Intro to Cloud Security

Learn fundamental concepts regarding securing a cloud environment.

THM Room : https://tryhackme.com/room/introductiontocloudsecurityc6

TASK 1 Introduction

I am ready to get started.

No Answer.

TASK 2 Architectural Concepts of Cloud

In Infrastructure as a Service, what will be deployed by the vendor (Hardware or Software)?

Answer : Hardware

What is the type of cloud dedicated to a single customer called?

“In the private cloud, customers will not share the underlying resources (hardware and software) as in the public cloud, and resources are dedicated to a single customer. Organisation A will get a Virtual machine hosted on a system specifically dedicated to a particular customer.”

Answer : Private

TASK 3 Cloud Security Concepts

What is the first phase in the cloud data lifecycle?

Answer : Create

Click the View Site button at the top of the task to launch the static site in split view. What is the flag after completing the exercise?

Followed the steps in the task.

Answer : THM{CLOUD_11101}

TASK 4 Cloud Security Risks Concerning Deployment Models

In which cloud model does the customer become the hostage of cloud providers (vendor locked in)?

Answer : Public

Is it challenging to enforce specific business decisions and procedures in the community cloud (yea/nay)?

Answer : YEA

TASK 5 Security Through Access Management

Are FaceID and biometric types of Authentication factors (yea/nay)?

Answer : YEA

I have completed the practical exercise.

No Answer.

TASK 6 Security Through Policies

In a cloud environment, can we create a policy to enable Database access for a user at a specific time of the day (yea/nay)?

Answer : YEA

I have completed the practical exercise.

No Answer.

TASK 7 Security Through Network Management

Is it a good practice to operate security groups on the principle of “deny all unless allowed explicitly” (yea/nay)?

Answer : YEA

I have completed the practical exercise.

No Answer.

TASK 8 Security Through Storage Management

Encryption of data at rest is unnecessary if we carry out encryption at transit (yea/nay)?

Answer : NAY

I have completed the practical exercise.

No Answer.

TASK 9 Cloud Security - Some Additional Concepts

Is it a good practice to keep Disaster Recovery Backups of a server in the same vicinity or data centre (yea/nay)?

Answer : NAY

I have completed the practical exercise.

No Answer.

TASK 10 Conclusion

I have completed the room.

No Answer.