CCSP: 11 Answers to Domain 3 Questions

Disaster Recovery (DR) and Business Continuity Management (BCM)

In this section, we'll focus on those areas of BC/DR most applicable to cloud computing, specifically with the exam in mind.


Cloud-Specific BIA Concerns

In migrating to a cloud service architecture, your organisation will want to review its existing business impact analysis (BIA) and consider a new BIA, or at least a partial assessment, for cloud-specific concerns and the new risks offered by the cloud. Potential emergent BIA concerns include, but are not limited to the following:

  • New dependencies - Your data and operations will be reliant on external parties. The BIA should take into account possibilities involving the provider's inability to meet service requirements, in addition to similar failings on the part of any of the provider's requisite entities.

  • Regulatory failure - Regulatory failures could include insufficient protection for PII/PHI data to comply with statutory requirements such as GLBA, HIPAA, FERPA, or SOX, and they might also take the form of contractual inadequacies, such as copyright licensing violations. The BIA needs to include discussion of possible impacts from this situation.

  • Data breach/inadvertent disclosure - Cloud computing magnifies the likelihood and impact of two existing risks: internal personnel and remote access. The customer must reassess the potential impact and effect of an unauthorised disclosure, especially in terms of costs resulting from data breach notification legislative mandates. Other potential adverse results from breaches include public disclosure of damaging internal communication and reporting; loss of competitive advantage; negative effect on customer, supplier, and vendor goodwill; and contractual violations.

  • Vendor lock-in/lock-out


The negotiation between the customer and the provider should address

  • service needs

  • policy enforcement

  • audit capabilities

  • etc.


Some aspects to be considered include the logical location of backup data/systems.


Three general means of using Cloud Backups for BC/DR


Private Architecture, Cloud Service as Backup

If the organisation maintains its own IT enterprise (whether it is in the form of a private cloud or a non-cloud network environment), BC/DR plans can include the use of a cloud provider as a backup. Negotiations with providers will have to include

  • periodic upload bandwidth costs

  • frequency of backups

  • whether the organisation will use a full, incremental, or differential backup

  • the security fo the data and systems at the backup data center; and

  • ISP costs

The customer should determine when failover will occur. This may involve a formal declaration to include notifying the provider and will almost certainly require additional cost for the duration of the crisis event. Failover might take the form of

  • using the cloud service as a remote network; or

  • it might require downloading the backup data from the cloud to another site for contingency operations.

The negotiation between customer and provider should determine

  • how and when that download occurs

  • how long it should take; and

  • how and when data will be restored to the normal operations location at the end of the crisis event.

Cloud Operations, Cloud Provider as Backup

One of the attractive benefits of cloud operations is the resiliency and redundancy offered by cloud data centers. Cloud providers might offer a backup solution as a feature of their service. The provider will have all the responsibility for

  • determining the location and configuration of the backup

  • assessing and declaring disaster events.

Cloud Operations, Third-Party Cloud Backup Provider

Regular operations are hosted by the cloud provider, but contingency operations require failover to another cloud provider. The customer may opt for this selection in order to

  • distribute risk

  • enhance redundancy; or

  • preemptively reduce the possibility of vendor lock-out/lock-in.

Under this arrangement, both the cloud provider and cloud customer will take part in emergency assessment and declaration, and failover may require a joint effort. The customer will have to negotiate all the following terms with both the primary and backup cloud providers:

  • periodic upload bandwidth costs

  • frequency of backups

  • whether the organisation will use a full, incremental, or differential backup

  • the security fo the data and systems at the backup data center; and

  • ISP costs

It is strongly advised not to place your cloud backups in the same cloud as your production data. To protect against vendor lock-in/lock-out, the customer might consider full offsite backups, secured and kept by the customer or a trusted third-party vendor.


Question #1 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. Your organization has its production environment hosted in a cloud environment. You are considering using cloud backup services for your BC/DR purposes as well. What would probably be the best strategy for this approach, in terms of redundancy and resiliency?

  • Have your cloud provider also provide BC/DR backup.

  • Keep a BC/DR backup on the premises of your corporate headquarters.

  • Use another cloud provider for the BC/DR backup.

  • Move your production environment back into your corporate premises, and use your cloud provider to host your BC/DR backup.

Answer

  • Have your cloud provider also provide BC/DR backup.

  • Keep a BC/DR backup on the premises of your corporate headquarters.

  • Use another cloud provider for the BC/DR backup.

  • Move your production environment back into your corporate premises, and use your cloud provider to host your BC/DR backup.

It’s best to have your backup at another cloud provider in case whatever causes an interruption in service occurs throughout your primary provider’s environment; this will be more complicated and expensive, but it provides the best redundancy and resiliency. Using the same provider for production and backup is not a bad option, but it entails the risk of the same contingency affecting both copies of your data. Having either the backup or the production environment localised does not provide the best protection, so neither option B nor option D is desirable.


Question #2 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. You decide to have a tabletop test of the BC/DR activity. Which of the following will offer the best value during the test?

  • Have all participants conduct their individual activities via remote meeting technology.

  • Task a moderator well versed in BC/DR actions to supervise and present scenarios to the participants, including randomised special events.

  • Provide copies of the BC/DR policy to all participants.

  • Allow all users in your organization to participate.

Testing

Having a BC/DR plan is close to useless unless it is tested on a regular basis. Because testing the BC/DR will necessarily cause interruption to production, different forms of testing can be utilised for different purposes, adjusting the operational impact while achieving specific goals. Testing methods you should be familiar with include these:

  • Tabletop testing - Those who will take part in actual BC/DR activities and are formally tasked with such responsibilities, work together at a scheduled time to describe how they would perform their tasks in a given BC/DR scenario. It has the least impact on production.

  • Dry run - The organisation as a whole, takes part in a scenario at a scheduled time, describing their responses during the test and performing some minimal actions, but without performing all the actual tasks. This has more impact on productivity than tabletop testing.

  • Full test - The entire organisation takes part in an unscheduled, unannounced practice scenario, performing their full BC/DR activities. As this could include system failover and facility evacuation, this test is the most useful for detecting shortcomings in the plan, but it has the greatest impact on production.

In all forms of testing, it is important that the organisation uses moderators who

act as guides

  • monitor the response activity,

  • provide scenario inputs

  • introduce some element of chaos (to simulate unplanned deviations from the procedures due to potential effects of the event and disaster); and

  • document performance and any shortcomings.

Answer

  • Have all participants conduct their individual activities via remote meeting technology.

  • Task a moderator well versed in BC/DR actions to supervise and present scenarios to the participants, including randomised special events.

  • Provide copies of the BC/DR policy to all participants.

  • Allow all users in your organization to participate.


Question #3 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organisation. Your organisation has its production environment hosted by a cloud provider, and you have appropriate protections in place. Which of the following is a significant consideration for your BC/DR backup?

  • Enough personnel at the BC/DR recovery site to ensure proper operations

  • Good cryptographic key management

  • Access to the servers where the BC/DR backup is stored

  • Forensic analysis capabilities

In terms of cloud services, encryption plays an enhanced role and presents some additional challenges. Because your cloud data will be in an environment controlled and operated by personnel other than your organisation, encryption offers a degree of assurance that nobody without authorisation will be able to access your data in a meaningful way.

Another concern related to cloud operation is that it necessitates remote access. As with remote any remote access, there will always be a risk of interception of data, eavesdropping, and man-in-the-middle (MITM) attacks, Encryption also assists in alleviating this concern by mitigating this threat to some degree.



According to the NIST, "the proper management of cryptographic keys is essential to the effective use of cryptography for security. Keys are analogous to the combination of a safe. If a safe combination is known to an adversary, the strongest safe provides no security against penetration."


The NIST has further warnings. "Similarly, poor key management may easily compromise strong algorithms. Ultimately, the security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of mechanisms and protocols associated with keys, and the protection afforded to the keys."


Answer

  • Enough personnel at the BC/DR recovery site to ensure proper operations

  • Good cryptographic key management

  • Access to the servers where the BC/DR backup is stored

  • Forensic analysis capabilities

Option B is correct because appropriate cloud data security practices will require encrypting a great deal of the data, and having the keys will be necessary during contingency operations in order to access the backup; without the keys, you won’t be able to access your data. Option A is not correct because using the cloud for BC/DR will allow personnel to access the backup from anywhere they can get broadband connectivity, not specifically a recovery site. Option C is not correct because the customer will rarely have physical access to servers in the cloud environment. Option D is not correct because forensic analysis is not a significant consideration in BC/DR; it is much more important for incident response.


Question #4 You are in charge of creating the business continuity and disaster recovery (BC/DR) plan and procedures for your organization. You are going to conduct a full test of the BC/DR plan. Which of the following strategies is an optimum technique to avoid major issues?

  • Have another full backup of the production environment stored prior to the test.

  • Assign all personnel tasks to perform during the test.

  • Have the cloud provider implement a simulated disaster at a random moment in order to maximise realistic testing.

  • Have your regulators present at the test so they can monitor performance.


Having a BC/DR plan is close to useless unless it is tested on a regular basis. Because testing the BC/DR will necessarily cause interruption to production, different forms of testing can be utilised for different purposes, adjusting the operational impact while achieving specific goals. Testing methods you should be familiar with include these:

  • Tabletop testing - Those who will take part in actual BC/DR activities and are formally tasked with such responsibilities, work together at a scheduled time to describe how they would perform their tasks in a given BC/DR scenario. It has the least impact on production.

  • Dry run - The organisation as a whole, takes part in a scenario at a scheduled time, describing their responses during the test and performing some minimal actions, but without performing all the actual tasks. This has more impact on productivity than tabletop testing.

  • Full test - The entire organisation takes part in an unscheduled, unannounced practice scenario, performing their full BC/DR activities. As this could include system failover and facility evacuation, this test is the most useful for detecting shortcomings in the plan, but it has the greatest impact on production.


Answer

  • Have another full backup of the production environment stored prior to the test.

  • Assign all personnel tasks to perform during the test.

  • Have the cloud provider implement a simulated disaster at a random moment in order to maximise realistic testing.

  • Have your regulators present at the test so they can monitor performance.

A full test will involve both the production environment and the backup data; it is possible to create an actual disaster during a full test by ruining the availability of both. Therefore, it is crucial to have a full backup, distinct from the BC/DR backup, in order to roll back from the test in case something goes horribly wrong. Option B is incorrect because not all personnel will have tasks to perform; most personnel will have to evacuate from the facility only during a full test. Option C is incorrect because the cloud provider should not initiate the test, and the test should not take place at a random moment. Option D is not correct because the regulators’ presence will not add any value to the test.


Question #5 A Security Assertion Markup Language (SAML) identity assertion token uses the ___________________ protocol.

  • Extensible Markup Language (XML)

  • Hypertext Transfer Protocol (HTTP)

  • Hypertext Markup Language (HTML)

  • American Standard Code for Information Interchange (ASCII)


Identity and Access Management (IAM)


IAM is about the people, processes, and procedures used to create, manage, and destroy identities of all kinds. IAM systems consist of several components:

  1. They are designed to verify or authenticate users to gain access to resources.

  2. Once authenticated, the users are then authorised and given subsequent access to the resources.

  3. The user is generally managed through a central user repository. This is often accomplished with role-based access which allows for a broader and more consistent set of controls for users.

IAM functionality is divided into identity and access management:


Identity Management



It is the process whereby individuals are given access to system resources by associating user rights with a given identity.

Provisioning is the first phase of identity management, where

  1. Each subject is issued a unique identity assertion - something that serves as an identification, such as a user ID.

  2. The user is also (usually) issued a password for use in authenticating the identity assertion.

The generation, storage, and security controls of these passwords is known as password management. In a self-service identity management configuration (as opposed to a provider-managed configuration), the cloud customer is in charge of provisioning each user's identity/identity assertion.


Access Management




Access management tries to identify who a user is and what they are allowed to access each time they attempt to access a resource. This is accomplished through a combination of means:

  • Authentication - establishes the identity by asking who you are and determining whether you are a legitimate user (often by combining the use of an identity assertion and an authentication factor - to learn more about authentication factors, review this CISSP Q&A)

  • Authorisation - evaluates what you have access to after authentication occurs. In many cases, this means comparing the identity assertion against an access control list (ACL).

  • Policy Management - Serves as the enforcement arm of authentication and authorisation; and is established based on business needs and senior management decisions.

  • Federation - An association of organisations that facilitate the exchange of information as appropriate, about users and access to resources, allowing them to share resources across disparate organisations.

  • Identity Repositories - The directory services for the administration of user accounts and their associated attributes.


All these five components are stored in what is called an identity repository directory. The schema used is much more detailed and has many more uses. It must be protected at all costs. A breach of this component would be devastating to the organisation. Here are some of the most widely used directory services:

  • X.500 and LDAP

  • Microsoft Active Directory

  • Novell eDirectory

  • Metadata replication and synchronisation

Besides identity repositories and their directories, other core facets of IAM include

  • federated identity management

  • federation standards

  • federated identity providers

  • various forms of single sign-on (SSO)

  • multi-factor authentication;

  • supplemental devices

Single Sign-on (SSO)


SSO refers to a situation where

  1. The user signs in once, usually through an authentication server; then

  2. When the user wants to access the organisation's resources (say, on different servers throughout the environment), each resource will query the authentication server to determine if the user is logged in and properly authenticated.

  3. The authentication server then approves the request and the resource server grants the user access.

Federated Identity Management

Federated identity management is much the same as normal identity management except it is used to manage identities across disparate organisations. There are generally two types of federation:


Web-of-trust federation



  • In the web-of-trust model, each member of the federation (that is, each organisation that wants to share resources and users) has to review and approve each other member for inclusion in the federation.

  • It can become costly and unwieldy once the federation reaches a significant number of organisations.

Third-party identifier federation



  • The member organisations outsource their responsibilities to review and approve each other to some external party who will take responsibility on behalf of all the members.

  • This is a popular model in the cloud environment where, the identifier role can often be combined with other functions (for instance, crypto key management) and outsourced to a cloud access security broker (CASB).

When discussing federation, we apply the terms identity provider and relying parties.

  • The identity provider is the entity that provisions and authenticates identity assertions

  • The relying party is any member of the federation that shares resources based on authentication identities.

  • In the web-of-trust model, the identity provider is each member of the federation and they are also the relying parties.

  • In the trusted third-party model, the identity provider is the trusted third-party, and the relying parties are each member organisation within the federation.

Federation Standards

There are a number of federation standards, but the most widely-used one is Security Assertion Markup Language (SAML).




  • SAML 2.0 is XML-based and consists of a framework for communicating authentication, authorisation or entitlement information, and attribute information across organisations. In other words, it is a means for users from outside organisations to be verified and validated as authorised users inside or with another organisation without the user having to create identities in both locations.

Some other standards include

  • Web Services (WS) Federation - is a protocol that allows realms to transfer trust. Transferred trust enables SSO, in which an authorised user can login to Realm A and gain access to Realm B.

  • OAuth - It is often used in authorisation with mobile apps. It is a framework that provides third-party applications limited access to HTTP services.

  • OpenID Connect - It is an interoperable authentication protocol based on the OAuth 2 specification. It allows developers to authenticate their users across websites and applications without having to manage usernames and passwords.

Answer

  • Extensible Markup Language (XML)

  • Hypertext Transfer Protocol (HTTP)

  • Hypertext Markup Language (HTML)

  • American Standard Code for Information Interchange (ASCII)


Question #6 The minimum essential characteristics of a cloud data center are often referred to as “ping, power, pipe.” What does this term mean?

  • Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an Internet service provider (ISP)/the Internet

  • Application suitability; availability; connectivity

  • Infrastructure as a service (IaaS); software as a service (SaaS); platform as a service (PaaS)

  • Anti-malware tools; controls against distributed denial of service (DDoS) attacks; physical/environmental security controls, including fire suppression

The paramount importance in BC/DR planning and efforts should be health and human safety, as in all security matters. After we have seen to health and human safety concerns, our primary focus should be continuity of critical operations.

To begin with, we have to determine what the organisation's critical operations are. In a cloud data center, that will usually be dictated by the customer contracts and SLAs. Other sources can be useful in this portion of the effort, most particularly the BIA, which informs us which assets would cause the greatest adverse impact if lost or interrupted.


For instance, in a cloud data center, our main focus should be on connectivity, utilities, and processing capacity ("ping, power, pipe"). These are, therefore, critical operations.


Answer

  • Remote access for customer to racked devices in the data center; electrical utilities; connectivity to an Internet service provider (ISP)/the Internet

  • Application suitability; availability; connectivity

  • Infrastructure as a service (IaaS); software as a service (SaaS); platform as a service (PaaS)

  • Anti-malware tools; controls against distributed denial of service (DDoS) attacks


Question #7 To support all aspects of the CIA triad (confidentiality, integrity, availability), all of the following aspects of a cloud data center need to be engineered with redundancies except ___________________.

  • Power supply

  • HVAC

  • Administrative offices

  • Internet service provider (ISP)/connectivity lines

Answer

  • Power supply

  • HVAC

  • Administrative offices

  • Internet service provider (ISP)/connectivity lines

The administrative offices of a cloud data center rarely are part of the critical functions of the operation; a data center could likely endure the loss of the administrative offices for a considerable length of time, so redundancy here is probably not cost effective.


All the other items are part of the critical path and need redundancies.


Question #8 Who is the cloud carrier?

  • The cloud customer

  • The cloud provider

  • The regulator overseeing the cloud customer’s industry

  • The ISP between the cloud customer and provider

When we are discussing supply chain and vendor management in the realm of cloud computing, we are talking about things that bring risk into the equation. For instance, while relying on legacy internal servers to deliver application to end users, outages can be handled very quickly as there is usually staff standing by to correct problems. In a cloud scenario, the cloud vendor may only be providing IaaS, and as a result, when you have application problems, getting to the cloud environment to correct them could be more problematic. In looking at a supply chain, several parties may be involved in delivering your cloud service:

  • Cloud carriers are the ISPs between the cloud customer and the cloud provider

  • Platform providers are the vendors supplying the operating system used in the cloud

  • Application providers are the vendors supplying the software used in the cloud

Should any of these entities become unavailable for some reason or cause problems in accessing resources, you have a problem.


Answer

  • The cloud customer

  • The cloud provider

  • The regulator overseeing the cloud customer’s industry

  • The ISP between the cloud customer and provider


Question #9 Which of the following terms describes a means to centralise logical control of all networked nodes in the environment, abstracted from the physical connections to each?

  • Virtual private network (VPN)

  • Software-defined network (SDN)

  • Access control lists (ACLs)

  • Role-based access control (RBAC)

Software-defined networking technology is an approach to network management that enables dynamic, programmatically efficient network configuration in order to improve network performance and monitoring, making it more like cloud computing than traditional network management.

With the wide use of virtualisation cloud-specific logical configurations, and software-defined networking (SDN), each of the cloud data center elements (the hardware, the logical configuration, and the networking elements) will most likely be managed through a centralised management and control interface, often referred to as the "management plane" or the "control plane." The management plan can be used in each of the physical, logical, and networking areas of the data center, for tasks such as:

  • Physical: Applying, detecting, and enforcement of hardware baseline configurations

  • Logical: Scheduling tasks, optimisation resource allocation, maintaining and updating software and virtualised hardware

  • Networking: All network management and administration tasks, except, of course, direct physical procedures, such as connecting cabling to boxes.

Answer

  • Virtual private network (VPN)

  • Software-defined network (SDN)

  • Access control lists (ACLs)

  • Role-based access control (RBAC)


Question #10 In software-defined networking (SDN), the northbound interface (NBI) usually handles traffic between the ___________________ and the ___________________.

  • Cloud customer; ISP

  • SDN controllers; SDN applications

  • Cloud provider; ISP

  • Router; host


SDN Architectural Components


The following list defines and explains the SDN architectural components:


SDN Application

  • SDN Applications are programs that explicitly, directly and programmatically communicate their network requirements and desired network behaviour to the SDN Controller via a northbound interface (NBI). In addition, they may consume an abstracted view of the network for their internal decision-making purposes.

  • An SDN Application consists of one SDN Application Logic and one or more NBI Drivers.

  • SDN Applications may themselves expose another layer of abstracted network control, thus offering one or more higher-level NBIs through respective NBI agents.

SDN Controller

The SDN Controllers is a logically-centralised entity in charge of

  1. Translating the requirements from the SDN Application layer down to the SDN Data paths; and

  2. Providing the SDN Applications with an abstract view of the network.

An SDN Controller consists of

  • One or more NBI agents

  • The SDN Control Logic; and

  • The Control-to-Data-Plane Interface (CDPI)

SDN Datapath

  • The SDN Datapath is a logical network device that exposes visibility and uncontested control over its advertised forwarding and data processing capabilities. The logical representation may encompass all or a subset of the physical substrate resources.

  • An SDN Datapath comprises a CDPI agent and a set of one or more forwarding engines and zero or more traffic processing functions. These engines and functions may include simple forwarding between the datapath's external interfaces or internal traffic processing or termination functions.

SDN Control-to-Data-Plane Interface (CDPI)


The SDN CDPI is the interface defined between an SDN Controller and an SDN Datapath, which provides

  1. Programmatic control of all forwarding operations

  2. Capabilities advertisement

  3. Statistics reporting; and

  4. Event notification

SDN Northbound Interfaces (NBI)

  • SDN NBIs are interfaces between SDN Applications and SDN Controllers and typically provide abstract network views and enable direct expression of network behaviour and requirements.

Answer

  • Cloud customer; ISP

  • SDN controllers; SDN applications

  • Cloud provider; ISP

  • Router; host


Question #11 Software-defined networking (SDN) allows network administrators/architects to perform all the following functions except__________

  • Reroute traffic based on current customer demand

  • Create logical subnets without having to change any actual physical connections

  • Filter access to resources based on specific rules or settings

  • Deliver streaming media content in an efficient manner by placing it closer to the end user

Answer

  • Reroute traffic based on current customer demand

  • Create logical subnets without having to change any actual physical connections

  • Filter access to resources based on specific rules or settings

  • Deliver streaming media content in an efficient manner by placing it closer to the end user

Option D is really a definition of a CDN (content delivery network).

All the other options are aspects of SDNs.

61 views0 comments

Recent Posts

See All

© 2021 by CloudTAC