AWS
3 Different Shared responsibility model Container Services?
Elastic Beanstalk
Relational Database
& Elastic Map Reduce
What is Azure Sentinel?
SOAR & SIEM Tools
Command to utilize AZ CLI to create a snapshot of image?
AZ shapshot create
3 Basic G-Roles
Viewer Editor Owner
What is Geofencing?
Geofencing is a location-based technology service in which a mobile, desktop, or cloud-based app or other software utilizes GPS, RFID, Wi-Fi, or cellular data to activate a pre-programmed action when a mobile device or RFID tag enters or departs a virtual border, that is set up around a geographical area.
What is AWS Cloud Watch?
monitoring service for AWS resources and applications.
What is an account storage key
When you create a storage account, Azure generates two 512-bit storage account access keys for that account. These keys can be used to authorize access to data in your storage account via Shared Key authorization, or via Shared Key authorization, or via SAS tokens that are signed with the shared key.
Which GCP command provides the current configuration the PROJECT_ID?
export PROJECT_ID=$(gcloudconfig get-value project)
What is a Google VPC?
It provides networking for Compute Engine VM, GKE containers, and the App Engine environment inside Googles production network.
4 Ways to Manage Risk?
Acceptance Transferrence Avoidance Mitigation
What is AWS Cloud Trail?
Monitoring Tool /web service that records API activity in your AWS account.
You can integrate Azure Security Center Alerts into SIEM using what Tool?
Microsoft Sentinel is built on the Azure platform
What GCP Command Utilizes Kubernetes clusters for the particular user in the provided container path
kubectl create deployment hello-eccuser --image=$CONTAINER_PATH?
What GCP command will install a Cloud Monitoring Agent ?
sudo apt-get install stack-driver agent
When is a Cloud considered an object?
The cloud is considered the object when the target of the crime is the cloud service provider and is directly affected by the act, such as with Distributed Denial of Service (DDOS) attacks that target sections of the cloud or the cloud itself as a whole.
What is Amazon Machine Image? (AMI)
A supported and maintained instance & the information needed to launch that instance
What is an Azure Veeam backup?
Veeam Backup for Microsoft Azure integrates with the Veeam Backup & Replication platform. This solution provides a unified backup and recovery solution for both on-premises and cloud-based workloads.
Which command can you utilize to deploy cloud app?
gcloud app deploy
Steps to create IAM Roles in GCP?
1. In the Google Cloud console, go to the IAM page. Go to IAM. 2. Select a project, folder, or organization. 3. Select a principal to grant a role to: ... 4. Select a role to grant from the drop-down list. ... 5. Optional: Add a condition to the role. 6. Click Save.
What is Security Orchestration and Automation and Response?
SEIM that responds to incidents automatically (based on pre-chosen playbooks)
How can you copy the objects from one S3 bucket to another?
3 Bucket Rules
What does Azure Backup do?
backs up the data, machine state, and workloads running on on-premises machines and Azure virtual machine (VM) instances
What does the command lsblk do?
lists information about all available or the specified block devices. The lsblk command reads the sysfs filesystem and udev db to gather information.
What Tool helps run SQL queries on Google Logs?
In BigQuery, you can run two types of queries:
You want to allow all inbound traffic to the device what IP range can be utilized?
0.0.0.0.0/0
Are AMI are pre-configured images for EC2 instance?
YES An AMI is a pre-configured virtual machine image that contains the operating system (OS) and preinstalled software to deploy EC2 instances.
What is Azure Governance and Features?
framework that helps an organization define how it conducts business activities from objectives to responsibilities.
How can you create a profile using AWS CLI?
import an AWS Identity and Access Manager (IAM) user into AWS OpsWorks by calling create-user-profile to create a user profile
Where can you review the logs in Google Cloud Environment?
Google Log explorer
Secure code review is static application testing or dynamic?
STATIC Static code analysis, done in a code-review context
DYNAMIC - Running the code after the STATIC code review
What does EC2 stand for ?
EC2 = elastic compute cloud
Can you connect Azure Single Sign-on and AWS Single Sign on ?
In the Azure portal, on the AWS Single-Account Access application integration page, find the Manage section and select single sign-on. SAML Configuration to edit the settings. On the Select a single sign-on method page, select SAML. On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings
what Az cli command creates a snapshot of image?
AZ Snapshot create
Step by step How to create IAM role in GCP?
1. In the Google Cloud console, go to the IAM page. ... 2. Select your new project. 3. Click person_add Grant access. 4. Enter the email address of a principal. 5. From the Select a role drop-down menu, search for Logs Viewer, then click Logs Viewer. 6. Click Save.
What are the two application security broker types ?
CASP Cloud Application Security Platforms (CASP). CASP is the future of this market because they leverage APIs and do not get in the way of user experience. CASPs focus on detection, remediation and user education instead of in-line inspection of cloud application traffic CASB is an on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. Think of the CASB as the sheriff that enforces the laws set by the cloud service administrators.
In AWS , you can review and verify which devices are compliant and which ones are not?
AWS Artifact – AWS Artifact is your go-to, central resource for compliance
How does Azure provides four levels of management: what are these levels called?
Management groups provide a governance scope above subscriptions
How to delete events and deployment? GCP
kubectl delete deployment --all
How can you perform an Uptime check on your instance in Google Cloud Platform?
What is SIEM?
Security information and event management
What is Amazon Macie? (only found in S3)
Amazon Macie is a data security service that discovers sensitive data using machine learning and pattern matching, provides visibility into data security risks
What is an AZ subscription ?
Subscriptipon = A subscription is nothing more than a billing unit.
Provide the command for listing google cloud projects?
gcloud project list details Additionally, you can utilize the --filter flag to narrow down the list based on specific criteria. https://cloud.google.com/sdk/gcloud/reference/projects/list
What is VPN network peering?
GCP is a mechanism to add multiple networks together.
What is OCCI Open Computer Computing Interface?
REST protocol and API for all kinda of management tasks
What is Amazon GuardDuty used for
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect all the part of your cloud
What is resource group in AZ?
resource groups is a logical container in which Azure resources such as web applications, databases, and storage accounts may be deployed and managed. resources Resources are instances of services that you build, such as virtual machines, storage, and SQL databases
There is a mechanism to create alerts for Virtual machine telemetry in Google Cloud Platform?
Where can you view logs in GCP?
Log Explorer
What is Business Impact Analysis?
A business impact analysis (BIA) predicts the consequences of a disruption to your business, and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment.
Win S3 What are the different mode in which object lock can be applied?
These retention modes are Governance Mode and Compliance Mode.
What service is used by Microsoft Azure to build and deploy the repeatable collection of Azure resources by ensuring the same standards, security, and requirements
Azure Blueprints
What does kubectl get pods do?
Verify all pods are running
What is Binary Key Authorization in Google Cloud Platform?
Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on Google Kubernetes Engine (GKE) or Cloud Run.
What are not three different sites for Business Continuity ?
HOT, WARM. COLD, COLLABORATIVE
What is AWS Simple Storage Service (S3)?
an object storage service that stores data as objects within buckets provides scalability, availablity, security & performance
Azure Cost Management
It provides information about your overall costs and utilization across all Azure services and Azure Marketplace products.
There is a mechanism to create alerts for Virtual machine telemetry in Google Cloud Platform?
Yes using the Cloud Monitoring service
How to view cloud audit logs in GCP
Activity>>Cloud Security
OR use cloud Composer
List the different type of cloud computing challenges for governance?
Topology
Organizational change
Compliance
Governance
Contract Management
What is AWS Cloud Trail?
CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
Azure Resource Group
a container that holds related resources for an Azure solution.
(GCP ) What is gsutil?
Command Line interface to access storage
What is Soft delete of containers?
And what is the Retention Period?
It allows you to mark some records as deleted without actual erasure from the database
Retention period is 1 to 365 days
What is Recovery Time Objective?
the maximum acceptable time that an application, computer, network, or system can be down after an unexpected disaster, failure, or comparable event takes place.
What is an AWS instance ?
Instances are useful for running memory-intensive workloads such as real-time data ingestion, distributed in-memory caches, big data analytics, memory-intensive enterprise applications, and high-performance databases.
Azure Policy
Built in definitions, a rule about specific security conditions that you want controlled.
How can you block particular protocols in the VPC for the Google Cloud Platform?
creating firewall rules that explicitly deny traffic for those protocols,
what are the 3 types of cloud storage?
object storage
file storage
block storage
What is a cloud object storage?
Cloud object storage is a format for storing unstructured data in the cloud.
Object storage is considered a good fit for the cloud because it is elastic, flexible and it can more easily scale into multiple petabytes to support unlimited data growth.
What actions can you do with an EC2 instance in AWS?
Terminate instance
Format Instance
Start Instance
Reboot instance
Stop Instance
Azure Management Group
support Azure role-based access control (Azure RBAC) for all resource accesses and role definitions Any Azure role can be assigned to a management group that will inherit down the hierarchy to the resources.
What is Locally Redundant Storage in Microsoft Azure Environment?
Locally redundant storage (LRS) replicates three copies of your data within the same data center you have your data in. Ordering from the least to the most expensive, Azure Storage redundancy offerings include LRS, ZRS, GRS, RA-GRS, GZRS, and RA-GZRS.
Five disciplines of cloud governance?
Cost Management
Security Baseline Discipline
Resource Consistency Discipline
Identity Baseline Discipline
Deployment Acceleration Discipline
How can you allow and deny API in AWS cloud?
Use a WAF