Firewalls & Network Segmentation
In GCP, tagging VMs and applying firewall rules based on those tags ensures each tier (UI, API, DB) communicates only with intended layers.
What are Google VPC Firewall Rules?
This GCP service detects suspicious network activity by analyzing logs and events in real time.
What is Event Threat Detection in Security Command Center?
This GCP feature allows access to Cloud Storage objects for a limited time without requiring authentication.
What are Signed URLs?
This AWS service provides private, low-latency links directly between customer data centers and AWS.
What is AWS Direct Connect?
Microsoft Defender for Cloud falls under this type of cloud responsibility area: governance, risk, or operations?
What is governance and security operations?
This GCP service limits how many unique firewall rules can be set for App Engine applications.
What is Google App Engine Firewall?
Microsoft Defender for Cloud alerts include this feature to help prioritize incident response.
What is severity level classification?
Signed URLs can be generated to allow file access without a Google account.
True or False
By bypassing the hypervisor, SR-IOV reduces this bottleneck in VM networking.
What is CPU overhead / virtualization overhead?
GCP’s Event Threat Detection is part of this central platform for managing cloud security.
What is Security Command Center (SCC)?
This Azure service provides centralized alerts for misconfigurations and network threats.
What is Microsoft Defender for Cloud?
This type of scanning is part of GCP SCC and helps highlight open buckets, SSL issues, or disabled web UIs.
What is Security Health Analytics?
Signed URLs are most often used for this type of cloud service delivery (think temporary media sharing).
What is temporary object access in Google Cloud Storage?
Azure Defender for Cloud provides recommendations to optimize both security and this key performance factor.
What is resource utilization?
App Engine firewall rules are prioritized based on this attribute.
What is rule priority number (lowest evaluated first)?
This GCP native scanner checks VM, container, and network security configurations for misconfigurations and vulnerabilities.
What is Security Health Analytics in Security Command Center?
AWS Direct Connect provides lower latency and higher reliability by avoiding this.
What is the public internet?
This type of GCP tokenized URL enforces time-bound permissions for accessing storage content.
What are Signed URLs?
Signed URLs optimize access by removing the need for this step normally required with IAM-based access.
What is user authentication?
VPC firewall rules in GCP can be assigned using these identifiers instead of explicit IP addresses.
What are instance tags?
This AWS service provides a dedicated network connection to AWS, reducing reliance on the public internet.
What is AWS Direct Connect?
This technology enables a VM’s network traffic to bypass the hypervisor for better throughput and reduced latency.
What is SR-IOV (Single Root I/O Virtualization)?
Unlike IAM roles or service accounts, Signed URLs provide access based on this factor.
What is possession of the URL string itself?
Network performance tuning with SR-IOV is especially beneficial in workloads like these.
What are high-throughput workloads such as big data and streaming analytics?
Signed URLs can become a governance issue if these two lifecycle controls are not managed properly.
What are expiration times and distribution controls?