Ch. 6 Securing the Cloud
Name the five attributes that NIST defines the cloud model as.
1. On Demand self service 2. Broad network access 3. Resource pooling 4. Rapid elasticity 5. Measured service
What is Quality of Service (QoS)?
A collection of technologies that provide the ability to balance network traffic and prioritize workloads
What is a cloud access security broker (CASB)
A software tool or service that combines lots of different types of security policy enforcement (SSO, authorization, credential mapping, encryption, etc.)
When multiple models are combined - mixing SaaS, PaaS, and IaaS into a hybrid - this is referred to as ________________ as a Service
Anything
What type of cloud does the following describe? The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (mission, security requirements, policy, and compliance). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist off prem
Community Cloud
______________ are an OS level virtualization method for running multiple isolated systems (the containers themselves) on a control host using a single kernel. This method of virtualization provides an isolated environment for applications
Containers
What is VM sprawl?
Growth that occurs on a large number of virtual machines and requires resources to up with
With a ___________ model, another provider assumes the responsibility for supplying you with the virtual access you need
Hosted
The machine on which virtualization software is running is known as a __________, whereas the virtual machines are known as ___________
Hosts, guests
What type of cloud does the following describe? The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability
Hybrid Cloud
Which Service method (SaaS, PaaS, or IaaS) does the following describe? The consumer can provision, is able to deploy and run, but still does not manage or control the underlying cloud infrastructure, but now they can be responsible for some aspects
IaaS
Describe cloud multitenancy
It's when data from multiple cloud clients are put on the same machine to save costs
Describe cloud bursting.
Its when your servers become too busy and you offload traffic to resources from a cloud provider
Which Service method (SaaS, PaaS, or IaaS) does the following describe? The consumer can deploy, they do not manage or control any of the underlying cloud infrastructure, they have control over the deployed applications
PaaS
What type of cloud does the following describe? The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist off prem
Private cloud
What type of cloud does the following describe? The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them
Public Cloud
Which cloud delivery model could be considered a pool of services and resources delivered across the Internet by a cloud provider?
Public Cloud
Which special publication are SaaS, PaaS, and IaaS defined in?
SP 800-145
Which Service method (SaaS, PaaS, or IaaS) does the following describe? The consumer can use the provider's applications and they don't manage or control any of the underlying cloud infrastructure
SaaS
_______________ involves running apps in restricted memory areas to provide escape protection
Sandboxing
Name the four main virtualization types
Server, Desktop, Application, and Presentation
What is VM escape?
The act of breaking out of one virtual machine into one or more others on the same physical host
T/F: According to NIST, ultimately, the organization is responsible for the choice of public cloud and the security and privacy of the outsourced service
True
Name the type of hypervisor this describes: Known as bare metal, this hypervisor is independent of the OS and boots before the OS
Type I Hypervisor
Name the type of hypervisor this describes: Known as hosted, is dependent on the OS and cannot boot until the OS is back up and running (it needs the OS to stay up so that it can boot)
Type II Hypervisor
What does VDE and VDI stand for?
Virtual Desktop Environment Virtual Desktop Infrastructure