Cloud Security Engineer

avatar
Created by
EarlyHorse17571

Cards (72)

  • What are the three pillars of cloud security?
    •  The three pillars are: IAM, Data Security/Encryption and Edge Security. IAM to ensure you deploy a least privileged model throughout the environment across user accounts and service-to-service connections. Data security/encryption as a last stand for your security posture where if your data was breached, if it is encrypted, it will be safe. 
  • What makes the cloud an advantageous space to move into for any company?
    • The biggest advantage to the cloud is typically cost savings since you are paying a shared cost for the infrastructure. The cloud can become more costly than on-premise data centers if you do not use it correctly. Also, the ability to offer a wide range of products to help enhance your offerings is a huge advantage.
  • What is the worst type of encryption to deploy on a database?
    • The worst type of database encryption is full disk encryption because it significantly slows down the performance of the database. This will also likely result in increased costs for that database. The best solution for this is field, row, and/or column encryption. All these options are faster than whole disk encryption and will not increase the cost of the database in a sizable way
  • If our company deals primarily with big data, which cloud provider would you recommend we go into and why?
    • GCP is known as the leader in handling big data in the cloud. They have optimized solutions that are tested with their data. They have the best cloud-native solutions for handling large data sets. Some of that is BigQuery, where you can query data via SQL commands
  • What are the challenges with using our pre-existing SIEM in the cloud? 
    • The cloud pricing model is based on data that leave the cloud provider. An example of this is you store a document in S3, you are not only charged on the storage space and utilization of resources, but when you download that document, you are charged for downloading it. If we translate that into using your existing SIEM, all logs from the cloud would need to be sent to the SIEM.
  • We have data from EU residents as well as USA residents. How do we ensure data from both countries meet the required compliance requirements?
    • In the cloud provider, you will have to ensure that EU data only resides within EU availability zones and the USA data resides in USA availability zones. Once you have determined that, you should lock it down, so each cloud account has its restrictions based on compliance requirements. 
  • Which deployment model do databases fall into in the cloud? 
    • Databases typically fall into PaaS deployment models since you are using the database in place and storing your data in it. You are then interacting with that data in some way, so it is more of a managed platform. If you were setting up your database on a VM, it would be IaaS, but since you are not setting up the database, it is PaaS.
  • What are the top security concerns in SaaS deployment models?
    • In SaaS, you have little to no control over the application and how it stores your data. Security in SaaS is limited to ensuring a least privileged model is deployed and encrypting your data wherever possible. One risk of SaaS is vendor lock-in. To avoid this, you should confirm in the contract how your data is stored to ensure that you can export your data if you ever leave that provider. 
  • We continuously have vulnerabilities that reoccur on our EC2 instances in AWS. How do you identify the source of those vulnerabilities and resolve them permanently?
    • Most of the time, vulnerabilities in EC2’s are from vulnerable image files. It is critical to keep the image files up to date with the latest patches from the vendor. If you have image files that have vulnerabilities, then when you deploy it, that EC2 will be vulnerable.
  • What is a hypervisor in the cloud that you have control over?
    • The only hypervisor in the cloud you would have any control over is the orchestration layer to containers. This can be seen as Docker or another type of orchestration technology. 
  • What is the most secure way to transfer your data to the cloud?
    • There are several components to this answer. First, you would want a direct link from the cloud to your environment with TLS 1.3. You would then want to encrypt your data and ensure the encryption key is never sent with the data and never goes to that cloud provider.
  • What is the most secure way to transfer your data to the cloud?
    • Once the encryption takes place, you can transfer the data over the encrypted link. Once the data is in the cloud, you would want to ensure it is stored securely using the least privileged model on the data, ensuring it is encrypted and that the service that is storing the data has the most secure settings. 
  • In an Incident Response Scenario, what does the cloud make close to impossible if they do not offer a cloud-native service for it?
    • Digital Forensics is close to impossible if the cloud provider has no native service for it. The reason is that the forensics would be performed on hardware shared across several customers. The forensics software wouldn't know this, and you would get data from every customer, not just yourself. This is a huge security breach and should be avoided at all costs. 
  • What is the largest risk of using any cloud provider?
    • Once you start consuming the services of a cloud provider, the cloud provider can set it up in a way that entices or forces you to consume more services. This can get to a level where you cannot leave that cloud provider due to your consuming services. This is called vendor lock-in, and it is something that should be assessed early on. 
  • What is the new type of DDoS in the cloud that does not exist on-premise?
    • An attacker can now perform a DDoS from resource utilization. In the cloud, you are charged based on what you use in the cloud. If the attacker can increase your resource utilization to a point where you cannot pay the bill, they have effectively put you out of business or slowed you down dramatically. 
  • What is an example of IaaS in AWS?
    • EC2 instances are the most prevalent example since you control the OS you deploy, and all of the underlying infrastructure is managed for you.
  •  Is penetration testing allowed in AWS?
    • Yes, but you must have prior approval from AWS with a well-defined scope, and they will verify if you can perform the test. 
  • What is long-term storage in AWS, and if I make a mistake, can I remove data from it at the 45-day mark? 
    • AWS Glacier storage is AWS’s long-term storage solution. When deciding which data should be put into Glacier you should be aware that if a mistake is made and not corrected within seven days of setting it, then that data is locked in that long-term storage for a minimum of three years. 
  • If we have a security group rule that blocks inbound traffic on port 22 for a security group, but we see traffic from a server in that security group on port 22, why would this happen?
    • Security group rules block inbound traffic only. The server in question must have initiated the connection on port 22 to make it past the security group rule. 
  • What is a unified platform used to manage the security posture of multiple cloud providers at once?
    • CSPM is known as a cloud security platform manager. It manages and monitors the security posture of your environments across multiple clouds into one central console. 
  • What is the biggest challenge with securing the cloud? 
    • Typically, the biggest challenge is not technical; it is a people problem. Security is often seen as slowing things down and telling people they can't do something. In the cloud, this is more detrimental than normal, so getting people on board and working with you to fix issues is typically the biggest challenge. 
  • Why should you use cloud computing?
    The main advantages of using cloud computing can be listed below in the following points:
    • It increases productivity
    • It is cost effective and saves time
    • It is an easy and secure data storage
    • It is useful for data backup
    • It has powerful servers
    • It also has sandboxing capabilities
  • List the three basic clouds in cloud computing.
    • The three basic clouds in cloud computing are Professional Cloud, Performance Cloud, and Personal Cloud.
  • What are the general characteristics of cloud computing?
    The basic characteristics of cloud computing are as follows:
    • Elasticity and scalability
    • Standardized interfaces
    • Billing self-service based usage
    • Self-service provisioning
    • Automatic de-provisioning
  • What are the components of a server computer in cloud computing?
    • The basic components of a server computer include Motherboard, Hard drives, Memory, Network Connection, Processor, Video, and Power Supply and so on.
  • What are the platforms for using large-scale cloud computing?
    • The platforms for large-scale cloud computing are: Apache Hadoop and Map Reduce.
  • What are the platforms for using large-scale cloud computing?
    • Apache Hadoop – It is an open source platform written in Java. It creates a pool of computer with each file system. Then the data elements are clustered and similar hash algorithms are applied. Then copies of the existing files are created.
    • Map Reduce – It is a software built by Google in order to support distributed computing. It uses a large set of data and various cloud resources and then distributes the data to several other computers known as clusters. Map Reduce can deal with both structured and unstructured data.
  • What security aspects do you receive along with cloud?
    There are mainly two security aspects of cloud, these are –
    • Authentication and authorization, and
    • Control of access.
    The former allows only those users who are genuine, to access that data and applications. Whereas, the latter aspect permits the users to control the access of other users who may try to enter into the cloud environment.
  • How can you deploy cloud computing with different models?
    • Various models are used for deployment in cloud computing. They are as follows: Private Cloud, Public Cloud, Hybrid Cloud, and Community Cloud.
  • What are the precautions that a user must consider before going for cloud computing?
    • The precautions that a user must take before going for cloud computing are as follows:
    • Integrity of data
    • Loss of data
    • Data storage
    • Continuity of business
    • Compliance with the rules and regulations
    • Uptime
  • Can you name some open source cloud computing platform databases?
    • The three main open source cloud computing platform databases are Couch DB, Lucid DB, and Mongo DB. (DB stands for database)
  • Can you differentiate between computing for mobiles and cloud computing?
    • Although, both of these use the same concept, yet they differ in some instances. In the case of cloud computing, it is activated via the internet instead of the individual device. This facilitates the user to retrieve data on demand. On the other hand, the mobile runs applications on the remote server and therefore lets the user access the storage and manage accordingly.
  • What can a user gain from utility computing?
    • The main advantage of utility computing is that a user pays for only what he uses. It is like a plug-in that is managed by the organization which decides on the type of services to be deployed from the cloud.
  • Do you know the security laws that are implemented to secure data in the cloud?
    • Validation of input: The input data is controlled.
    • Backup and security: The data is secured and stored and thus controls data breaches.
    • Output reconciliation: The data is controlled which is to be reconciled from input to output.
    • Processing: The data which is processed correctly and completely I an application, is controlled.
  • Define cloud computing in layman language:
    • It is the computing based on the internet. Here, the internet is used to process and deliver the services to the users as and when required. Several companies are resorting to cloud computing now in order to fulfill the needs of the customers, business leaders or providers.
    • The resources are thus treated as a pool herein, and not as resources that are independent.
  • How is cloud different from traditional data centers?
    • The traditional data centers are expensive owing to the factor that the heating of hardware or software. And most of the expenses are spent on the maintenance of the data centers, but this is not the case in cloud computing. In the case of the cloud, the data can be stored easily and does not require as much expense with their maintenance.
  • What is cloud architecture?
    • It is the main question in the case of network security interview questions and answers. Cloud architecture is the combination of both components along with the subcomponents that are required for cloud computing.
    • Both the front end and back end platforms are there which include the clients, mobile device, server, and storage in all. Other than these, a network and a cloud-based delivery are also there.
  • Name the building blocks of cloud architecture.
    • There are essentially three building blocks in the cloud architecture.
    • The first is the Reference Architecture; next is Technical Architecture and the last is Deployment operation Architecture.
  • Define the different layers of cloud architecture.
    There are five layers of cloud architecture, and they are as follows:
    • Cloud Controller (CLC)
    • Storage Controller (SC)
    • Node Controller (NC)
    • Cluster Controller
    • Walrus
  • What are the business benefits that can be derived from cloud architecture?
    The benefits of cloud architecture are mentioned below:
    • In time infrastructure
    • Efficient utilization of resources
    • Zero infrastructure investment