Show:
Cloud Architecture
Cloud Service
and Deployment Models
Cloud Security
100

"Are there Inbound Internet connections into Cloud? If yes - how are they secured?"

Is the internet required to access the cloud?

Yes!

100

"Are Cloud Hosting services (IaaS) provided?"

What does IaaS stand for?

Infrastructure as a service

100

"Is your Cloud platform logically separated from internal networks by firewalls? Please provide details."

Can a firewall be virtualized?

Yes!

200

"Will data be stored in the "cloud"?"

What is the cloud?

"The cloud" refers to servers that are accessed over the Internet, and the software and databases that run on those servers

200

"Who is the hosting provider?  What type of cloud platform are you utilizing (Public, Hybrid, Private)?"

What is an example of a public cloud platform?

Amazon Web Services, Microsoft Azure, Google Cloud Platform

200

"Can you provide Encryption documentation?"

What is encryption?

The process of converting information or data into a code, especially to prevent unauthorized access.

300

"a) Is access to encryption keys restricted to the fewest number of people possible?
b) Do you store encryption keys in the cloud?"

What is a benefit of storing something in the cloud?

  1. Usability and accessibility
  2. Security
  3. Cost-efficient
  4. Convenient sharing of files
  5. Automation
  6. Multiple users
  7. Synchronization
  8. Convenience
  9. Scalable
  10. Disaster recovery
300

"What Cloud Hosting Tiers are provided as part of this service: Private cloud, Public cloud, Community cloud, Hybrid cloud"

What is a community cloud?

A community cloud is defined as a cloud infrastructure in which multiple organizations share resources and services based on common operational and regulatory requirements.

300

Please describe where cloud asset dynamic attributes are recorded and maintained.  (e.g. date of last vulnerability scan, layer 7 vulnerability scan results, build compliance scan status and date, Image/container signature)   

What does a vulnerability scan do?

A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures

400

"Are staff technically managing cloud hosting/Dedicated Servers/ Applications prevented from accessing the administrative environment via non-managed private devices?"

What is the name of a company that handles cloud hosting?

Amazon Web Services, Microsoft Azure, Google Cloud Platform

400

What type of cloud service are you subscribed to? (SAAS, PAAS, IAAS) Was the system developed in-house?

What is an example of a SaaS?

Spotify, Gmail, Grubhub, etc.

400

"How do you ensure all cloud based components are included in Penetration Testing?  (i.e. APIs, Public facing web apps)"

What is penetration testing?

A method of testing where testers target individual binary components or the application as a whole to determine whether intra or intercomponent vulnerabilities can be exploited to compromise the application, its data, or its environment resources.

500

"Are virtual security appliances deployed in your Cloud? If yes, what kind of security appliances and how are they effectively deployed?"

What is the technology used that allows for multiple virtual appliances on one physical machine?

A hypervisor

500

"Please describe the type/deployment model of your Cloud setup.
(e.g. private/public Cloud, IaaS/PaaS/SaaS)"

What is the difference between IaaS and PaaS?

The operating system is managed for you in PaaS

500

"Please describe how you are ensuring cloud based APIs have Rate Limiting capabilities implemented (DoS/DDoS protections)?"

What does DDoS stand for?

Distributed Denial of Service