Virtualization Flashcards
Restore point
A restore point is a feature in operating systems, such as Microsoft Windows, that allows users to create a snapshot of the system’s configuration and settings at a specific point in time. This snapshot includes critical system files, registry settings, and other important configurations.
Restore points serve as a safety net for users in case they encounter issues with their system, such as software installation problems, driver conflicts, or system instability. If a problem occurs, users can revert their system back to a previous restore point, effectively restoring the system to a state where it was functioning properly.
Creating a restore point is a proactive measure that users can take to ensure they have a fallback option in case of unforeseen issues. It’s important to regularly create restore points, especially before making significant changes to the system, such as installing new software or updating device drivers.
Shadow copy
Shadow Copy, also known as Volume Shadow Copy Service (VSS), is a feature in Microsoft Windows operating systems that enables users to create point-in-time snapshots, or “shadow copies,” of volumes or drives. These shadow copies capture the state of files and folders at a specific moment, allowing users to restore previous versions of files or recover data in the event of accidental deletion, file corruption, or other data loss scenarios.
When a shadow copy is created, the VSS service takes a snapshot of the volume by copying the contents of files and maintaining a record of changes made to those files since the snapshot was taken. This process enables users to access previous versions of files without affecting the current state of the data.
system image
A system image is a complete backup of an entire operating system, including the operating system files, system settings, applications, and personal data. It captures the exact state of a computer’s hard drive or system partition at a specific point in time, allowing users to restore the entire system to that state in the event of a catastrophic failure, such as hardware failure, system corruption, or malware infection.
Unlike regular file backups, which only back up individual files and folders, a system image provides a comprehensive backup solution that enables users to restore their entire system to a previous state quickly and efficiently. This is particularly useful when reinstalling the operating system and reinstalling all applications and settings would be time-consuming or impractical.
snapshot
A snapshot, in the context of computing and data management, refers to a point-in-time copy or state of a system, application, or data set. It captures the current state of the system or data at the moment the snapshot is taken, allowing users to revert to that specific state later if needed.
Snapshots are commonly used in various computing environments, including virtualization platforms, storage systems, and database management systems. In virtualization, for example, administrators can take snapshots of virtual machines to capture their current configurations, disk contents, and memory state. This enables them to roll back to a previous state if changes or updates cause issues or to create a consistent backup before making changes.
A file-based representation of the state of a virtual machine at a given point in time is called:
Restore point
Shadow copy
Snapshot
System image
A file-based representation of the state of a virtual machine at a given point in time is called a “snapshot.” This snapshot captures the current state of the virtual machine’s disks, memory, and other settings, allowing users to revert the virtual machine to that specific state later if needed. Snapshots are commonly used in virtualization environments to create backups, test software configurations, and troubleshoot issues without affecting the production environment.
While all these terms involve capturing the state of a system, “Snapshot” specifically refers to a file-based representation of a virtual machine’s state at a given point in time
VM Sprawl
VM sprawl refers to the uncontrolled proliferation or proliferation of virtual machines (VMs) within a virtualized environment. It occurs when VMs are created without proper planning, oversight, or management, leading to an excessive number of VMs that are underutilized, redundant, or obsolete.
Several factors contribute to VM sprawl, including:
Lack of governance: Absence of policies, procedures, and controls for VM provisioning and management can result in the unchecked creation of VMs by different users or departments within an organization.
Resource allocation inefficiencies: VMs may be provisioned with more resources (e.g., CPU, memory, storage) than necessary, leading to resource wastage and increased infrastructure costs.
Poor lifecycle management: Failure to monitor and manage VMs throughout their lifecycle, including provisioning, usage, decommissioning, and retirement, can result in VMs being left running unnecessarily or forgotten about.
Inadequate monitoring and reporting: Insufficient visibility into VM usage, performance, and ownership can make it challenging to identify and address instances of VM sprawl effectively.
VM escape
VM escape, also known as virtual machine escape or guest-to-host escape, is a security vulnerability that occurs when an attacker gains unauthorized access to the underlying host system from within a virtual machine (VM). This exploit allows the attacker to break out of the isolated VM environment and access resources or execute code on the host system, potentially compromising the entire virtualization infrastructure.
VM escape vulnerabilities are considered critical as they undermine the fundamental security boundary provided by virtualization technology. They can be exploited through various means, including exploiting flaws in the hypervisor, leveraging vulnerabilities in guest-to-host communication channels (such as shared folders or clipboard functionality), or exploiting vulnerabilities in guest operating systems or virtualization components.
How to Defend: To mitigate the risk of VM escape vulnerabilities, organizations should regularly update and patch their virtualization software and guest operating systems, implement strong access controls and segmentation to limit the impact of a potential breach, monitor for suspicious behavior within VMs and on host systems, and employ virtualization-specific security solutions such as intrusion detection/prevention systems and hypervisor security features. Additionally, security best practices such as least privilege, network segmentation, and regular security audits can help reduce the likelihood of successful VM escape attacks.
Patch management
Patch management is the process of identifying, acquiring, testing, and applying updates or patches to software, operating systems, firmware, and other IT assets to address vulnerabilities, bugs, and security weaknesses.
Patch management typically involves several key steps:
Identification: Monitoring vendor announcements, security advisories, and vulnerability databases to identify patches relevant to the organization’s IT environment.
Evaluation: Assessing the severity, impact, and applicability of patches to determine their priority and relevance to the organization’s systems and operations.
Testing: Verifying the compatibility and stability of patches in a controlled testing environment before deploying them to production systems to minimize the risk of unintended consequences or disruptions.
Deployment: Applying approved patches to production systems in a timely manner, following established change management procedures and scheduling updates to minimize downtime and service disruptions.
Verification: Verifying that patches have been successfully applied and that systems are functioning as expected after the update process.
Monitoring: Continuously monitoring systems for new vulnerabilities and patches, and repeating the patch management cycle as needed to maintain the security and integrity of the IT infrastructure.
usage audit
In the context of IT and technology, a usage audit typically involves assessing the usage of software licenses, hardware devices, network bandwidth, cloud services, and other IT resources. The goals of a usage audit may include:
License compliance: Ensuring that software licenses are used in accordance with the terms and conditions specified by the software vendors, preventing overuse or unauthorized use of software.
Cost optimization: Identifying opportunities to optimize costs by reallocating or consolidating resources, eliminating underutilized assets, or renegotiating contracts with vendors based on actual usage.
Security and risk management: Monitoring and detecting unauthorized or suspicious activities that may indicate security breaches, data breaches, or compliance violations, and taking corrective actions to mitigate risks.
Performance optimization: Analyzing resource usage patterns to identify bottlenecks, optimize configurations, and improve the performance and efficiency of IT systems and services.
physical security controls
Physical security controls are measures put in place to protect physical assets, such as buildings, equipment, and data centers, from unauthorized access, theft, damage, or interference. These controls include things like locks, access control systems, surveillance cameras, security guards, and environmental controls (like fire suppression systems and temperature monitoring). They’re essential for safeguarding physical infrastructure and preventing physical breaches.
sandboxing
Sandboxing is a security technique used to isolate programs or processes from the rest of the system. It creates a controlled environment where untrusted or potentially harmful software can be executed without affecting the rest of the system. Sandboxing helps prevent malware from spreading and causing damage by restricting its access to resources and sensitive data. It’s commonly used in web browsers, email clients, and antivirus software to analyze suspicious files or behavior in a safe environment.
asset documentation
Asset documentation refers to the process of creating and maintaining records that detail an organization’s physical and digital assets. This documentation typically includes information such as the type of asset, its location, its owner, its value, its purchase date, and any relevant maintenance or support contracts. Asset documentation is crucial for effectively managing and securing assets throughout their lifecycle, including tracking inventory, identifying vulnerabilities, and ensuring compliance with regulations. It helps organizations understand what assets they have, where they are, and how they’re being used, which is essential for making informed decisions about resource allocation and risk management.
Which of the following terms refers to the concept of virtualization on an application level?
Serverless architecture
Containerization
System on a Chip (SoC)
Infrastructure as code
Containerization allows applications to be packaged along with their dependencies and run consistently across different computing environments. It provides an isolated environment for running applications, similar to virtual machines but with less overhead. This approach is commonly used with technologies like Docker and Kubernetes.
Serverless architecture: Serverless architecture is a cloud computing model where cloud providers manage the infrastructure needed to run applications. Developers write and deploy code in the form of functions, and the cloud provider automatically allocates resources to run those functions in response to triggers or events. With serverless architecture, developers don’t need to provision or manage servers, and they only pay for the actual resources consumed by their functions.
System on a Chip (SoC): System on a Chip refers to the integration of multiple components of a computer system onto a single chip or integrated circuit. These components typically include a central processing unit (CPU), memory, input/output interfaces, and sometimes additional functionality like graphics processing units (GPUs) or communication modules. SoCs are commonly used in embedded systems, mobile devices, and other compact computing devices where space and power efficiency are important.
Infrastructure as code: Infrastructure as code (IaC) is an approach to managing and provisioning computing infrastructure through machine-readable configuration files or scripts, rather than manually configuring hardware or using interactive tools. IaC allows infrastructure to be treated as code, enabling automation, version control, and consistency in deploying and managing infrastructure resources. It’s often associated with DevOps practices and tools like Terraform, Ansible, and Chef.
What type of backups are commonly used with virtual machines? What are the otehrs used for?
Incremental backups
Snapshot backups
Tape backups
Differential backups
Snapshot backups: Snapshots capture the state of a virtual machine at a specific point in time, allowing you to revert to that state if needed. They’re efficient for quickly creating backups without interrupting the VM’s operation, but they’re typically stored on the same storage system as the VM, so they’re not a complete disaster recovery solution.
Other types of backups include:
Incremental backups: Incremental backups only copy data that has changed since the last backup, reducing the amount of data transferred and storage space required. They’re efficient for regular backups and require less time and resources compared to full backups.
Tape backups: Tape backups involve storing data on magnetic tape cartridges, providing an offline backup solution that’s resistant to cyberattacks and natural disasters. While less common in modern environments, tape backups are still used for long-term archival storage and compliance purposes.
Differential backups: Differential backups copy all data that has changed since the last full backup, regardless of whether it has changed since the previous backup. They’re similar to incremental backups but typically require more storage space and time to complete.
WAN
WAN stands for Wide Area Network. It’s a type of network that covers a large geographical area, connecting multiple LANs (Local Area Networks) or other WANs together. WANs are typically used to facilitate communication and data exchange between widely dispersed locations, such as different offices within a company, branch offices, or even across different countries. They often rely on telecommunications networks, such as leased lines, satellite links, or public internet connections, to transmit data over long distances. WANs enable organizations to establish a unified network infrastructure that supports centralized services, remote access, and collaboration among geographically distributed users and resources.