CS 5610: Introduction to Cloud Computing Lecture 4

Questions and Answers

What is the role of a cloud hypervisor?

• To provide encryption for data storage.
• To create physical servers from virtual machines.
• To monitor cloud resource usage.
• To enable sharing of physical computing and memory resources across VMs. (correct)

Which of the following is NOT considered a cloud mechanism?

• Cloud Resource Replication
• Physical Server Management (correct)
• Automated Scaling
• Load Balancer

Why are virtual servers significant in cloud computing?

• They increase the number of physical servers in the cloud.
• They replace cloud storage entirely.
• They eliminate the need for cloud security measures.
• They allow multiple cloud consumers to share a single physical server. (correct)

Which of the following best describes the shared security responsibility in cloud environments?

Both cloud consumers and providers share the responsibility for security. (D)

What defines the capacity of a physical server in relation to virtual servers?

The total number of virtual machines it can support. (C)

Which mechanism is used to automatically adjust resources based on demand?

Automated Scaling (A)

Which component is essential for establishing a logical network perimeter in cloud environments?

Logical Network Perimeter (B)

Which of the following describes a common function of a load balancer in cloud services?

To distribute incoming network traffic across multiple servers. (B)

What does the failover system do when a failure is detected in an IT resource?

It commands the load balancer to switch to another resource. (D)

What occurs when the active instance of a Cloud Service A implementation fails?

The failover system activates a backup cloud service instance. (D)

What characterizes an active-passive configuration in a failover system?

The secondary resource remains inactive until a failure occurs. (D)

What is the primary purpose of the resource cluster mechanism?

To logically group IT resources for improved allocation and use. (D)

In an active-active configuration, how does the system respond to resource failure?

The active resource takes on extra workload without interruption. (D)

Which of the following statements about a cluster management platform is TRUE?

It is responsible for the coordination of clustered IT resources. (A)

What role does the load balancer play in the failover system?

It directs the workload to the active resource. (A)

How does a server cluster increase performance?

By clustering physical or virtual servers. (A)

What happens to an inactive implementation in a failover process?

It is activated to take over when the active resource fails. (C)

What function does high-speed dedicated network connections serve in the resource cluster mechanism?

They facilitate communication for workload distribution and system synchronization. (A)

What is the primary purpose of monitoring the operational status of the active instance?

To ensure that consumer requests are captured. (D)

In the context of cloud services, what is typically the first action taken after a failure is detected?

An inactive implementation replaces the active one. (D)

In an active-passive failover system, what happens to the backup instance during normal operation?

It remains idle and does not process any workloads. (A)

What is a primary characteristic of resource clusters?

They allow IT resources to operate as a single logical unit. (A)

What does a failover system ensure when one Cloud Service A implementation fails?

Continuity of service through workload redistribution. (B)

Which type of resource cluster specifically involves virtual servers?

Server Cluster (A)

What is the main cause of misconfiguration in cloud services?

Human negligence (D)

What is one effective method to reduce the risk of unauthorized access?

Implementing multi-factor authentication (MFA) (D)

Which principle should be applied for user access to systems to enhance security?

Principle of Least Privilege (PoLP) (D)

What vulnerability occurs due to a lack of proper authentication or authorization mechanisms?

Insufficient Authorization (D)

What can result from weak passwords or shared accounts in cloud environments?

Weak authentication (A)

What incident affected the Broward Health public health system?

A large-scale data breach (D)

How can organizations improve their security configurations?

By automating security checks (D)

What potential consequence can arise from insufficient authorization in cloud environments?

Legal liability and data loss (C)

What does the VIM do in response to a busy physical server?

It commands the hypervisor to suspend execution of the virtual server. (B)

How does state information get synchronized during virtual server migration?

It is synchronized via a shared cloud storage device. (D)

What is the primary purpose of the Logical Network Perimeter?

To isolate IT resources from unauthorized users. (D)

Which of the following is NOT a key feature of the Logical Network Perimeter?

Centralized Data Management (D)

Which technologies contribute to establishing the Logical Network Perimeter?

Software-defined networking, virtual networks, and security mechanisms. (B)

What is the function of virtual firewalls within the Logical Network Perimeter?

To filter network traffic. (B)

What does the cloud storage mechanism enable?

Data storage, management, and access over the internet. (B)

Which of the following represents implementations of logical network perimeters in cloud environments?

Virtual Private Cloud (VPC) in AWS and Virtual Network (VNet) in Azure (D)

Study Notes

Learning Objectives

• Comprehend the building blocks of cloud environments.
• Explain how cloud mechanisms support cloud services and features.
• Understand fundamental terms and concepts in cloud security.
• Identify common threats and attacks in cloud environments.
• Recognize the shared security responsibility between cloud consumers and providers.

Cloud Mechanisms

• Technology-centric aspect of cloud computing necessitates a set of mechanisms for service support.
• Key mechanisms include:
  • Cloud Virtual Server and Hypervisor
  • Automated Scaling
  • Load Balancer
  • Logical Network Perimeter
  • Cloud Storage
  • Usage Monitor
  • Resource Replication
  • Multi-device Broker
  • Ready-Made Environment

Cloud Virtual Server

• Virtual servers emulate physical servers to allow multiple consumers to share resources.
• Each virtual server instance can host various IT resources and solutions.
• Capacity limits dictate the number of virtual instances per physical server.
• Terminology: Virtual Server is synonymous with Virtual Machine (VM).
• Serves as a foundational aspect of cloud infrastructure.

Cloud Hypervisor

• Software enabling resource sharing across multiple VMs on a cloud provider's physical server.
• Virtual Infrastructure Manager (VIM) commands hypervisors, facilitating live migration of virtual servers.
• Synchronization of state information (e.g., memory pages) is achieved through shared cloud storage.

Logical Network Perimeter

• Acts as a virtual barrier separating a secure cloud environment from an external network.
• Established using software-defined networking, virtual networks, and security measures.
• Ensures secure internal communications and isolates cloud IT resources from unauthorized access.
• Implementations include Virtual Private Cloud (VPC) in AWS and Virtual Network (VNet) in Azure.

Cloud Storage Mechanism

• Enables data management and access over the internet using remote servers.
• Can be virtualized similar to physical servers.
• Facilitates failover systems for operational continuity during errors.
  • Active-Active: Both systems run concurrently, failover when one fails.
  • Active-Passive: Standby system activates when the active system fails.

Resource Cluster Mechanism

• Allows logical grouping of multiple IT resources to increase efficiency and capacity.
• Resource instances can be managed as a single entity for improved availability.
• High-speed connections facilitate communication among clustered resources for workload management.

Misconfiguration of Cloud Services

• Commonly results from human error; preventable through:
  • Deploying Multi-Factor Authentication (MFA).
  • Applying the Principle of Least Privilege (PoLP) for access control.
  • Automating security checks with appropriate tools.
  • Following best practices for configuration.

Insufficient Authorization

• Leads to unauthorized access and potential data breaches.
• Often arises from weak passwords or shared accounts, resulting in broader access for attackers.
• Attacks exacerbate risks associated with accessing protected IT resources.
• Example: Broward Health data breach affected 1,357,879 individuals due to insufficient protections on medical information.

Description

This quiz covers Cloud Mechanisms and Cloud Security as part of the CS 5610 course. It explores the building blocks of cloud environments, and explains how cloud services function. Additionally, common threats and attacks in cloud security are discussed, ensuring a comprehensive understanding of the subject.