This is not a fluffy thing in the sky. In cybersecurity, it means using remote computing resources over the internet instead of owning all the hardware yourself.
What is cloud computing?
In the shared responsibility model, this side is like the landlord: it secures the physical building, hardware, data centers, and core infrastructure.
Who is the cloud provider?
Leaving this public is the cloud version of leaving a filing cabinet open on the sidewalk.
What is a public storage bucket / public cloud storage exposure?
In the typical vulnerability workflow, this stage comes after deployment and includes public exposure, weak IAM, risky tokens, or vulnerable components.
What is misconfigure access?
This cloud concept is basically the bouncer at the club: it decides who gets in and what they are allowed to do once inside.
What is identity / IAM?
This technology allows one physical server to be split into many virtual machines.
What is virtualization?
Which service model means the provider runs almost everything and the customer mainly just uses the application? A. IaaS B. PaaS C. SaaS D. Hybrid cloud
SaaS
This type of weakness happens when security settings are wrong, such as open ports, overprivileged identities, unsecured storage, or default credentials.
What is a cloud misconfiguration?
In the slideshow’s cloud vulnerability workflow, this is the “move fast” stage where a cloud service, app, bucket, API, or tool goes live.
What is deploy fast?
This is the cloud’s “apartment building” idea: different customers may share the same hardware, but they are supposed to stay isolated.
What is multi-tenancy?
Which cloud building block decides who is allowed in and what they can do? A. Compute B. Storage C. Networking D. Identity
Identity
In this cloud service model, you rent the raw machines and manage the operating system and above.
What is IaaS?
This access problem happens when users or services have more permissions than they actually need.
What is overprivileged access / poor access management?
In the public cloud storage example, this is what allowed anyone with the URL to download files.
What are public bucket permissions?
This cloud feature lets resources spin up and down quickly, almost like ordering extra pizza when more guests arrive.
What is elasticity?
These are the four basic cloud building blocks from the slideshow: one runs programs, one holds data, one connects systems, and one decides access.
What are compute, storage, networking, and identity?
In the shared responsibility model, the customer is responsible for securing these four things from the slideshow.
What are access, configuration, data, and code?
Which of these is an example of poor access management? A. Enforcing MFA B. Least privilege C. No MFA on important accounts D. Private storage by default
C. No MFA on important accounts
DAILY DOUBLE: Kubernetes vulnerability mentioned in slideshow affected which component?
ingress-nginx controller
If one compromised system should not be able to freely reach every other system, what control helps limit the blast radius?
Segmentation
Which deployment model combines public cloud and private cloud? A. Public cloud B. Private cloud C. Hybrid cloud D. SaaS cloud
Hybrid cloud
Why can cloud breaches still happen even if the provider secures the underlying infrastructure? A. Cloud has no security B. Customers still control access, configurations, data, and code C. Virtualization does not work D. SaaS removes all risk
B. Customers still control access, configurations, data, and code
Which vulnerability category means an organization may not detect suspicious activity because logs and alerts are missing or not centralized? A. Deficient logging and monitoring B. Virtualization C. Hybrid cloud D. Elasticity
A. Deficient logging and monitoring
LiteLLM AI Gateway Command Injection was dangerous because even a low-privileged API key could do what? A. Automatically encrypt all data B. Execute host commands C. Remove virtualization D. Convert IaaS into SaaS
Execute host commands
After an attacker exploits a cloud weakness, what was the slideshow’s remediation stage? (hint: 5 steps)
Patch, restrict access, rotate secrets, monitor, and prevent repeat mistakes