3.1 Security Architecture
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/30
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
31 Terms
Responsibility Matrix
Documentation that clearly defines the duties between the Cloud Service Provider and the customer to ensure there are no overlaps or gaps in security
Hybrid Considerations
A decentralized approach to cloud computing where deployments blend public, private, or community cloud services together, unifying the different cloud offerings into a single coherent platform
Third-Party Vendors
Should be vetted, managed and monitored for early warning signs of stability issues, and understand their portfolio of cloud activities
Infrastructure as Code (IaC)
The process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention
Serverless
An environment that does not expose customers to actual server instances executing their code
Microservices
Cloud service offerings that provide very granular functions to other services, communicate with each other in response to events that take place in the environment, and often through a function-as-a-service model
Physical Isolation
Separating devices so that there is no connection between them, also known as air-gapped
Logical Segmentation
Using software or settings rather than a physical separation using different devices, such as VLAN
Software-Defined Networking
Software-based network configurations to control networks that rely on controllers to manage network devices and configurations
Centralized Architecture
Consolidates more control and logging into a single location for easier management but create a single point of failure
Decentralized Architecture
Distributes responsibilities, offer greater resilience and scalability, but introduce more moving parts and complexity
Containerization
Lightweight, portable form of virtualization that bundles an application with its dependencies into an isolated package, but it must be protected like a VM, requiring enforced isolation between containers and using container-specific vulnerability management tools
Type I Hypervisor
Operates directly on top of the underlying hardware and supports guest operating systems for each virtual machine; most common datacenter virtualization model and highly efficient
Type II Hypervisor
Runs as an application on top of an existing operating system and requests resources from the host OS; most common personal computer model
Internet of Things (IoT)
Network-connected devices that are used for automation, sensors, security, and similar tasks, but have short lifespans, Vendor data-handling practice issues, and poor security practices
Industrial Control Systems (ICS)
A broad term for industrial automation
Supervisory Control and Data Acquisition (SCADA)
A type of system architecture that combines data acquisition and control devices, computers, communications capabilities, and an interface to control and monitor the entire infrastructure; commonly found running complex manufacturing and industrial processes
Real-Time Operating System (RTOS)
An operating system that is used when priority needs to be placed on processing data as it comes in, instead of using interrupts for the operating system or waiting for tasks being processed to be handled before data is processed
Embedded Systems
Computer systems that are built into other devices, such as industrial machinery, appliances, and cars
High Availability (HA)
The ability of a service, system, network, or other element of infrastructure to be consistently available without downtime, and will allow upgrades, patching, system or service failures, changes in load, and other events without interruption of services
Resilience
A consideration that is a component of availability that determines what type and level of potential disruptions the service or system can handle without an availability issue
Cost
A consideration that includes financial, staffing, and other costs
Responsiveness
A consideration that is the ability of the system or service to respond in a timely manner as desired or required to function as designed
Scalability
A consideration that is either vertical (bigger) or horizontal (more) as needed to support availability, resilience, and responsiveness goals
Ease of Deployment
A consideration that describes the complexity and work required to deploy a solution that often factors into initial costs and that may have impacts on ongoing costs if the system or service is frequently redeployed
Risk Transferrence
A consideration through insurance, contracts, or other means that is assessed as part of architectural design and cost modeling
Ease of Recovery
A consideration that is party of availability, resilience, and ease of deployment as complex solutions may have high cots that mean additional investments should be made to avoid recovery scenarios
Patch Availability
A consideration that determines how often patching will be required
Inability to Patch
A consideration when high availability is require and other factors like scalability do not allow for the system to be patched without downtime or other interruptions
Power Consumption
A consideration that drives ongoing costs and is considered part of datacenter design
Compute Requirements
A consideration that also drives ongoing costs in the cloud and up-front and recurring replacement costs for on-premises solutions