Domain 5: Cloud Security Operations Cartes | Quizlet

Authenticated encryption with associated data (AEAD)

Symmetric encryption algorithms that simultaneously support and apply confidentiality and authentication.

Blue/green

A deployment method that can be used where the organization has a mirror of the production environment and logic that can switch users to the new environment once confidence of functionality is reached.

Cloud orchestration

The end-to-end automation workflow or process that coordinates multiple lower-level automations to deliver a resource or set of resources "as a service."

Container

A small form factor-independent executable package of software that is installed and maintained upon a host operating system and includes everything that is needed to run an application, which includes system tools, libraries, settings and code.

Continuous integration/continuous delivery (CI/CD)

An integrated set of practices and tools used to merge developer code, build and test software, and develop deploy-ready packaging.

Deployment management

Moves new hardware, software, documentation, processes, or other components to live environments.

Domain Keys Identified Mail (DKIM)

An asymmetric cryptographic key system that creates organizational nonrepudiation of messaging. Emails are received through proof-of-origin processing to detect spoofing and other fraudulent behavior.

Domain Name System (DNS)

Used to resolve fully qualified domain names (FQDN or www.example.com), to an IP address (e.g. 192.0.2.1).

DNS shadowing

A threat in which the attacker gets access to the domain registrant's account and creates subdomains from the parent domain of the victim to draw unsuspecting visitors to bogus sites.

Domain-based message authentication, reporting and conformance (DMARC)

A scalable system for providing policy configuration for message validation, disposition, and reporting that mail-sending organizations can use for email life cycle management.

Drift

The change in configuration away from the desired baseline.

Forward secrecy

The cryptographic protection for encrypted data based upon the discovery or compromise of a private key in an asymmetric pair. The session key that was used in a previous session will not be available for decryption.

Hardware security module (HSM)

A physical computing device that provides cryptoprocessing as well as safeguarding and managing digital keys for strong authentication.

Immutable environment

New servers are based on a validated and version-controlled image. When a new system is required, the old is destroyed after the new is deployed.

Information security continuous monitoring (ISCM)

Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.

Patch management

Updating a system to fix functionality, features, or security.

Release management

Makes available new and changed services and features for use. A version of a service or configuration item (CI) that is made available for use.

Secure Shell Protocol (SSH)

An administrative protocol used to manage remote hosts over the internet in an encrypted fashion.

Security Content Automation Protocol (SCAP)

A multipurpose framework of specifications that supports automated configuration, vulnerability and patch checking, technical control compliance activities, and security measurement. Goals for the development of this protocol include standardizing system security management, promoting interoperability of security products, and fostering the use of standard expressions of security content.

Security group

Applies rules concerning communication to consumer provisioned instances, including allowed and blocked communication protection for systems and storage, thus providing for granularity of control for the ingress/egress traffic flow by the cloud customer.

Security operations management system (SOMS)

The set of guidelines and other elements that work together to ensure the effectiveness of security operations and their processes.

Sender Policy Framework (SPF)

A process to validate an email message that has been sent from an authorized mail server in order to detect forgery and to prevent spam. The owner of a domain can identify exactly which mail servers they are able to send from.

Stateful inspection

Also known as dynamic packet filtering, this type of firewall will watch the interaction between the two hosts and allow or deny connections according to other factors beyond the rule set.

Static packet filtering

Also known as a stateless firewall, this type of filter examines each packet without regard to the packet's context in a session. Packets are examined against static criteria, which cannot be temporarily changed by the firewall to accommodate legitimate traffic. If a protocol requires a port to be temporarily opened, administrators must choose between permanently opening the port and disallowing the protocol.

Trusted Platform Module (TPM)

A special case of an HSM that is designed to be integrated into other products and follows a particular standard from the Trusted Computing Group.

Virtual extensible LAN (VXLAN)

VXLAN is an overlay technology encapsulating layer 2 over layer 3. VXLAN doubles the 12-bit ID of a traditional VLAN to a 24-bit ID VXLAN Network Identifier (VNI), thus allowing for 16 million networks.

En cours (26)

Vous avez commencé à étudier ces termes. Continuez le bel effort !