Section 13: Cloud Computing

Question 1

Cloud computing

Answer 1

A way of offering on-demand services that extend the traditional capabilities of a computer or network

Question 2

VDI

Answer 2

Virtual Desktop Infrastructure - VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server

Question 3

What are the four different cloud types?

Answer 3

Public

Private

Hybrid

Community

Question 4

Public Cloud

Answer 4

A service provider makes resources available to the end users over the internet

Question 5

Private Cloud

Answer 5

A company creates its own cloud environment that only it can utilize as an internal enterprise resource

Question 6

Hybrid Cloud

Answer 6

Benefits of both public and private cloud

Question 7

Community Cloud

Answer 7

Resources and costs are shared among several different organizations who have common service needs

Question 8

Saas

Answer 8

Software as a Service - Provides all the hardware, OS, software, and apps needed for a complete service to be delivered

Question 9

IaaS

Answer 9

Infrastructure as a Service - Provides all the hardware, OS and backend software needed in order to develop you own software or service

Question 10

PaaS

Answer 10

Platform - Provides your organization with the hardware and software needed for a specific service to operate

Question 11

SecaaS

Answer 11

Security as a Service - Provides your organization with various types of security services without the need to maintain a cybersecurity staff

Question 12

Sandboxing

Answer 12

Utilizes separate virtual networks to allow security professionals to test suspicious or malicious files

Question 13

File Servers

Answer 13

Servers are used to store, transfer, migrate, sync, and archive files for your organization

Question 14

__________ are a frequent point of attack in cloud environments

Answer 14

Email servers

Question 15

Web Servers should be placed in your

Answer 15

DMZ

Question 16

FTP Server

Answer 16

A specialized type of file server that is used to host files for distribution across the web

Question 17

Domain Controller

Answer 17

A server that acts as a central repository of all the user accounts and their associated passwords for the network

Question 18

Golden Ticket

Answer 18

Generates a ticket to allow access into the DC

Question 19

VPCs

Answer 19

Virtual Private Clouds - A private network segment made available to a single cloud consumer within a public cloud

Question 20

What two things do you need to consider when storing data in the cloud?

Answer 20

Compliance and regulatory considerations

Question 21

Serverless

Answer 21

A software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances

Question 22

Insecure API

Answer 22

Must always be used over an encrypted channel! All data must pass server-side validation routines! Error handling and error messages! Implement throttling/rate-limited mechanisms to protect from a DoS

Question 23

Improper Key Management. How do you mitigate this?

Answer 23

Use SAML, OAuth. OIDC for authentication

Do not hardcode or embed a key into the source code

Delete unnecessary keys and regenerate keys when moving into a production environment

Make sure you have hardening policies in place for all hosts, servers, etc.

Question 24

Insufficient Logging and Monitoring. Mitigating?

Answer 24

Software as a service may not supply access to log files or monitoring tools

Logs must be copied to non-elastic storage for long-term retention=

Question 25

Unprotected Storage mitigation

Answer 25

Cloud storage containers are referred to as buckets or blobs

Check your permissions; make sure they’re correct

Incorrect origin settings may occur when using content delivery

Question 26

Cross Origin Resource Sharing (CORS) Policy

Answer 26

A content delivery network policy that instructs the browser to treat requests from nominated domains as safe