strategies and ensuring data portability.
What are the roles in the Responsibility Matrix?
Cloud Service Provider (CSP): is responsible for securing the cloud infrastructure itself.
- Infrastructure security, DDos protection, hardware redundancy
Customer: is responsible for securing data and applications running within that infrastructure.
- Date protection, identity access controls, encryption configuration
What is Centralized Computing and what are the pros and cons of it?
Centralized Computing has a single server control.
Pros: Strict control and easier management.
Cons: Has a single point of failure, Scalability limitations, performance bottlenecks, potential for loss of data or corruption if the server fails
What is Decentralized Computing and what are the pros and cons of it?
Decentralized Computing has resources and tasks are distributed across multiple nodes or devices
Pros: Enhanced Scalability, Security, and Resilience
Cons: Increased complexity and potential for redundancy
What are key components of a resilient cloud architecture?
Replication: Synchronous or asynchronous for application needs.
Availability Zones: Local, regional, or geo-redundant replication.
Automation: Includes Infrastructure as Code (IaC), edge computing, and auto-scaling.
Where are embedded systems commonly used?
Home appliances, automotive systems, medical devices, and industrial automation.
What is RTOS and its primary use?
Real-Time Operating Systems (RTOS): Designed for high-stability applications like aerospace, automotive, and medical fields.
What is the risk of Embedded Systems?
They are vulnerable to system-level attacks
What are the main components of Industrial Control Systems (ICS)?
Distributed Control Systems (DCS): Localized management of industrial operations.
SCADA: Manages multiple ICS across large-scale operations (e.g., energy, water supply).
Cybersecurity Priorities: Focus on availability and integrity over confidentiality.
What does the Internet of Things (IoT) pertain to?
Applications: Smart homes, healthcare, agriculture, and logistics.
What are the primary drivers of IoT adoption?
Cost reduction, 5G connectivity, and advancements in analytics.
What are key risks for Internet of Things (IoT)?
Device vulnerabilities, lack of standardization, and data privacy concerns.
What are IoT best practices?
Following IoTSF, IIC, CSA, and ETSI IoT security guidelines.
Why is Zero Trust becoming essential?
Trends like BYOD, remote work, and hybrid infrastructures eliminate clear network perimeters.
Zero Trust secures data, users, and devices by requiring constant verification.
What are the benefits of Zero Trust?
Greater security by authenticating all users/devices.
Improved governance, compliance, and granular access control.
What are the key concepts of Zero Trust?
Deperimeterization: Security emphasis shifts from network boundaries to individual assets.
Policy-Driven Access Control: Enforces least privilege and denies unauthorized requests.
What is the difference between control and data planes in Zero Trust?
Control Plane: Defines and monitors access policies, adapts to threats.
Data Plane: Handles secure session transfers in microsegmented trust zones.
What are the benefits of separating control and data planes?
Scalability, flexibility, and continuous monitoring to detect and terminate anomalous behavior.
