Securing the Cloud Flashcards

1
Q

According to NIST, this are the essential characteristics of cloud computing include the following:

A
  • on-demand self-service
  • broad network access
  • resource pooling
  • rapid elasticity
  • measured service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

4 Types of Cloud deployment models

A
  • Public Cloud (Open for public use)
  • Private Cloud (used just by the client or organization)
  • Community Cloud (shared between several organizations)
  • Hybrid Cloud (Composed of two or mode clouds - including on-prem services)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 Cloud computing basic models

A
  • Infrastructure as a Service (Iaas - cloud solution where you are renting infrastructure)
  • Platform as a Service (Paas - Provides everything except application. Include SDLC, API,Website portals, or gateway software)
  • Software as a Service (Saas - designed to provide a complete packaged solution)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A software and hardware development project management that at least five to seven phases that follow in strict linear order.

Requirements > Design > Implementation > Verification > Maintenance

A

Waterfall Development Methodology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A software and hardware development project management process where a project is managed by breaking it up into several stages and involving constant collaboration with stakeholders and continuos improvement and iteration at every stage

A

Agile Methodology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Agile Methodology 4 Main Values

A
  • Individuals and interaction over processes and tools
  • working software over comprehensive documentation
  • customer collaboration over contract negotiation
  • responding to change over following a plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Agile Methodology General Step

A

Plan> (test/deploy/review/design/develop) >Launch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

is the outcome of many trusted principles -from software development, manufacturing and leadership to the information technology value stream. Relies on bodies of knowledge from Lean, Theory of Constraints, resilience engineering, learning organizations, safety culture, human factors, and many others.

A

DevOps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Technology Devops value stream includes the following

A
  • Product Management
  • Software (or hardware) development
  • Quality Assurance (QA)
  • IT Operations
  • Infosec and cybersecurity practices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is a software development practice where programmers merge code changes in a central repository multiple times a day.

A

Continuous Integration (CI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This sits on top of CI and provides a way for automating entire software release process.

A

Continuos Delivery (CD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Is a cloud computing execution model where the cloud provide (AWS,Azure, Google Cloud and so on) dynamically manages the allocation and provisioning of servers. It also means that you will be using cloud platforms to host and or to develop your code.

A

Serverless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

One of the most popular container orchestration and management frameworks, originally developed by Google. Is a platform for creating , deploying and managing distributed applications

A

Kubernetes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A container management and orchestration platform by HashCorp.

A

Nomad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A distributed linux kernel that provides native support for launching containers with Docker and AppC images.

A

Apache Mesos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A container cluster management and orchestration system integrated with the Docker Engine.

A

Docker Swarm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A container management and orchestration platform by HashCorp.

A

Nomad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A distributed linux kernel that provides native support for launching containers with Docker and AppC images.

A

Apache Mesos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A container cluster management and orchestration system integrated with the Docker Engine.

A

Docker Swarm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Is a collection of secure development practices and guidelines that any software developer should follow to build secure applications

A

OWASP Proactive protocols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The ability to enforce network segmentation in container and VM environments

A

Micro-segmentation

22
Q

Amazon Shared Responsibility Model for SaaS

A

Customer responsibility - people,data

Cloud Service Provier Responsibility - application,runtime,middleware,operating system,virtual network,hypervisor,servers,storage,physical network

23
Q

Amazon Shared Responsibility Model for PaaS

A

Customer responsibility - people ,data, application

Cloud Service Provier Responsibility - runtime , middleware, operating system, virtual network, hypervisor,servers ,storage, physical network

24
Q

Amazon Shared Responsibility Model for IaaS

A

Customer responsibility -

people ,data,application, runtime, middleware, operating system, virtual network.

Cloud Service Provier Responsibility -

hypervisor ,servers ,storage, physical network

25
Q

Patch Management responsibility

A

Shared responsibility in IaaS and PaaS but not in SaaS envinroment

26
Q

Question to ask a Cloud Provider

A
  • Who has access?
  • What are providers regulatory requirements
  • do you have the right to audit
  • what type of training does the provider offer its employee
  • what type of data classification system does the provider use
  • how is your data seperated from users data. Is the data on a shared server or a dedicated server
  • Is encryption being used
  • What are the service legal agreement
  • What is the long-term viability of the provider
  • Will they assume liability in the case of a breach
  • What is the DR/BCP
27
Q

Is a solution that evolved from the OpenDNS acquisition. This is a cloud delivered solution that blocks malicious destination using DNS

A

Cisco Umbrella

28
Q

Umbrella looks at the patterns of DNS requests from devices and uses them to detect the following:

A
  • compromised systems
  • command-and-control callbacks
  • malware and phishing attempts
  • algorithm-generated domains
  • domain co-occurences
  • newly registered domains
  • malicious traffic and payloads that never reach the target
29
Q

Cisco Umbrella uses this routing in order to provide reliability of the recursive DNS service.

A

Anycast IP routing

30
Q

Umbrella uses authoritive DNS logs to find the following

A
  • newly stage infrastructures
  • malicious domains, IP addresses and ASNs,
  • DNS hijacking
  • Fast Flux domains
  • Related domains
31
Q

Is a DNS technique used by botnets to hide phisihing and malware delivery sites behid an ever changing network of compromised hosts acting as proxies

A

Fast Flux

32
Q

Machine learning and advanced algorithms are used heavily to find and automatically block malicious domains.

A
  • co-occurrence model (this model identifies domains required right before or after a given domain)
  • Traffic spike model: (this model recognizes when spike in traffic to a domain match patterns seen with other attacks)
  • Predictive IP space monitoring model ( this model starts with domain identified by the spike rank model and scores the steps attackers take to set up infrastructure)
33
Q

This concept of a cloud-based proxy is the basis for the ?

A

Secure Internet Gateway

34
Q

Provides organizations access to global intelligence that can be used to enrich security data and events or help with incident response. Provides complete view of attacker infrastructure. Provide access to intelligence via web console or API

A

Cisco Umbrella Investigate

35
Q

Cisco Umbrella investigate provide this features

A
  • Passive DNS database
  • WHOIS record data
  • Malware File analysis
  • Autonomous System Number (ASN)
  • IP Geolocation
  • Domain and IP reputation scores
  • Domain co-occurrences
  • anomaly detection
  • DNS request patterns and geo distribution of those request
36
Q

Cisco cloud email security supports several techniques to create the multiple layers of security needed to defend against attack types. These techniques include the following

A
  • Geolocation-based filtering
  • Cisco Context adapative scanning engine (CASE)
  • Automated threat data drawn from Cisco TALOS
  • Advanced malware protection (AMP)
37
Q

Cisoc email security feature which Is used to detect spear phishing attacks by examining one or more parts of the SMTP message for manipulation,including “envelope-from” “Reply To” and “From” Headers

A

Forged Email Detection (FED)

38
Q

Cisco email Security framework for sender authentication and domain keys identified mail (DKIM) and domain-based message authentication, reporting and conformance (DMARC) for domain authentication

A

Sender Policy framework

39
Q

Cisco Email security support advance encryption and ____ which is a standard-based method for sending and receiving secure, verified email address

A

S/MIME (Secure/Multipurpose Internet Mail Extensions)

40
Q

A company that was acquired by Cisco. The solution is a cloud access security broker (CASB). A CASB provide visibility and compliance checks, protect data against misuse and exfiltration, and provide threat protections against malware like ransomware.

A

Cisco Cloudlock

41
Q

A solution that uses NetFlow telemetry and contextual information from the Cisco Network infrastructure. This solution allows network administrators and cybersecurity professionals to analyze network telemetry in a timely manner and defend against cyber threats

A

Cisco Stealthwatch Solution

42
Q

Cisco Stealthwatch appliance can be deployed in two modes

A
  • by processing network metadata from a SPAN or a network tap
  • by processing metadata out of a netflow or ipfix flow records.
43
Q

Another company acquired by Cisco. Provides end-to-end visibility of applications and can provide insights about application performance.

A

AppDynamics (AppD)

44
Q

Is a cisco agentless technology that detect relationship and dependencies between applications and infrastructure layers.

A

Workload Optimization Manager

45
Q

Is a solution created by Cisco that utilizes rich traffic flow telemetry to address critical data centre operationally use cases. Uses both hardware and software agents as telemetry sources and performs advance analytics on the collected data

A

Cisco Tetration

46
Q

is a piece of software running within a host operation system (such as linux or windows). its core functionality is to monitor and collect network flow information.

A

Tetration software agent

47
Q

Is a functionallity inside Cisco Tetration that helps provide insight into the kind of complex applications that run in a data centre or in the cloud

A

Application Dependency Mapping (ADM)

48
Q

Is a software development methodology designed to improve quality and for teams to adapt to the changing needs of the customer

A

Extreme programming (EP)

49
Q

is a framework that help organizations work together because it encourages teams to learn through experiences

A

scrum

50
Q

CI/CD Pipeline stages

A

Source (git push)&raquo_space; Build (compile docker build)&raquo_space; Test (unit intergration&raquo_space; Deploy (Staging .. QA .. Production)

51
Q

Technique that can be used to find software errors, bugs and security vulnerabilities in application. Involve sending random data to the unit tested in order to find input validation issues, program failures, buffer overflows, and other flaws

A

fuzzing

52
Q

Cisc cloudlock provides a ________ in order to assess the relative risk of cloud connected and services according to business risk,usage risk and vendor compliance

A

Composite Risk Score (CRS)