Module 5 Flashcards
Identity
The identity concept consists of user identities, service and app identities, API keys, and resources. Users are identified by their IBMid, SoftLayer, or AppID user ID. Service IDs are a second type of identity that is used in an account.
Access Management
The concept of access management consists of a few interrelated components, including users, service IDs, access groups, resources, policies, roles, actions, and the IBM Cloud IAM control system, which allows users to take actions on resources within an account.
How IBM Cloud IAM works
There are two common types of IAM systems in cloud providers and understanding each of these models can help users gain a better understanding of how IAM works in IBM Cloud.
Security in the Virtual Private Clouds (VPCs)
Security groups and ACLs provide ways to control the traffic across the subnets and instances in acompany’sIBM Cloud Virtual Private Cloud, using rules that they specify.
two types of network access controls comprise the layers of VPC security:
Access control lists (ACLs) and security group
Network Security
Computer network security protects the integrity of information contained by a network and controls who access that information
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) is a technology that encrypts traffic between the client application and the server application.
btaining an SSL/TLS Certificate
SSL/TLS certificates are issued to a specific domain or sub-domains by certificate authorities, also known as CAs.
IBM Certificate Manager
Is aservice helps users manage and deploy SSL/TLS certificates for their apps and services. Certificate Manager provides users with a security-rich repository for their certificates and their associated private keys.
how user data is stored and encrypted in Block Storage
IBM Cloud Block Storage that is provisioned with either Endurance or Performance option is secured with provider-managed encryption, at no extra cost and no impact to performance.
Provisioning Storage with Encryption
The provider-managed encryption-at-rest feature is available for Block Storage that is provisioned in most data centers.
IBM Object Storage Security
Uses an innovative approach for cost-effectively storing large volumes of unstructured data that ensures security, availability, and reliability.
IBM Secrets Manager
Secrets managementservices enable the secure management of digitalcredentials that ultimately allow entitiesto securely interact with services.
How user data is stored and encrypted in Secrets Manage
Their secrets are encrypted at rest by usingenvelope encryption. At no time are their credentials available in clear text while they are stored by the service.
Continuous Delivery
Allowsdevelopment teams to automate the process that moves software through the software development lifecycle.
Managing security and compliance with Continuous Delivery
Continuous Delivery is integrated with the Security and Compliance Center to help users manage security and compliance for their organization.
ontinuous Delivery − Delivery Pipeline
A delivery pipelineautomates the continuous deployment of a project. In a project’s pipeline, sequences of stages retrieve input and run jobs, such as builds, tests, and deployments.
Code Engine and Security
The IBM code engine architecture is built with a security-first mindset. Code Engine components aremanaged and owned by IBM.
When it comes to protecting user data from internal security threats, which of the following is considered the most popular and effective control?
Encryption
Which of the following is considered a list of rules that limit who can access a particular subnet within theVPC.
Access Control
Security groups and ACLs provide ways to control the traffic across the __________and instances in a company’sIBM Cloud Virtual Private Cloud, using rules that they specify. (Fill in the blank.)
Subnets
Which ID is considered asecond type of identity that is used in an account?
Service
Which IBM service enables users to run containerized applications in a secure enclave on an IBM Cloud Kubernetes host, providing data-in-use protection.
Data Shield
In an IBM Cloud platform management role who would be permitted to modify the state of the resource such as create, delete, and edit, as well as create and delete sub-resources in a VPC?
Editor
Users need to install and register which type of worker so that IBM Cloud continuous delivery development teams can use them in their toolchain configuration?
Private
When using IBM Cloud Object Storage, what types of data are encrypted?
Data at Rest
Which IBM Cloud storage services are provisioned with either an endurance or performance option, is secured with provider-managed encryption, and where the customer incurs no extra cost and no impact to performance?
B.Block
C.Database
Which of the following IBM service is used to manage SSL/TSL certificates?
Certificate manager
