Security+ (SY0-701): Lesson 6: Secure Cloud Part 2

HTLM5 because users can access them through ordinary web browser software.

Enforces resource separation at the operating system level and containing everything required to run a service, application, or microservice.

OS defines isolated "cells" for each user instance to run in and is allocated CPU and memory resources.

A private network segment made available to a single cloud consumer on a public cloud.

Authentication, web applications, and communications.

Applications are developed as functions and microservices, each interacting with other functions to facilitate client requests.

An independent, single-function module with well-defined and lightweight interfaces and operations.

Architectural approach to building software applications as a collection of small and independent services focusing on a specific business capability.

Deployment/management of infrastructure is performed by scripted automation and orchestration using machine-readable definition files.

YAML, JSON, and HCL (HashiCorp Configuration Language.)

Configuration settings, networking requirements, security policies, and other settings.

Infrastructure can be deployed and managed automatically and consistently, reducing the risk of errors caused by manual intervention.

Replicate infrastructure across different environments, such as development, staging, and production, to ensure that the environments are consistent.

Cloud networking concept utilizing distributed computing resources to minimize the distance data needs to travel.

To reduce network latency and improve responsiveness.

Networking model with APIs and compatible network appliances enabling programmable networking.

1. Control Plane

2. Data Plane

3. Management Plane

Makes decisions about how traffic should be prioritized, secured, and where it should be switched.

Handles the switching and routing of traffic and enforcement of security access controls.

Monitors traffic conditions and network status.

Administrators and their devices along with front end management.

A network controller application, which interfaces with the network devices using APIs.

Interface between the SDN applications and the SDN controller (Control plane to Management plane).

Interface between the SDN controller and the SDN appliances (Control plane to Data plane).

Establishes the security requirements and responsibilities between the organization and the cloud service provider.

To define encryption methods, access controls, vulnerability management, data segregation techniques, specify data ownership, audit rights, and data backup, recovery, and retention procedures.

Data protection and pathing of services.

Services that use software-defined mechanisms and routing policies to implement virtual tunnels and overlay networks over transport networks.

Enables organizations to connect their various branch offices, datacenters, and cloud infrastructure over a wide area network (WAN).

Combines security services like firewalls, identity and access management, and secure web gateway with networking services such as SD-WAN to provide access to cloud applications.

Electronic system that is designed to perform a specific, dedicated function.

Smartphones, Automotive systems, medical devices, aerospace and defense.

A type of OS high levels of stability and processing speed to ensure consistent response.

The network of physical devices, and other objects embedded with sensors, software, and connectivity, enabling them to collect and exchange data.

Too many devices to manage securely; IoT devices are designed with limited processing power and memory, making it difficult to implement strong security controls.

Security design paradigm where every/any request (host-to-host or container-to-container) must be authenticated before being allowed.

Security approach that shifts the focus from defending a network's boundaries to protecting individual resources and data within the network.

Authentication, encryption, access control, and continuous monitoring to maintain the security of critical resources regardless of location.

1. Adaptive Identity

2. Threat scope reduction

3. Policy-driven access control

Recognizes that user identities are not static and that identity verification must be continuous and based on a user's current context and the resources they are attempting to access.

Similar to role based access/least privilege; access is limited to only those resources required to complete a specific task.

Attribute Based Access Control (ABAC); Access control policies enforce access restrictions based on user identity, device posture, and network context.

Refers to the security status of a device, including its security configurations, software versions, and patch levels.

Defines/manages policies that dictate how users and devices are authorized to access network resources.

Systems in the data plane establish sessions for secure information transfers between resources.