CySA+
  • Introduction
  • Exam Objectives
    • Quiz
      • Threat and Vulnerability Management Competency
        • Questions
  • 1.0 Threat and Vulnerability Management
    • 1.1 Explain the importance of threat data and intelligence
      • Page 1
      • Intelligence Sources
      • Confidence Levels
      • Indicator Management
        • Trusted Automated eXchange of Indicator Information (TAXII)
        • OpenIoC
      • Threat classification
        • Known threat vs. unknown threat
        • Zero-day
        • Advanced persistent threat
      • Open-source intelligence
      • Proprietary / closed-source intelligence
      • Timeliness, Relevancy, Accuracy
    • 1.2 Given a scenario, utilise threat intelligence to support organisational security
    • 1.3 Given a scenario, perform vulnerability management activities
    • 1.4 Given a scenario, analyse the output from common vulnerability assessment tools
    • 1.5 Explain the threats and vulnerabilities associated with specialised technology
    • 1.6 Explain the threats and vulnerabilities associated with operating in the cloud
    • 1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities
  • 2.0 Software and Systems Security
    • 2.2 Explain software assurance best practices
    • 2.1 Given a scenario, apply security solutions for infrastructure management
    • 2.3 Explain hardware assurance best practices
Powered by GitBook
On this page
  1. 1.0 Threat and Vulnerability Management

1.6 Explain the threats and vulnerabilities associated with operating in the cloud

Cloud service models:

  • SaaS: customer only chooses application; hardware managed by provider; access control

  • PaaS: configurable hardware + software/development tools; data protection

  • IaaS: configurable hardware; VM management (VM escape; virtual host patching; virtual guest issues [patching]; virtual network issues)

  • Cloud deployment models:

    • Public: public cloud provider sells services to consumers

    • Private: internal enterprise service to internal customers

    • Community: several companies work on same platform

    • Hybrid: mix of on-premises, private cloud & public cloud

  • FaaS/serverless architecture: apps are hosted by 3rd party; all server software/hardware management is done by the provider

  • IaC: managing/provisioning DCs using machine-readable files

  • Insecure API: Internet-exposed management APIs can have software vulnerabilities (e.g. anonymous access; plaintext authentication; improper authorisations)

  • Improper key management: unencrypted; Internet-exposed key server; weak/reused key

  • Unprotected storage: insider threats; malicious file entry; impersonation; worm that is auto-synced to the cloud, and spread from the cloud to other users

  • Logging and monitoring:

    • Insufficient logging and monitoring: late detection; undetected password spraying; ignored alerts; unidentified suspicious activity

    • Inability to access: access logs provide info about failed requests made to cloud

Previous1.5 Explain the threats and vulnerabilities associated with specialised technologyNext1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities

Last updated 2 years ago