ACC ANS SHEET

Q1. Explain the CIA Triad

The CIA Triad is the most important model of cloud and information security. It consists of three
core principles that ensure secure handling of data and services:

1. Con dentiality

• Ensures that sensitive information is not disclosed to unauthorized individuals.

• Achieved by using encryption, passwords, access control, and authentication methods.

• Example: Online banking uses multi-factor authentication and data encryption to keep account
details con dential.

2. Integrity

• Ensures the accuracy, consistency, and reliability of data throughout its lifecycle.

• Protects against unauthorized modi cations, deletion, or corruption of information.

• Maintained through hashing, checksums, error detection codes, and digital signatures.

• Example: Digital signatures on e-mails guarantee that the content has not been altered.

3. Availability

• Ensures that data, systems, and services are available when required by authorized users.

• Techniques include redundancy, load balancing, backup systems, disaster recovery, and DoS
protection.

• Example: Cloud providers like AWS use replication across multiple servers to ensure 24×7
availability.

In summary, the CIA Triad provides a balanced framework for cloud security. Breach of any one
element (C, I, or A) can result in serious security risks.
fi
fi
fi
 Q2. Differentiate between Traditional vs Cloud Security

Traditional Security and Cloud Security differ in their approach due to the
environment they protect.

Aspect Traditional Security Cloud Security

Security is applied to virtualized

Security is applied to on-premises
Infrastructure infrastructure hosted by cloud
servers, data centers, and networks.
providers.

Organization has full control over Shared responsibility between Cloud

Control
security measures. Service Provider (CSP) and customer.

Limited scalability, requires manual Highly scalable and elastic, adapts to

Scalability
hardware upgrades. demand.

High upfront investment in

Cost Cost-effective, pay-as-you-use model.
hardware, staff, and maintenance.

Focus on data protection, IAM,

Threat Focus on physical security, rewalls,
virtualization, compliance, and multi-
Handling and perimeter defense.
tenancy threats.

Disaster Backup and recovery managed in- Built-in disaster recovery and
Recovery house, often time-consuming. redundancy provided by CSP.

Summary:

• Traditional Security protects physical IT assets with full organizational control but is costly and
less exible.

• Cloud Security protects virtual assets in shared environments, offers scalability, cost savings, and
advanced resilience, but requires trust in CSP and strong governance.

Q3. Explain Types of Cloud Computing Attacks

Cloud computing faces a variety of attacks due to its shared, virtualized, and internet-based
environment. Some of the major types are:
fl
fi
1. Denial-of-Service (DoS) and Distributed DoS Attacks

• Aim to overload cloud servers with excessive traf c, making them unable to process legitimate
requests.

• This affects availability of resources.

• Example: Flooding a cloud-hosted website so that genuine users cannot access it.

2. Account Hijacking

• Attackers gain unauthorized control of a user’s cloud account by stealing or cracking

credentials.

• Once hijacked, attackers may steal sensitive data, manipulate services, or misuse resources.

• Example: Phishing attacks targeting cloud service login pages.

3. Security Miscon guration

• Happens when cloud resources are not properly con gured (e.g., leaving storage buckets open
to the public).

• Results in data leakage, unauthorized access, or malware injection.

• Common in IaaS and SaaS environments.

4. User Account Compromise

• Attackers exploit human errors like weak passwords, phishing, or malware infections.

• Unlike account hijacking (which is external), this often happens because of careless user
actions.

5. Cloud Malware Injection

• Attackers upload malicious code, services, or infected virtual machines into the cloud system.

• Once injected, the malware can steal data, damage les, or redirect traf c to attacker-controlled
systems.

6. Insider Threats

• Employees or contractors with legitimate access misuse privileges for personal gain or by
mistake.

• Hard to detect as insiders often have trust and higher access rights.

7. Side-Channel Attacks

• Exploit hardware-level leaks in shared cloud infrastructure.

• Attackers running a malicious VM on the same physical host may access sensitive data of other
tenants.
fi
fi
fi
fi
fi
8. Cookie Poisoning

◦ Modifying or injecting malicious data into session cookies used in SaaS applications.

◦ Leads to unauthorized access or impersonation of users.

9. Insecure APIs

◦ APIs are central to cloud services, but poorly secured APIs allow attackers to exploit
vulnerabilities.

◦ Examples include shadow APIs, parameter tampering, and injection attacks.

10. Cloud Cryptomining Attacks

• Attackers hijack cloud resources to perform cryptocurrency mining without the owner’s
knowledge.

• Causes high billing costs, performance issues, and resource drain for victims.

Q4. Cloud Vulnerabilities

Cloud vulnerabilities are weaknesses or miscon gurations in cloud environments that can be
exploited by attackers to gain unauthorized access, steal data, or disrupt services. Major types
include:

1. Cloud Miscon guration

• The most common vulnerability.

• Occurs when cloud resources (e.g., storage buckets, databases) are left publicly accessible or
incorrectly con gured.

• Example: Exposed AWS S3 bucket leaking sensitive data.

2. Identity and Access Management (IAM) Issues

• Weak IAM policies, excessive permissions, or lack of multi-factor authentication (MFA) allow
attackers to misuse accounts.

• Solution: Apply least privilege principle and regularly review access rights.

3. Public Data Storage

• Storing sensitive data in publicly accessible storage systems without encryption makes it
vulnerable.

• Attackers can read/write data if storage settings are miscon gured.

4. Unsecured Communication Protocols

fi
fi
fi
fi
 • Using outdated or insecure protocols (e.g., HTTP instead of HTTPS) makes data-in-transit
vulnerable to interception.

5. Exposed Ports & Services

• Leaving unnecessary network ports open provides attackers easy entry points for intrusion or
malware injection.

6. Poor Secret Management

• Storing API keys, passwords, or certi cates in insecure locations (like code repositories)
increases risk of leakage.

Summary:
Cloud vulnerabilities mainly arise from miscon gurations, weak access control, insecure storage,
and poor security practices. Minimizing them requires strong IAM, encryption, secure
con guration, monitoring, and compliance checks.

Q5. What is Authentication in Cloud Computing?

Authentication in cloud computing is the process of verifying and validating the identity of users,
devices, or systems before granting access to cloud services and resources. It ensures that only
authorized entities can log in and use sensitive information, thereby protecting against unauthorized
access.

Key Points:

1. De nition:

• Authentication answers the question “Who are you?” and con rms that the user is genuine.

• It is the rst step of cloud security, before authorization and access control.

2. Purpose:

• Protects con dentiality of data by blocking intruders.

• Prevents account hijacking, insider misuse, and data breaches.

• Builds trust between cloud providers and users.

3. Methods of Authentication in Cloud:

• Password-based authentication – Common but weak if passwords are reused or simple.

• Multi-Factor Authentication (MFA) – Stronger security by combining something you know

(password) + something you have (OTP, smart card) + something you are (biometric).

• Biometric authentication – Uses ngerprints, facial recognition, or voice ID for higher

security.

• Token-based authentication – Digital certi cates, SSO (Single Sign-On), or security tokens
that grant time-limited access.
fi
fi
fi
fi
fi
fi
fi
fi
fi
 • OAuth & Identity Federation – Common in enterprise setups, where third-party identity
providers authenticate users (e.g., logging into apps using Google or Microsoft account).

4. Importance in Cloud Computing:

• Protects cloud systems from unauthorized access and malicious attacks.

• Secures multi-tenant environments where many users share the same cloud resources.

• Essential for compliance with security standards like GDPR, HIPAA, and ISO.

Q6. What is Non-Repudiation, Access Control, and Defense in Depth?

1. Non-Repudiation

• De nition: Non-repudiation ensures that a sender cannot deny sending a message or

transaction, and the receiver cannot deny receiving it.

• Achieved using digital signatures, encryption, logging, and auditing.

• Importance: Provides accountability and trust in cloud environments. For example, in online
banking, digital signatures ensure that transactions cannot later be denied.

2. Access Control

• De nition: Access control is the mechanism of restricting and regulating who can use cloud
resources and what actions they can perform.

• Types:

◦ DAC (Discretionary Access Control): Owner decides permissions.

◦ MAC (Mandatory Access Control): Based on prede ned security labels/policies.

◦ RBAC (Role-Based Access Control): Access given as per user roles.

• Importance: Prevents unauthorized access, limits data leakage, and enforces the principle of
least privilege.

3. Defense in Depth

• De nition: A multi-layered security strategy where multiple protective measures are applied
at different levels (physical, network, application, data).

• Example layers: rewalls, intrusion detection, encryption, authentication, monitoring.

• Importance: Even if one layer is compromised, other layers continue to protect resources.
This makes cloud systems more resilient against attacks.
fi
fi
fi
fi
fi
 Summary:

• Non-repudiation provides accountability,

• Access control ensures only authorized use, and

• Defense in depth strengthens security through layered protection.

Together, they form essential pillars of cloud security.

Q7. Explain the Types of Cloud

Cloud computing offers different deployment models depending on ownership, security, and scope
of use. The main types are:

1. Public Cloud

• Infrastructure is owned and operated by third-party cloud providers like AWS, Microsoft
Azure, or Google Cloud.

• Services (storage, networking, applications) are delivered over the internet and shared by
multiple users (multi-tenancy).

• It is cost-effective, scalable, and requires no maintenance by the customer, but organizations

have less control over security.

2. Private Cloud

• Dedicated infrastructure exclusively for a single organization.

• Can be hosted on-premises or by an external vendor.

• Provides greater security, control, and customization, making it suitable for industries
handling sensitive data such as banks, hospitals, and government agencies.

• However, it is expensive compared to public cloud because the organization bears most of
the infrastructure cost.

3. Hybrid Cloud

• A combination of public and private cloud models.

• Critical or sensitive workloads are kept on private cloud, while general workloads are
deployed on public cloud.

• Offers exibility, scalability, cost optimization, and business continuity.

• Example: A company may use private cloud for nancial data and public cloud for customer
support applications.
fl
fi
4. Community Cloud

• Shared by multiple organizations with common interests, policies, or regulatory

requirements.

• Managed by one of the organizations or a third party.

• Reduces cost through shared infrastructure, while still being more secure than public cloud.

• Example: Universities or healthcare organizations collaborating through a joint cloud

infrastructur

Q8. Explain the Cloud Infrastructure Architecture/ Cloud service models with
image.
Cloud services are generally classi ed into three major service models, which form the backbone
of cloud infrastructure:

1. Infrastructure as a Service (IaaS)

• Provides virtualized hardware resources such as servers, storage, and networking on

demand.

• Users can install their own operating systems, middleware, and applications.

• Examples: Amazon EC2, Microsoft Azure VM, Google Compute Engine.

• Advantage: High exibility, scalability, and cost savings since physical infrastructure is
managed by the provider.

Characteristics of IAAS (Infrastructure as a Service)

- IAAS is like renting virtual computers and storage space in the cloud.
- You have control over the operating systems, applications, and development frameworks.
- Scaling resources up or down is easy based on your needs.

2. Platform as a Service (PaaS)

• Provides a ready-to-use platform with OS, runtime, and development tools for application
deployment.

• Developers focus on building applications instead of managing infrastructure.

• Examples: Google App Engine, Microsoft Azure App Service, Heroku.

• Advantage: Speeds up development and reduces complexity.

fl
fi
Characteristics of PAAS (Platform as a Service)

- PAAS is like a toolkit for developers to build and deploy applications without
worrying about infrastructure.

- Provides pre-built tools, libraries, and development environments.

- Developers focus on building and managing applications, while the provider
handles infrastructure management.

- It speeds up the development process and allows for easy collaboration among
developers

3. Software as a Service (SaaS)

• Provides ready-made software applications hosted on the cloud and delivered via the
internet.

• Users access apps through web browsers without managing infrastructure or platforms.

• Examples: Gmail, Microsoft 365, Salesforce.

• Advantage: Easy to use, accessible anywhere, pay-as-you-go model.

Characteristics of SAAS (Software as a Service)

- Applications are ready to use, and updates and maintenance are handled by the provider.
- You access the software through a web browser or app, usually paying a subscription fee.
- It’s convenient and requires minimal technical expertise, ideal for non-technical users.
Q9. Differentiate between IAAS,PASS and SAAS.
 Q10. 5 Key Components of Cloud Computing Security Architecture

Cloud Computing Security Architecture consists of several essential components that protect cloud
systems and data. The ve key components are:

1. Identity and Access Management (IAM)

• Manages user identities, roles, and permissions.

• Ensures only authorized users can access speci c resources.

• Includes features like Multi-Factor Authentication (MFA), Single Sign-On (SSO), and role-
based access control (RBAC).

2. Data Security and Encryption

• Protects data at rest, in transit, and in use through encryption, tokenization, and secure key
management.

• Prevents unauthorized disclosure and maintains con dentiality and integrity.

3. Network Security

• Safeguards cloud infrastructure using rewalls, intrusion detection/prevention systems (IDS/

IPS), VPNs, and segmentation.

• Defends against unauthorized access, DDoS attacks, and malware.

4. Security Monitoring and Incident Response

• Continuous monitoring for threats, anomalies, and intrusions using SIEM tools (Security
Information and Event Management).

• Incident response ensures quick detection, reporting, and mitigation of attacks.

5. Compliance and Governance

• Ensures cloud operations meet legal, regulatory, and organizational security standards (e.g.,
GDPR, HIPAA, ISO 27001).

• Involves policies, audits, and risk assessments to maintain trust and accountability.

Summary:
The ve key components — IAM, Data Security, Network Security, Monitoring & Response,
and Compliance — together provide a layered defense ensuring cloud systems remain secure,
reliable, and trustworthy.
fi
fi
fi
fi
fi
 Q11. What is Hypervisor, explain the types of Hypervisors.
De nition:A Hypervisor, also called a Virtual Machine Monitor (VMM), is a software, rmware, or
hardware layer that enables virtualization. It allows multiple virtual machines (VMs) to run on a
single physical host by sharing its hardware resources such as CPU, memory, storage, and network.

• Each VM behaves like a separate independent system with its own operating system and
applications.

• Hypervisors also provide isolation between VMs, so failure or attack in one VM does not
affect others.

• They play a key role in cloud computing, data centers, and server consolidation.

Types of Hypervisors:

1. Type 1 Hypervisor (Bare-Metal Hypervisor)

• Installed directly on the physical hardware of the host machine, without any underlying
operating system.

• Because it has direct access to hardware, it provides better performance, reliability, and
stronger security.

• It is widely used in enterprise data centers and cloud providers where ef ciency and
scalability are critical.

• Examples: VMware ESXi, Microsoft Hyper-V, Citrix XenServer, KVM.

2. Type 2 Hypervisor (Hosted Hypervisor)

• Runs on top of a conventional operating system like Windows, Linux, or macOS.

• The host OS manages the hardware, while the hypervisor runs as an application and creates
VMs.

• Easier to install and use, but has slightly lower performance compared to Type 1, since it
depends on the host OS.

• Mostly used for development, testing, and personal/educational purposes.

• Examples: Oracle VirtualBox, VMware Workstation, Parallels Desktop.

Summary:

• A Hypervisor enables virtualization by creating and managing virtual machines.

• Type 1 Hypervisors → bare-metal, direct on hardware, high performance → used in

enterprise/cloud.

• Type 2 Hypervisors → hosted, run on OS, easier to use → used for personal/test
environments.
fi
fi
fi
 Q12. Infrastructure Security at the Network Level
De nition: Network-level security in cloud infrastructure focuses on protecting communication
channels, data ows, and networked resources from unauthorized access, interception, or attacks. It
ensures that only trusted users and systems can connect to cloud resources, while malicious traf c is
detected and blocked.

Key Security Measures at Network Level:

1. Firewalls and Security Groups

◦ Control incoming and outgoing traf c based on rules.

◦ Provide the rst line of defense by ltering unauthorized access.

2. Intrusion Detection and Prevention Systems (IDS/IPS)

◦ Monitor network traf c for suspicious patterns.

◦ IDS alerts administrators, while IPS actively blocks malicious traf c.

3. Virtual Private Networks (VPNs)

◦ Secure communication by creating encrypted tunnels between client and cloud

resources.

◦ Protects against data interception during transmission.

fi
fi
fl
fi
fi
fi
fi
fi
 4. Network Segmentation

◦ Divides cloud networks into isolated zones to limit lateral movement of attackers.

◦ Ensures sensitive workloads are separated from less secure areas.

5. DDoS Protection

◦ Defends against Distributed Denial-of-Service attacks that ood cloud services with
excessive traf c.

◦ Uses load balancers and traf c ltering.

6. Secure Communication Protocols

◦ Ensures data in transit is encrypted using protocols like TLS/SSL, HTTPS, and
IPsec.

diagram:
fi
fi
fi
fl
 Q13. Infrastructure Security at the Application Layer in Cloud Computing

De nition: Application layer security in cloud computing focuses on securing applications and the
data they process from vulnerabilities, miscon gurations, and malicious attacks. Since applications
are the interface through which users access cloud services, securing them is critical to prevent data
breaches and service disruption.

Key Security Measures at Application Layer:

1. Web Application Firewalls (WAF):
◦ Monitor and lter HTTP/HTTPS traf c.

◦ Protect against attacks like SQL injection, Cross-Site Scripting (XSS), and CSRF.

2. Application Hardening:
◦ Secure con guration of applications and servers.

◦ Removal of unnecessary services, patching vulnerabilities, and strong authentication

mechanisms.

3. Secure Software Development Lifecycle (SDLC):

◦ Security integrated during design, coding, testing, and deployment.

◦ Includes code reviews, penetration testing, and threat modeling.

4. Access Control & Authentication:

◦ Ensures only authorized users can access applications.

◦ Uses Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA).

5. Data Protection at Application Level:
◦ Input validation, output encoding, and encryption of sensitive application data.

◦ Prevents leakage or manipulation of critical information.

6. Logging and Monitoring:

◦ Application logs are monitored for unusual behavior.

◦ Helps in early detection of breaches and supports incident response.

fi
fi
fi
fi
fi
 Q14. Common attack vectors and threats in Infrastructure Security
De nition: In cloud infrastructure security, an attack vector is the method or path an attacker uses to
gain unauthorized access to systems, applications, or data. These attack vectors lead to security
threats such as data breaches, service disruption, or loss of integrity.

Common Attack Vectors and Threats:

1. Malware Attacks
◦ Malicious software such as viruses, worms, trojans, and ransomware is injected into
cloud systems.

◦ Threat: Can result in data corruption, theft of sensitive les, or complete denial of
service if critical workloads are locked or destroyed.

2. Phishing and Social Engineering

◦ Attackers deceive users through fake emails, cloned websites, or fraudulent
messages to steal credentials.

◦ Threat: Leads to account hijacking, privilege escalation, and data leakage across the
cloud environment.

3. Distributed Denial of Service (DDoS)

◦ Servers are ooded with massive amounts of illegitimate traf c, exhausting
resources.

◦ Threat: Causes service downtime, unavailability to legitimate users, and nancial

loss for cloud providers.

4. Insider Threats
◦ Employees, contractors, or partners may intentionally misuse access or act carelessly
with credentials.

◦ Threat: Results in leakage of sensitive information, sabotage of con gurations, or

exposure of critical applications.

5. Insecure APIs and Interfaces

◦ Weak or poorly secured APIs expose cloud services to exploitation.

◦ Threat: Attackers may bypass authentication, manipulate stored data, or disrupt

services by exploiting these interfaces.

6. Man-in-the-Middle (MITM) Attacks

◦ Attackers intercept communication between client and cloud server.

◦ Threat: Leads to loss of con dentiality, altered messages, and theft of login details or
nancial data.
fi
fi
fl
fi
fi
fi
fi
fi
 Q15. Explain the term Isolation, Virtualization, Contaiernization and
Segmentation

1. Isolation:

• De nition: Isolation in cloud computing refers to the separation of resources, processes, or

workloads so that the activities of one user or virtual machine do not affect another.

• It ensures that data and applications of different tenants remain secure and independent.

• Example: In a multi-tenant cloud, one customer’s VM crash does not impact another’s VM.

• Purpose: Prevents data leakage, cross-VM attacks, and ensures reliability.

2. Virtualization:

• De nition: Abstraction of physical hardware into multiple virtual resources such as servers,
networks, or storage.

• Bene ts: Better resource utilization, exibility, scalability, cost reduction.

Types of Virtualization:

1. Server Virtualization – Splits a physical server into multiple virtual servers (each with its
own OS).

2. Storage Virtualization – Combines multiple storage devices into a single logical pool.

3. Network Virtualization – Abstracts networking resources for exible management.

4. Desktop Virtualization – Runs desktop environments on centralized servers.

5. Application Virtualization – Applications run in isolated environments without full

installation.

6. Data Virtualization – Provides a uni ed view of data without physical movement.

3. Segmentation:

• De nition: Segmentation is the process of dividing a cloud network or infrastructure into

smaller, isolated zones or segments to limit access and contain threats.

• Each segment can have its own security policies and controls.

• Example: Separating sensitive databases from general user applications using virtual LANs
(VLANs).

• Purpose: Minimizes attack surface, prevents lateral movement of attackers, and enforces
stricter access control.
fi
fi
fi
fi
fl
fi
fl
 4. Containerization

• De nition: A lightweight alternative to virtualization where applications run in containers

that package code, libraries, and dependencies together.

• Difference from Virtualization:

◦ Virtualization creates multiple OS instances (VMs) on one physical machine.

◦ Containerization shares the same OS kernel but isolates applications in containers.

• Bene ts:

◦ Faster startup and lower resource usage than VMs.

◦ Portability – “Run anywhere” (cloud, on-premise, hybrid).

◦ Easy scaling and deployment using tools like Docker and orchestration via
Kubernetes.

• Example: A microservices-based application where each microservice runs in its own

container but all share the host OS.

Q16. Explain the term Intruder Detection and prevention, Firewall.

1. Intrusion Detection and Prevention (IDS/IPS):

• De nition: Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are
advanced network security mechanisms used to protect cloud infrastructure from
unauthorized or malicious activities. They continuously monitor, analyze, and respond to
network traf c.

• Working:

◦ IDS (Detection): Works like a security camera. It passively monitors network

packets and raises alerts when suspicious activity is detected, such as port scanning,
malware communication, or abnormal user behavior.

◦ IPS (Prevention): Works like a security guard. It not only detects but also takes
immediate action to block, drop, or quarantine malicious traf c in real-time.

• Purpose: IDS/IPS systems ensure early detection of attacks, prevent exploitation of

vulnerabilities, and reduce the impact of cyber threats in cloud networks.

• Types of IDS/IPS (1-line each):

◦ Network-based IDS/IPS (NIDS/NIPS): Monitors entire network traf c.

◦ Host-based IDS/IPS (HIDS/HIPS): Monitors activity on a speci c server or device.

• Examples: Snort (IDS), Suricata (IDS/IPS), Cisco Firepower, Palo Alto Threat Prevention.
fi
fi
fi
fi
fi
fi
fi
 2. Firewall:

• De nition: A rewall is a security system (hardware or software) that enforces a set of rules
and policies to regulate traf c entering or leaving a network. It acts as a protective barrier
between trusted internal systems and the untrusted outside world (e.g., the internet).

• Working:

◦ Evaluates each packet of network traf c based on IP address, port number, and
protocol.

◦ Decides whether to allow, block, or restrict the traf c.

◦ Modern Next-Generation Firewalls (NGFWs) also inspect application-level data,

block malware, and integrate with IDS/IPS.

• Purpose: Firewalls prevent unauthorized access, block malicious connections, and reduce
the risk of attacks like worms, ransomware, or brute force logins.

• Types of Firewalls :

- Packet-Filtering Firewall: Examines packets’ source, destination, port.

- Stateful Firewall: Tracks active sessions and allows legitimate responses.
- Proxy Firewall: Acts as a gateway, hides internal network details.
- Next-Generation Firewall (NGFW): Adds deep packet inspection, intrusion prevention, and
app-level security.

• Examples: AWS Security Groups and NACLs (in cloud), pfSense, Palo Alto, Fortinet.

Q17. Explain the term OS Hardening and minimization, Veri ed and measured
boot.

1. OS Hardening and Minimization

• De nition: OS hardening is the process of securing an operating system by reducing its

attack surface, applying patches, and disabling unnecessary features.

• Minimization: Refers to removing or disabling non-essential applications, services, and

components to lower the number of exploitable vulnerabilities.
fi
fi
fi
fi
fi
fi
fi
 • Purpose: Ensures that only required functions run on the OS, making it more resistant to
malware, privilege escalation, and zero-day attacks.

• Example: Disabling unused ports, uninstalling default applications, and enforcing strong
password policies.

2. Veri ed Boot

• De nition: Veri ed Boot ensures that the system boots only with trusted and digitally
signed software components.

• Working: Each boot stage checks the integrity of the next stage (using cryptographic
signatures) before execution. If tampered les are detected, the boot process is stopped or
repaired.

• Purpose: Prevents rootkits, bootkits, or unauthorized changes from loading during startup.

• Example: Android Veri ed Boot (AVB) in modern smartphones.

3. Measured Boot

• De nition: Measured Boot is a security process where each component loaded during
boot is measured (hashed) and recorded into a secure hardware module like TPM
(Trusted Platform Module).

• Working: Instead of blocking boot like Veri ed Boot, it records the measurements in TPM
so they can be validated later by trusted authorities (remote attestation).

• Purpose: Detects tampering and provides evidence of a trusted boot environment.

• Example: Windows Measured Boot with TPM and remote attestation in enterprise
networks.
fi
fi
fi
fi
fi
fi
fi
 Q18. Cloud security principles
Key Cloud Security Principles:

1. Con dentiality

◦ Ensure that data is accessible only to authorized users.

◦ Achieved through encryption, authentication, and strict access controls.

2. Integrity

◦ Protect data from being altered, tampered, or corrupted.

◦ Techniques include hashing, digital signatures, and version control.

3. Availability

◦ Ensure cloud services and resources are reliable and accessible when needed.

◦ Uses redundancy, load balancing, and disaster recovery.

4. Authentication and Access Control

◦ Verify the identity of users and systems before granting access.

◦ Methods: Passwords, Multi-Factor Authentication (MFA), Role-Based Access

Control (RBAC).

5. Accountability (Auditability & Logging)

◦ Every action in the cloud should be traceable to an authenticated identity.

◦ Achieved via audit logs, monitoring, and compliance reporting.

6. Non-Repudiation

◦ Ensures users cannot deny their actions within the system.

◦ Achieved using digital signatures and tamper-proof logs.

7. Defense in Depth

◦ Multiple layers of security ( rewalls, IDS/IPS, encryption, monitoring) ensure if one

control fails, others still protect the system.

8. Compliance and Legal Considerations

◦ Adhere to laws, standards, and regulations (like GDPR, HIPAA, ISO standards) for
cloud data protection.
fi
fi
 Q19. What is Data retention, deletion and archiving procedures for tenant data,
Encryption, Data Redaction, Tokenization, Obfuscation, PKI

1. Data Retention, Deletion, and Archiving Procedures

• Data Retention: Policy that de nes how long tenant data is stored in the cloud (e.g.,
months/years) based on business or legal needs.

• Data Deletion: Secure and permanent removal of tenant data when no longer required,
ensuring it cannot be recovered.

• Data Archiving: Moving inactive or old tenant data to long-term, low-cost storage while
keeping it accessible if needed for compliance.

• Purpose: Ensures regulatory compliance, cost-ef ciency, and data lifecycle management.

2. Encryption

• De nition: Process of converting data into an unreadable format (ciphertext) using

cryptographic algorithms and keys.

• Purpose: Protects con dentiality of tenant data both at rest (storage) and in transit
(network).

• Example: AES encryption for cloud storage, TLS for secure communication.

3. Data Redaction

• De nition: The process of masking or removing sensitive parts of data (e.g., hiding credit
card digits except last 4).

• Purpose: Prevents exposure of con dential details when sharing logs, reports, or
documents.

• Example: “XXXX-XXXX-XXXX-4321” in a billing statement.

4. Tokenization

• De nition: Sensitive data is replaced with a random token (non-sensitive substitute) that has
no exploitable meaning.

• Purpose: Protects data like credit cards or healthcare records while still allowing business
processes to use the token.

• Example: Payment gateways using tokens instead of actual card numbers.

fi
fi
fi
fi
fi
fi
fi
 5. Obfuscation

• De nition: Technique of making data or code harder to understand without changing its
function.

• Purpose: Protects intellectual property (source code) and makes it dif cult for attackers to
misuse stolen data.

• Example: Replacing variable names in source code with meaningless symbols.

6. PKI (Public Key Infrastructure)

• De nition: A framework that uses public key cryptography for secure communication,
authentication, and digital signatures.

• Components: Certi cate Authorities (CA), digital certi cates, public/private key pairs.

• Purpose: Enables trust, authentication, con dentiality, and non-repudiation in cloud

environments.

• Example: SSL/TLS certi cates issued by a CA for secure websites.

Summary:

• Data lifecycle management (retention, deletion, archiving) ensures compliance and

ef ciency.

• Encryption, redaction, tokenization, obfuscation are techniques to protect sensitive tenant

data.

• PKI provides the underlying trust framework for secure communication and identity
veri cation.
fi
fi
fi
fi
fi
fi
fi
fi
fi