CNT 4422: Cloud Computing

Select the Amazon S3 types of access keys.

- AWS Account Access Keys - IAM User Access Keys - Temporary Security Credentials

Where can you get answers to questions about your bill? (Choose all that apply)

- AWS Knowledge Center - Contacting AWS customer service

Please match the following: - A VPC can span - One or more subnets can be attached to

- All Availability Zones - You selected Single Availability Zone.

You can create a.................., ..............,.........,............ connection between your corporate data center and your VPC and leverage the AWS Cloud as an extension of your corporate data center.

- Hardware - Virtual - Private - Network

What are the high level steps to create a user account? (Choose all that apply)

- Know the difference between a privilege administrator, user and systems - IAM user can use the AWS CLI - IAM user can use a role

Please Match the following: - 10.0.0.0 - 10.0.0.1 - 10.0.0.2 - 10.0.0.3 - 10.0.0.255

- Network address - Reserved by AWS for the VPC router - Reserved by AWS. The IP address of the DNS server is always the base of the VPC network range plus two; however, we also reserve the base of each subnet range plus two. For VPCs with multiple CIDR blocks, the IP address of the DNS server is located in the primary CIDR. For more information, see Amazon DNS Server. - Reserved by AWS for future use. - Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.

IAM enables you to add which specific conditions? (choose all that apply)

- Time of Day - Originating IP Address - Enforce SSL - Require MFA

What are the most common operations you'll execute through the API?

- Write an object - Read an object - Create a Bucket - Deleting an Object

What are the benefits of using AWS CloudTrail? (Choose all that apply)

- implified Compliance - Security Analysis and Troubleshooting - Security Automation - Visibility into User and Resource Activity

When you create a VPC, you must specify an IPv4 CIDR block for the VPC. The allowed block size is between ............. a netmask (65,536 IP addresses) and ............... netmask (16 IP addresses).

/16 /28

Math the command line interface with its correct description. 1- Provides commands for a broad set of AWS products, and is supported on Windows, Mac, and Linux. 2- Provides commands for a broad set of AWS products for those who script in the PowerShell environment.

1- AWS Command Line Interface (CLI). 2-AWS Tools for Windows PowerShell.

Match the following: 1- Security Groups 2- Network access control lists (ACLs) 3- Flow logs

1- Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. 2- Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. 3- Capture information about the IP traffic going to and from network interfaces in your VPC.

You can create and manage AWS users and groups, and use permissions to ------ or --------their access to AWS resources.

1- Allow 2- Deny

Match the following: 1 - Elastic Network Interfaces 2- Route table 3- Internet gateway 4- NAT Gateways 5- DHCP Option Set 6- DNS A standard by which names used on the Internet are resolved to their corresponding IP addresses. 7- Elastic IP 8- VPC Endpoints

1- An elastic network interface (referred to as a network interface in this documentation) is a logical networking component in a VPC that represents a virtual network card. 2- A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. 3- An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic. 4- You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. 5- Provides a standard for passing configuration information to hosts on a TCP/IP network. 6- A standard by which names used on the Internet are resolved to their corresponding IP addresses. 7- A static, public IPv4 address designed for dynamic cloud computing. 8- Enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

Network ACL rules.

1- Automatically applies to all instances in the subnets it's associated with (therefore, you don't have to rely on users to specify the security group) 2- We process rules in number order when deciding whether to allow traffic. 3- Is stateless: Return traffic must be explicitly allowed by rules. 4- Supports allow rules and deny rules 5- Operates at the subnet level.

Match the key concepts with the correct terminology. 1- A container for objects stored in Amazon S3. 2- The fundamental entities stored in Amazon S3 3- The unique identifier for an object within a bucket. 4- The geographical region where Amazon S3 will store the buckets you create. 5- Provides read-after-write consistency for PUTS of new objects in your S3 bucket in all regions with one caveat.

1- Bucket 2- Objects 3- Keys 4- Regions 5- Amazon S3 Data Consistency

Match the advantages of the Amazon S3 service with the correct definition. 1- Create and name a bucket that stores data. Buckets are the fundamental container in Amazon S3 for data storage. 2- Store an infinite amount of data in a bucket. Upload as many objects as you like into an Amazon S3 bucket. Each object can contain up to 5 TB of data. Each object is stored and retrieved using a unique developer-assigned key. 3- Download your data or enable others to do so. Download your data any time you like or allow others to do the same. 4- Grant or deny access to others who want to upload or download data into your Amazon S3 bucket. Grant upload and download permissions to three types of users. Authentication mechanisms can help keep data secure from unauthorized access. Use standards-based REST and SOAP interfaces designed to work with any Internet-development toolkit.

1- Create Buckets 2- Store data in Buckets 3- Download data 4- Permissions 5- Standard interfaces

To automatically distribute incoming application traffic across multiple instances, use

1- Elastic 2- Load 3- Balancing

Match the AWS IAM functionality with the correct role/permission. 1- Assign individual security credentials or request temporary security credentials to provide users access to AWS services and resources. 2- Manage permissions to control which operation can be performed by the entity, or AWS service, that assumes the role. 3- Allows existing identities in your enterprise to access the AWS Management Console, call AWS APIs, and access resources, without the need to create an IAM user for each identity.

1- IAM users and their access 2- IAM roles and their permissions 3- Manage federated users and their permissions.

Match the policy type to the definition. 1- Attach managed and inline policies to IAM identities, such as users, groups to which users belong, and roles 2- Attach inline policies to resources 3- Apply a permission boundary to an AWS Organizations organization or organizational unit 4- Control what principals can access a resource

1- Identity-based policies 2- Resource-based policies 3- Organizations SCPs 4- Access control lists

What does AWS IAM allow you to do?

1- Manage IAM users and their access 2- Manage IAM roles and their permissions 3- Manage federated users and their permissions

Security Group Rules

1- Operates at the instance level 2- Supports allow rules only 3- Is stateful: Return traffic is automatically allowed, regardless of any rules. 4- We evaluate all rules before deciding whether to allow traffic. 5- Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on.

Match the definition to the Threat. 1- Impersonating something or someone else. 2- Modifying data or code 3- Claiming to have not performed an action 4- Information Disclosure 5- Denial of Service 6- Elevation of Privilege

1- Spoofing 2- Tampering 3- Repudiation 4- Exposing Information to someone not authorized to used it. 5- Deny or degrade service to users. 6- Gains capabilities without proper authorization.

Match the Mitigation to the Threat. 1- Authentication Validation 2- Digital signatures and message authentication codes and/or Access control lists. 3- Secure logs and audit records, strong authentication mechanism 4- Encryption 5- ACLs, firewall filter rules, design patterns that allow for high availability. 6- ACLs, input validation

1- Spoofing 2- Tampering 3- Repudiation 4- Information Disclosure 5- Denial of Service 6- Elevation of Privilege

Match the Property to the Threat. 1- Authentication 2- Integrity 3- Non-repudiation 4- Confidentiality 5- Availability 6- Authorization

1- Spoofing 2- Tampering 3- Repudiation 4- Information Disclosure 5- Denial of Service 6- Elevation of Privilege

If an Amazon EBS-backed instance fails, you can restore your session by following one of these methods: (choose all that apply).

1- Stop and then start again 2- Automatically snapshot all relevant volumes and create a new AMI. 3- Attach the volume to the new instance.

Select all of the Security Best Practices:

1- Use AWS Identity and Access Management (IAM) to control access to your AWS resources, including your instances. 2- Restrict access by only allowing trusted hosts or networks to access ports on your instance. 3- Review the rules in your security groups regularly, and ensure that you apply the principle of least privilege—only open up permissions that you require. 4- Disable password-based logins for instances launched from your AMI.

Match the IAM best practices to the correct definition. 1- Create individual users 2- Manage permissions with groups 3- Grant least privilege 4- Turn on AWS CloudTrail 5- Configure a strong password policy 6- Enable MFA for privileged users 7- Use IAM roles for Amazon EC2 instances 8- Use IAM roles to share access 9- Rotate security credentials regularly 10- Restrict privileged access further with conditions 11- Reduce or remove use of root

1- Users 2- Groups 3- Permissions 4- Auditing 5- Password 6- MFA 7- Roles 8- Sharing 9- Rotate 10- Conditions 11- Root

You can create a flow log for a ......., a ..........., or a ..........

1- VPC 2- subnet 3- Network Interface

Amazon EC2 provides the following features: (Choose all that apply)

1- Virtual computing environments, known as instances. 2- Secure login information for your instances using key pairs (AWS stores the public key, and you store the private key in a secure place). 3- firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using security groups. 4- Virtual networks you can create that are logically isolated from the rest of the AWS cloud, and that you can optionally connect to your own network, known as virtual

Match the benefits of Cloud Trail. 1- SIMPLIFIED COMPLIANCE 2- SECURITY ANALYSIS AND TROUBLESHOOTING 3- VISIBILITY INTO USER AND RESOURCE ACTIVITY 4- SECURITY AUTOMATION

1- With AWS CloudTrail, you can discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time. AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred. AWS CloudTrail allows you track and automatically respond to account activity threatening the security of your AWS resources. With Amazon CloudWatch Events integration, you can define workflows that execute when events that can result in security vulnerabilities are detected. For example, you can create a workflow to add a specific policy to an Amazon S3 bucket when CloudTrail logs and API call that makes that bucket public. With AWS CloudTrail, simplify your compliance audits by automatically recording and storing event logs for actions made within your AWS account. Integration with Amazon CloudWatch Logs provides a convenient way to search through log data, identify out-of-compliance events, accelerate incident investigations, and expedite responses to auditor requests. 2- ] With AWS CloudTrail, you can discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time. AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred. AWS CloudTrail allows you track and automatically respond to account activity threatening the security of your AWS resources. With Amazon CloudWatch Events integration, you can define workflows that execute when events that can result in security vulnerabilities are detected. For example, you can create a workflow to add a specific policy to an Amazon S3 bucket when CloudTrail logs and API call that makes that bucket public. With AWS CloudTrail, simplify your compliance audits by automatically recording and storing event logs for actions made within your AWS account. Integration with Amazon CloudWatch Logs provides a convenient way to search through log data, identify out-of-compliance events, accelerate incident investigations, and expedite responses to auditor requests. 3- With AWS CloudTrail, you can discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time. AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred. AWS CloudTrail allows you track and automatically respond to account activity threatening the security of your AWS resources. With Amazon CloudWatch Events integration, you can define workflows that execute when events that can result in security vulnerabilities are detected. For example, you can create a workflow to add a specific policy to an Amazon S3 bucket when CloudTrail logs and API call that makes that bucket public. With AWS CloudTrail, simplify your compliance audits by automatically recording and storing event logs for actions made within your AWS account. Integration with Amazon CloudWatch Logs provides a convenient way to search through log data, identify out-of-compliance events, accelerate incident investigations, and expedite responses to auditor requests. 4- With AWS CloudTrail, you can discover and troubleshoot security and operational issues by capturing a comprehensive history of changes that occurred in your AWS account within a specified period of time. AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred. AWS CloudTrail allows you track and automatically respond to account activity threatening the security of your AWS resources. With Amazon CloudWatch Events integration, you can define workflows that execute when events that can result in security vulnerabilities are detected. For example, you can create a workflow to add a specific policy to an Amazon S3 bucket when CloudTrail logs and API call that makes that bucket public. With AWS CloudTrail, simplify your compliance audits by automatically recording and storing event logs for actions made within your AWS account. Integration with Amazon CloudWatch Logs provides a convenient way to search through log data, identify out-of-compliance events, accelerate incident investigations, and expedite responses to auditor requests.

What is a Dynamic IP address and a Static IP address? 1- Dynamic IP address 2- Static IP address

1- a different IP address by your ISP every time your router connects to the internet. 2- ISP will provide you with a dedicated IP address which you will be using all the time

All AMIs are categorized as either ......... by Amazon EBS, which means that the root device for an instance launched from the AMI is an Amazon EBS volume, or backed by ............store, which means that the root device for an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3.

1- backed 2- instance

Security groups act as a firewall for associated instances, controlling both and traffic at the instance level.

1- inbound 2- outbound

Match the sub-resource with the correct description. 1- When you create a bucket, you specify the AWS Region where you want Amazon S3 to create the bucket. 2- Amazon S3 supports both bucket policy and access control list (ACL) options for you to grant and manage bucket-level permissions. 3- Enables you to track requests for access to your bucket. 4- Helps you recover accidentally overwrites and deletes. 5- Rules for objects in your bucket that have a well-defined lifecycle.

1- location 2- policy and ACL 3- logging 4- versioning 5- lifecycle

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; Please select the correct CIDR Block notation required for creating a VPC.

10.0.0.0/16

You receive the benefits of the free tier automatically for [answer1] months after you sign up for an AWS account.

12

Companies will often think of the best methods to meet its computing objectives. Please select the best option for a Hybrid-Cloud model?

A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud. The most common method of hybrid deployment is between the cloud and existing on-premises infrastructure to extend, and grow, an organization's infrastructure into the cloud while connecting cloud resources to internal system.

You can control access to the objects you store in Amazon S3.

Access Control Information

The acronym AMI stands for

Amazon Machine Image

Be sure to use a reputable and up-to-date antivirus and antispam solution on your system.

Antivirus/ Antispam software

When you launch an instance, you can select an ........... ............... .

Availability Zone

Which category does this best practice fall under? "Regularly back up your EBS volumes using Amazon EBS snapshots (Links to an external site.), and create an Amazon Machine Image (AMI) (Links to an external site.) from your instance to save the configuration as a template for launching future instances."

Backup and Recovery

Which category does this best practice fall under? "Regularly test the process of recovering your instances and Amazon EBS volumes if they fail."

Backup and Recovery

If an infection-whether from a conventional virus, a Trojan, or a worm-spreads beyond the individual instance and infects a wider fleet, it might carry malicious code that creates a botnet-a network of infected hosts that can be controlled by a remote adversary. Follow all the previous recommendations to avoid a botnet infection.

Botnets

When using the AWS SDKs, you first create a [answer1] and then use the client to send a request to create a bucket. When you create the client, you can specify an AWS Region.

Client

Select the use case that corresponds to the following diagram: - AWS resource modification log is requested for compliance audit. - Encrypted log history is retrieved from an S3 Bucket. - Logs are decrypted and logs integrity verify. - Logs are reviewed for unauthorized access. - logs audit activity is completed.

Compliance Aid

Laptop theft, password theft, or sensitive emails being sent to the incorrect individuals are examples of

Confidentiality of Electronic Data.

With CloudTrail, you can log, ......... monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides .......... history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

Continuously Event

check availlable to all AWS customers

Core Checks and Recommendations

Select the five categories that AWS Trusted Advisor will analyze.

Cost Optimization Performance Security Fault Tolerance Service Limits

how Cloud Trail Works

D 1- Account Activity occurs. 2- Cloud trail capture and records the activity as cloud trail event. 3- You can view and download your activity in the cloud trail event Event History. 4- You can setup Cloud Trail and define an Amazon S3 bucket for storage. 5- A log of Cloud Trail events is delivered to S3 bucket and optionally delivered to Cloud Watch logs and CloudWatch events.

If an attacker can crash your component or redirect packets into a black hole, or consume all the CPU on the box, you have a ____________ situation.

Denial of Service Denial of Service occurs when an attacker can degrade or deny service to users.

Which statement best describes Desktop Virtualizaton?

Desktop virtualization allows a central administrator (or automated administration tool) to deploy simulated desktop environments to hundreds of physical machines at once.

A Cloud Computing phrase "go global in minutes" can best be defined by which of the following options?

Easily deploy your application in multiple regions around the world with just a few clicks. This means you can provide a lower latency and better experience for your customers simply and at minimal cost.

If you don't specify a Region, Amazon S3 creates the bucket in the US [answer1] Region.

East

Which Threat allows an attacker to elevate their privilege level from anonymous to the local user (or whatever account is hosting the vulnerable component).

Elevation Privilege Occurs when attackers when an attacker has the ability to gain privilege that they would normally have.

IAM can be used to grant your --------and ---------- federal access to the AWS Management Console and AWS service APIs, using your existing Identity systems such as Microsoft Active Directory.

Employees and Applications

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account and will fix all security-related issues.

False

Amazon EC2 does not enable you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic.

False

An IP address (short for Internet Program address) is a unique address for each device connected to a network or the internet.

False

An IPv4 is a version of internet protocol where each address has 3 bytes of data.

False

Before storing anything in Amazon S3, you need to register with the service and provide a payment instrument that will be charged at the end of each month. There are set-up fees to begin using the service. At the end of the month, your payment instrument is automatically charged for that month's usage.

False

EC2 instances can run with a role without specific permissions to access and make API calls to AWS.

False

Only individuals can use bucket policies.

False

Regions are isolated from each other, and we don't replicate resources across regions automatically.

False

Remote Desktop allows a Windows System to connect to a Linux System over the network.

False

The ISP has no control over the content you can receive from the Internet.

False

The SOAP API uses the standard HTTP headers and status codes, so that standard browsers and toolkits work as expected.

False

The process of risk management is an ongoing, iterative process. It must not be repeated indefinitely.

False

Use AWS regions to manage network latency and regulatory compliance. When you store data in a specific region, it is replicated outside that region.

False

When creating an AWS AMI you do not need to do the following: Protect Credentials Protect Data Minimize exposure

False

When you launch an instance, you must select an AMI that's in a different region.

False

When you work with an instance using the command line interface or API actions, you must not specify its regional endpoint.

False

You can secure your VPC instances using only security groups; however, you can add network ACLs to reduce the additional layer of defense. For more information, see Network ACLs (Links to an external site.).

False

You cannot easily customize the network configuration for your Amazon VPC.

False

You cannot provision Amazon EC2 resources, such as instances and volumes, directly using Amazon EC2.

False

You do not need to worry if your cloud provider is compliant with all standards.

False

Your router's private address is the address it has been assigned in the public network.

False

After you launch an instance, it looks like a traditional host, and you can not interact with it as you would any computer.

False After you launch an instance, it looks like a traditional host, and you can interact with it as you would any computer. You have complete control of your instances; you can use sudo to run commands that require root privileges.

To monitor the calls made to the Amazon EC2 API for your account, including calls made by the AWS Management Console, command line tools, and other services, use AWS CloudWatch.

False Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real time

An IAM user can request temporary security credentials for their own use but cannot hand them out to federated users or applications.

False An IAM user can request these temporary security credentials for their own use or hand them out to federated users or applications

The account access keys provide limited access to the AWS resources owned by the account.

False The account access keys provide full access to the AWS resources owned by the account.

After an instance store-backed instance fails or terminates, it can be restored.

False After an instance store-backed instance fails or terminates, it cannot be restored. If you plan to use Amazon EC2 instance store-backed instances, we highly recommend that you distribute the data on your instance stores across multiple Availability Zones. You should also back up critical data from your instance store volumes to persistent storage on a regular basis.

An ACCEPT record for the originating ping that was allowed by both the network ACL and the security group, and therefore WAS NOT ALLOWED to reach your instance. 2 123456789010 eni-1235b8ca123456789 203.0.113.12 172.31.16.139 0 0 1 4 336 1432917027 1432917142 ACCEPT OK

False An ACCEPT record for the originating ping that was allowed by both the network ACL and the security group, and therefore WAS ALLOWED to reach your instance.

All AWS services fall under the free tier.

False Because of licensing restrictions, some Ami machines are not eligible for the Free Tier. The ones that are eligible are marked in the Amazon EC2 launch wizard as "Free Tier Eligible".

You can not change the "DeleteonTermination" attribute when you launch an instance.

False By default, the root volume for an AMI backed by Amazon EBS is deleted when the instance terminates. You can change the default behavior to ensure that the volume persists after the instance terminates. To change the default behavior, set the DeleteOnTermination attribute to false using a block device mapping

Multi-factor authentication (MFA) is a security feature available at an extra cost that augments user name and password credentials.

False Protect your AWS environment by using AWS MFA, a security feature available at no extra cost that augments user name and password credentials. MFA requires users to prove physical possession of a hardware MFA token or MFA-enabled mobile device by providing a valid MFA code.

An AWS Security Group is a stateless firewall.

False Security groups are stateful — This means any changes applied to an incoming rule will be automatically applied to the outgoing rule. e.g. If you allow an incoming port 80, the outgoing port 80 will be automatically opened.

Spoofing attacks cannot happen locally.

False Spoofing attack occurs when an attacker pretends to be someone they are not.

Third-party applications or services from AWS marketplace are eligible for the free tier.

False Third-party applications or services are not eligible for AWS free Tier.

When an instance is terminated, the instance does not perform a normal shutdown.

False When an instance is terminated, the instance performs a normal shutdown. The root device volume is deleted by default, but any attached Amazon EBS volumes are preserved by default, determined by each volume's deleteOnTermination attribute setting. The instance itself is also deleted, and you can't start the instance again at a later time.

Your AWS account has no limit on the number of instances that you can have running.

False You are limited to running On-Demand Instances per your vCPU-based On-Demand Instance limit, purchasing 20 Reserved Instances, and requesting Spot Instances per your dynamic Spot limit per region. New AWS accounts may start with limits that are lower than the limits described here.

(IAM) Identity and Access Management is offered with additional charges.

False You will be charged only for use of other AWS services by your users.

Access keys are used to sign in to secure AWS pages, such as the AWS Management Console and the AWS Discussion Forums.

False Access Keys used to make programmatic calls to AWS from the AWS APIs, AWS CLIs, AWS SDKs, or AWS tools for Windows PowerShell.

Passwords are used to make programmatic calls to AWS from the AWS APIs, AWS CLI, AWS SDKs, or AWS Tools for Windows ProwerShell.

False Password are used to sign in to secure AWS pages such as the AWS Management Console and the AWS Discussions Forums.

The four main components of a policy are: actions, resources, effect, and time.

False The four main Components of a policy are: Actions, Resources, Effects, and Conditions.

Checks available with business or Enterprise support plans

Full Trusted Advisor Benfits

An instance type essentially determines the [answer1] of the host computer used for your instance.

Hardware

Many AWS customers install host-based IDS software, such as the open source product OSSEC, that includes file integrity checking and rootkit detection software. Use these products to analyze important system files and folders and calculate checksum that reflect their trusted state, and then regularly check to see whether these files have been modified and alert the system administrator if so.

Host-based IDS software

Each region is completely............. . Each Availability Zone is .............. , but the Availability Zones in a region are connected through low-latency links.

Independent Isolated

Each virtual machine, called an [answer1], functions as a virtual private server.

Instance

Select the best option that defines "trade capital expense for a variable expense".

Instead of having to invest heavily in data centers and servers before you know how you're going to use them, you can only pay when you consume computing resources, and only pay for how much you consume.

Based on the image below, Connecting to what network component makes the public subnet public?

Internet Gateway.

ISP stands for Internet Service Provider.

Internet Service Provider

The name that you assign to an object.

Key

Passwords, network and host-based firewalls, network intrusion detection systems, access control lists, and data encryption are examples of [answer1].

Logical controls

A set of name-value pairs with which you can store information regarding the object.

Metadata

What is NAT?

Network Address Translation

What type of virtualization allows for a useful way to run Linux and Windows environments side-by-side. Enterprises can also push virtual operating systems to computers, which: Reduces bulk hardware costs, since the computers don't require such high out-of-the-box capabilities. Increases security, since all virtual instances can be monitored and isolated. Limits time spent on IT services like software updates.

Operating System Virtualization

Patch external-facing and internal systems to the latest security level. Worms often spread through unpatched systems on the network.

Patching

Administrative controls consist of approved written.

Policies, Procedures, Standards, and Guidelines

Give users the minimum privileges they need to carry out their tasks. That way, even if a user accidentally launches an infected executable, the impact on the instance and the wider cloud system is minimized.

Principle of Least Privilege

If a subnet doesn't have a route to the internet gateway, the subnet is known as a:

Private subnet

What are the 4 main functions of an operating system?

Provide a user interface, manage files, manage the hardware, and host and manage applications

Based on the image below, there are 3 elastic IP Addresses: (198.51.100.1, 198.51.100.2, 198.51.100.3). Are these IP Addresses public or private?

Public

If a subnet's traffic is routed to an internet gateway, the subnet is known as a

Public Subnet

Amazon S3 is a [answer1] service.

REST

[answer1] shows up on operations like credit card transactions - a user purchases something and then claims that they didn't do it.

Repudiation Repudiation occurs when someone performs an action and claims they did not do it.

Which instance type enables EC2 or RDS service users to reserve an instance for one or three years?

Reserved Instances

Which category does this best practice fall under? "View your current limits for Amazon EC2. Plan to request any limit increases in advance of the time that you'll need them."

Resource Management

You can store data in Amazon S3 and [answer1] access so that it's only accessible from instances in your VPC.

Restrict

AWS provides a wide range of information regarding its IT control environment to customers through white papers, reports, certifications, accreditations, and other third-party attestations. More information is available in the----------- and--------------

Risk and Compliance Whitepaper.

When you launch an instance, the........ ......... ........ contains the image used to boot the instance.

Root Device Volume

The acronym [answer1] stands for: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.

STRIDE

Cloud Trail event history simplifies [answer1] analysis, resource change tracking, and troubleshooting.

Security

Select the use case that corresponds to the following diagram: - CloudTrail is set up to log user activity. - Logs are sent to a S3 bucket and optionally streamed to CloudWatch log. - Logs management and analytics solution retrieve the logs. - User activity is analyzed for malicious behavior. - Action is taken on identifies security threats.

Security Analysis

Which category does this best practice fall under? "Implement the least permissive rules for your security group."

Security and Network

Infected systems can be used by attackers to send large amounts of unsolicited mail (spam). AWS provides special controls to limit how much email an Amazon EC2 instance can send, but you are still responsible for preventing infection in the first place. Avoid SMTP open relay, which can be used to spread spam, and which might also represent a breach of the AWS Acceptable Use Policy. For more information, see the Amazon Web Services Acceptable Use Policy- http://aws.amazon.com/aup/.

Spam

Amazon Simple Storage Service is [...............] for the Internet.

Storage

Which category does this best practice fall under? "Understand the implications of the root device type for data persistence, backup, and recovery."

Storage

A mechanism to store object-specific additional information.

Subresources

Instances that use instance stores for the root device automatically have one or more instance store volumes available, with one volume serving as the root device volume.

TRue

An attacker that modified a TCP stream by predicting the sequence numbers would be [answer1] with that data flow.

Tampering Tampering occurs when attacker modifies data in transit.

You can enable your mobile and browser based applications to securely access AWS resources by requesting ------ ------ ----- that grant access to only specific AWS resources for a configurable period of time.

Temporary security credentials

Select the statement that best matches the following flow log. 2 123456789010 eni-1235b8ca123456789 172.31.9.69 172.31.9.12 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK

The following is an example of a flow log record in which RDP traffic (destination port 3389, TCP protocol) to network interface eni-abc123de in account 123456789010 was rejected:

Select the statement that best matches the following flow log. . 2 123456789010 eni-1235b8ca123456789 172.31.16.139 172.31.16.21 20641 22 6 20 4249 1418530010 1418530070 ACCEPT OK

The following is an example of a flow log record in which SSH traffic (destination port 22, TCP protocol) to network interface eni-abc123de in account 123456789010 was allowed:

Select the best description that corresponds Infrastructure-as-a-Service:

This service model provides you with the highest level of flexibility and management control over your IT resources and is most similar to existing IT resources that many IT departments and developers are familiar with today.

Select the best description that corresponds Platform-as-a-Service:

This service model removes the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allow you to focus on the deployment and management of your applications. This cloud model also helps you be more efficient as you don't need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.

A REJECT record for the response ping that the network ACL denied. 2 123456789010 eni-1235b8ca123456789 172.31.16.139 203.0.113.12 0 0 1 4 336 1432917094 1432917142 REJECT OK

True

A policy consists of one or more statements, each of which describes one set of permissions.

True

A public IP address is an address your router gets assigned by your ISP, to handle all communications to the outside world.

True

A useful tool when trying to figure out the attack vectors against a particular threat is the "threat tree". A threat tree (also known as an attack tree) allows you to measure the level of risk associated with a particular vulnerability.

True

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account.

True

AWS Billing and Cost Management is the service that you use to pay your AWS bill, monitor your usage, and budget your costs.

True

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

True

AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password.

True

AWS and Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely.

True

Amazon EC2 is hosted in multiple locations world-wide.

True

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud.

True

Amazon S3 charges you only for what you actually use, with no hidden fees and no overage charges. This gives developers a variable-cost service that can grow with their business while enjoying the cost advantages of Amazon's infrastructure.

True

Amazon S3 gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites.

True

Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web.

True

Amazon S3 is intentionally built with a minimal feature set that focuses on simplicity and robustness.

True

Amazon S3 offers a range of storage classes designed for different use cases.

True

Amazon S3 provides a REST and a SOAP interface.

True

Amazon VPC provides advanced security features, such as security groups and network access control lists, to enable inbound and outbound filtering at the instance level and subnet level.

True

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

True

Amazon Web Services (AWS) publishes many Amazon Machine Images (AMIs) that contain common software configurations for public use.

True

Amazon Web Services provides a secure global infrastructure and services in the cloud.

True

An AWS GovCloud (US) account provides access to the AWS GovCloud (US) region only.

True

An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications).

True

An important aspect of a threat is that a threat applies to an asset. If there's no asset affected, then it's not a threat.

True

Availability Zones are designed for fault isolation. They are connected to multiple Internet Service Providers (ISPs) and different power grids. They are interconnected using high speed links, so applications can rely on Local Area Network (LAN) connectivity for communication between Availability Zones within the same region.

True

Based on the diagram below, If you add your Public IP Address of your home router in the field "Your network's public IPv4 address range" which corresponds to "Allow inbound RDP access to Windows instances from IPv4 IP addresses in your network (over the Internet gateway)" rule you will be able to Remote Desktop (RDP) into the instance from your home network. (Hint: We did an exercise where you figured out your external IP Address. This is the IP address the Security Group/firewall will see.)

True

Based on the image below is subnet 1 a public subnet? (Hint: If it has a connection to the internet gateway it is public.

True

Buckets can be accessed using path-style and virtual-hosted-style URLs.

True

Buckets serve several purposes: they organize the Amazon S3 namespace at the highest level, they identify the account responsible for storage and data transfer charges, they play a role in access control, and they serve as the unit of aggregation for usage reporting.

True

Cloud providers are audited by industry-trusted 3rd party auditors to ensure they are compliant and to reduce access to the cloud provider data centers.

True

Compliance responsibilities are shared between AWS and the owner of the systems built on top of the AWS cloud infrastructure.

True

Conditions can be configured to provide an additional layer of security. For example, only allow access to this resource from a specific IP Address.

True

Each Amazon EC2 region is designed to be completely isolated from the other Amazon EC2 regions.

True

Federation allows for an enterprise directory of users to access AWS resources via Single Sign-On using protocols such as Security Assertion Markup Language 2.0 (SAML)

True

Full Trusted Advisor Benefits is only available for Business or Enterprise support plans and has additional costs.

True

IAM enables you to grant temporary security credentials to any IAM user to enable them to access your AWS services and resources.

True

Identity and Access Management (IAM) service, can be used to manage users and user permissions in a subset of AWS services.

True

Information security, sometimes shortened to InfoSec, is the practice of preventing authorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

True

Instances that use Amazon EBS for the root device automatically have an Amazon EBS volume attached.

True

It is a best practice to elevate to "SuperUser" in Linux or administrator access in Windows only when required.

True

Non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction, nor can the other party deny having sent a transaction.

True

Only the bucket owner is allowed to associate a policy with a bucket.

True

RunAs command is available in a current Windows OS and allows a standard user with privileged account credentials to elevate to an administrator user.

True

SSH stands for Secure Shell and allows an SSH client to connect to a Linux server configured with SSH.

True

Since many computers and devices can be connected to the internet through a modem at home, and there is a limited number of IPV4 addresses in the world, the modem or router will translate and route all the packets to the correct place.

True

Sources of industry-accepted system hardening standards include, but are not limited to: • Center for Internet Security (CIS) • International Organization for Standardization (ISO) • SysAdmin Audit Network Security (SANS) Institute • National Institute of Standards Technology (NIST)

True

Subnets, IP ranges, route tables, and security groups are automatically created for you so you can concentrate on creating the applications to run in your VPC.

True

The AWS Cloud provides a broad set of infrastructure services, such as computing power, storage options, networking and databases services.

True

The CIA triad of confidentiality, integrity, and availability is at the heart of information security.

True

The REST API is an HTTP interface to Amazon S3. Using REST, you use standard HTTP requests to create, fetch, and delete buckets and objects.

True

The choice of countermeasures (controls) used to manage risks must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected.

True

The default gateway is what your home devices, such as PCs, laptops, tablets and phones, will use when requesting pages and content on the web.

True

The main purpose of an operating system is to control the computer.

True

The process of switching levels of access from a lower privileged account to either the administrator or root level of access is referred to as "elevation of privileges".

True

The student is responsible for any cost incurred on his/her own AWS account.

True

There are various instance- and volume-related tasks you can do when an Amazon EBS-backed instance is in a stopped state.

True

To avoid charges while on the free tier, you must keep your usage below the free tier limits.

True

To import virtual machine (VM) images from your local environment into AWS and convert them into ready-to-use AMIs or instances, use VM Import/Export.

True

Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.

True

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

True

Virtualization is technology that lets you create useful IT services using resources that are traditionally bound to hardware.

True

When an instance is stopped, the instance performs a normal shutdown, and then transitions to a stopped state.

True

When you create a VPC, we recommend that you specify a CIDR block (of /16 or smaller) from the private IPv4 address ranges as specified in RFC 1918 (Links to an external site.): 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

True

When you create a bucket, you provide a name and the AWS Region where you want to create the bucket.

True

When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including Amazon EC2.

True

You are charged for any usage that exceeds the free tier limits.

True

You can access your bucket using the Amazon S3 console. Using the console UI, you can perform almost all bucket operations without having to write any code.

True

You can assign AWS security credentials to your IAM users by using the API, CLI, or AWS Management Console. You can rotate or revoke these credentials whenever you want.

True

You can migrate an instance from one Availability Zone to another.

True

You can monitor the accepted and rejected IP traffic going to and from your instances by creating a flow log for a VPC.

True

You can store only a certain number of objects in a bucket.

True

You can use AWS Identity and Access Management (IAM) to create users under your AWS account with their own access keys and attach IAM user policies granting appropriate resource access permissions to them.

True

You can use access keys to send authenticated requests to Amazon S3.

True

You must protect the root account and not use this account unless absolutely needed.

True

The free tier for Amazon EC2 provides you with [answer1] hours usage of any Linux combination of t2.micro and t1.micro instances.

True Also, it provides you with 750 hours usage of any Windows combination of t2.micro and t1.micro.

If you're transferring data from one computer to another, if the attacker can sniff the data on the wire, then your component is subject to an information disclosure threat.

True If an unauthorize person can read the content of a file, it is an information disclosure Threat.

Nacls are stateless firewalls.

True Network ACLs are stateless: This means any changes applied to an incoming rule will not be applied to the outgoing rule. e.g. If you allow an incoming port 80, you would also need to apply the rule for outgoing traffic.

To help you stay within the limits, you can track your free tier usage and set a billing alarm to notify you if you start incurring charges.

True You can set billing alarm as soon as your account reach $0.1.

Which hypervisor runs directly on the host's hardware to control the hardware and to manage guest operating systems.

Type 1 - Bare-metal Hypervisors

Which hypervisor runs on a conventional operating system(OS) just as other computer programs do.

Type 2 - Hosted Hypervisors

Match the Factor with the common approach: You are responsible for patch management for your AMIs and live instances.

Untrusted AMIs

Only install and run trusted software from a trusted software provider. A trusted software provider is one who is well regarded in the industry, and develops software in a secure and responsible fashion, not allowing malicious code into its software packages. Open source software can also be trusted software, and you should be able to compile your own executables. We strongly recommend that you perform careful code reviews to ensure that source code is non-malicious. Trusted software providers often sign their software using code-signing certificates or provide MD5 or SHA-1 signatures of their products so that you can verify the integrity of the software you download.

Untrusted Software

You download trusted software from trusted sources. Random sources of software on the Internet or elsewhere on the network might actually be distributing malware inside an otherwise legitimate and reputable software package. Such untrusted parties might provide MD5 or SHA-1 signatures of the derivative package with malware in it, so such signatures should not be trusted. We advise that you set up your own internal software depots of trusted software for your users to install and use. Strongly discourage users from the dangerous practice of downloading and installing software from random sources on the Internet.

Untrusted Software Depots

If a subnet doesn't have a route to the internet gateway, but has its traffic routed to a virtual private gateway for a VPN connection, the subnet is known as a .............-only subnet.

VPN

The content that you are storing.

Value

A string that Amazon S3 generates when you add an object to a bucket.

Version ID

In the image below what device does Subnet 3 go thru to reach the corporate network? (Hint: This is a gateway device.)

Virtual Private Gateway

Sabotage usually consists of the destruction of an organization′s [answer1] in an attempt to cause loss of confidence on the part of its customers.

Website

Based on the diagram below, do the web servers have a public IP Address and a Private IP Address?

Yes The 1198.51.100.1--4 are publics and the 10.0.0.5-7 are private.

Based on the image below, does the security group firewall rule allow access from all IP address?

Yes bc it allows access to all IPCV4 and all IPV6 Inbound HTTP IP Address.

[anwser1] are responsible for patch management for your AMIs and live instances.

You

[anwser1] manage your operating systems and applications security.

You

Some of the key security tools of the operating system include [answer1] which supports least privilege and elevation of privilege access.

account management

Amazon S3 is designed to make web-scale computing [...............] for developers.

easier

A Linux instance has many passwords.

false

Pricing for Amazon S3 is designed so that you have to plan for the storage requirements of your application.

false

You can not create access keys for your AWS account to access the command line interface or API.

false

IT security specialists are responsible for keeping all of the technology within the company secure from [answer1] that often attempt to acquire critical private information or gain control of the internal systems.

malicious cyber attacks

Any data on the instance store volumes persists as long as the instance is ......... , but this data is deleted when the instance is ........... (instance store-backed instances do not support the Stopaction) or if it fails (such as if an underlying drive has issues).

running, terminated

AWS uses public-key cryptography to secure the login information for your instance.

true

Services in AWS, such as Amazon EC2, require that you provide credentials when you access them, so that the service can determine whether you have permission to access its resources.

true

To connect to your Linux instance from a computer running Mac or Linux, you'll specify the .pem file to your SSH client with the -I option and the path to your private key.

true

To enable authentication to the EC2 instance, AWS provides asymmetric key pairs, known as [answer1] key pairs.

Amazon EC2

Select three options that best explain how cloud provides deep visibility into compliance and governance. - Broad security certification and accreditation - Controlling - Data encryption at rest and in-transit - Auditing - Hardware security modules and strong physical security all contribute to a more secure way to manage your business - Managing identity, configuration and usage

- Auditing - Controlling - Managing identity, configuration and usage.

Select three options that best explain why cloud environments are considered more secure than on-premise environments. - Broad security certification and accreditation - Controlling - Data encryption at rest and in-transit - Auditing - Hardware security modules and strong physical security all contribute to a more secure way to manage your business - Managing identity, configuration and usage

- Data Encryption at rest and in-transit. - Broad security certification and accreditation - Hardware security modules and strong physical security all contribute to a more secure way to manage your business.

The risk management process consists of: (Pick all that apply)

- Identification of assets and estimating their value. - Conduct a threat assessment. - Conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, procedures, standards, training, physical security, quality control, technical security. - Calculate the impact that each threat would have on each asset. Use qualitative analysis or quantitative analysis. - Identify, select and implement appropriate controls. Provide a proportional response. Consider productivity, cost-effectiveness, and value of the asset. - Evaluate the effectiveness of the control measures. Ensure the controls provide the required cost-effective protection without discernible loss of productivity.

Remote Desktop Protocol

- RDP is a protocol that allows a Linux or Windows System with RDP client to remote control a current version Windows server or Desktop.

The field of information security has grown and evolved significantly in recent years. What are the areas for specialization? Choose all that apply.

- Securing networks - Digital forensics - Security Testing - Securing applications and databases

Risk management is the process of identifying.............. and --------to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.

- Vulnerabilities and Threats

Match the vocabulary with the correct definition: Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man-made or act of nature) that has the potential to cause harm. - Risk - Vulnerability - Threat

- the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). - a weakness that could be used to endanger or cause harm to an informational asset. - anything (man-made or act of nature) that has the potential to cause harm

Amazon Elastic Compute Cloud (EC2) is a service from [answer1] that allows users to rent virtual computers on which to run their own computer applications.

Amazon Web Services

For AWS Container services, you are responsible for the ------ and -------- rules.

1- Data 2- Firewall

A hypervisor that runs one or more virtual machines is called a .........., and each virtual machine is called a .........

1- Host Machine 2- Guest Machine

Match each service to the correct responsibility. 1- With these services, you can architect and build a cloud infrastructure using technologies similar to and largely compatible with on-premises solutions. Infrastructure Services 2- Services in this category typically run on separate Amazon EC2 or other infrastructure instances, but sometimes you don't manage the operating system or the platform layer. Container Services 3- These services abstract the platform or management layer on which you can build and operate cloud applications.

1- Infrastructure Services 2- Container Services 3- Abstracted Services

Building on the AWS secure global infrastructure, you install and configure your ------ and ------- in the AWS cloud just as you would do on premises in your own data centers.

1- Operating Systems 2- Platforms

Match possible responses to a security threat or risk: 1- reduce/mitigate 2- assign/transfer 3- accept

1- implement safeguards and countermeasures to eliminate vulnerabilities or block threats. 2- place the cost of the threat onto another entity or organization such as purchasing insurance or outsourcing 3- evaluate if the cost of the countermeasure outweighs the possible cost of loss due to the threat

The main account in Windows that has full rights to the operating system and configuration files is referred to as the [answer1].

Administrator account

AWS offers shared responsibility models for which services? - Infrastructure services - Container services - Abstracted services All of the above None of the above

All of the above

Companies will often think of the best methods to meet its computing objectives. Please select the best option for a Cloud model?

A cloud-based application is fully deployed in the cloud and all parts of the application run in the cloud. Applications in the cloud have either been created in the cloud or have been migrated from an existing infrastructure to take advantage of the benefits of cloud computing. Cloud-based applications can be built on low-level infrastructure pieces or can use higher level services that provide abstraction from the management, architecting, and scaling requirements of core infrastructure.

Which statement best describes Data Virtualization?

Allows companies to treat data as a dynamic supply—providing processing capabilities that can bring together data from multiple sources, easily accommodate new data sources, and transform data according to user needs.

--------, --------, --------- specifies that AWS manages the security of the following assets: Facilities Physical security of hardware Network infrastructure Virtualization infrastructure

AmazonElasticComputeCloud(AmazonEC2)

Cloud computing has three main types that are commonly referred to as as a Service (IaaS), as a Service (PaaS), and as a Service (SaaS).

Answer 1:Infrastructure Answer 2:Platform Answer 3:Software

In the realm of information security, [answer1] can often be viewed as one of the most important parts of a successful information security program.

Availability

Which option best describes Cloud Computing benefit from massive economies of scale?

By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers are aggregated in the cloud, providers such as Amazon Web Services can achieve higher economies of scale which translates into lower pay as you go prices.

In information security, [answer1] means maintaining and assuring the accuracy and completeness of data over its entire lifecycle

Data Integrity

What are the types of virtualization?

Data Virtualization Desktop Virtualization Server Virtualization Operating System Virtualization Network Functions Virtualization

Companies will often think of the best methods to meet its computing objectives. Please select the best option for an On-Premise model?

Deploying resources on-premises, using virtualization and resource management tools, is sometimes called "private cloud". On-premises deployment does not provide many of the benefits of cloud computing but is sometimes sought for its ability to provide dedicated resources. In most cases this deployment model is the same as legacy IT infrastructure while using application management and virtualization technologies to try and increase resource utilization.

What best describes the cloud phrase: "Stop guessing capacity"

Eliminate guessing on your infrastructure capacity needs. When you make a capacity decision prior to deploying an application, you often either end up sitting on expensive idle resources or dealing with limited capacity. With cloud computing, these problems go away. You can access as much or as little as you need, and scale up and down as required with only a few minutes notice.

AWS is an acronym for Amazon Web Subscriptions.

False

Amazon Web Services (AWS) offers a broad set of global compute, storage, database, analytics, application, and deployment services that help organizations move slower, increase IT costs, and descale applications.

False

An important logical control that is frequently overlooked is the principle of least privilege, which requires that an individual, program or system process be granted more access privileges than are necessary to perform the task.

False

In Linux, the "root user account" is not the account that has full access to the OS and the configuration files.

False

Information must be protected while in motion but not while at rest.

False

Regions are designed with availability in mind and consist of at least three, often more, Availability Zones.

False

Virtualization does not allow you to use a physical machine's full capacity by distributing its capabilities among many users or environments.

False

You cannot choose to have Amazon EC2 key pairs generated by AWS.

False

The operating system of a computer can only control a physical computer.

False Can control virtual and physical computer.

How does Cloud Computing stop spending money on running and maintaining data centers?

Focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking and powering servers.

Software called ____________ separates the physical resources from the virtual environments—the things that need those resources. They can sit on top of an operating system (like on a laptop) or be installed directly onto hardware (like a server), which is how most enterprises virtualize. They can also take your physical resources and divide them up so that virtual environments can use them.

Hypervisor

What does the acronym IAM mean?

Identity and Access Management

[answer1] is the attempt to act as someone else usually to obtain that person's personal information or to take advantage of their access to vital information.

Identity theft

How does Cloud Computing increase speed and agility?

In a cloud computing environment, new IT resources are only ever a click away, which means you reduce the time it takes to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.

[answer1] consists of theft of a company′s property or information as an attempt to receive a payment in exchange for returning the information or property back to its owner, as with ransomware.

Information extortion

Using code to manage and deploy operating systems in the cloud is referred to as [answer1] as code.

Infrastructure

Windows introduced a command to elevate rights for a specific process. The windows command used to elevate permissions is [answer1].

RunAs

Secure Shell

SSH is a protocol that allows a Linux or Windows Systems to connect to a Linux server configured with SSH server

Confidentiality, possession, integrity, authenticity, availability, and utility are called the

Six atomic elements.

Viruses, worms, phishing attacks, and Trojan horses are a few common examples of [answer1].

Software Attacks

What "instance" has spare compute capacity in the AWS cloud available at up to 90% discount compared to On-Demand prices. As a trade-off, AWS offers no SLA on these instances and customers take the risk that it can be interrupted with only two minutes of notification when Amazon needs the capacity back.

Spot Instances

Select the best description that corresponds Software-as-a-Service:

This service model provides you with a completed product that is run and managed by the service provider. With this cloud offering you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you only need to think about how you will use that particular piece software.

A hypervisor or virtual machine monitor (VMM) is computer software, firmware or hardware that creates and runs virtual machines.

True

A threat will use a vulnerability to cause harm which creates a risk.

True

Cloud computing delivery as a utility can be described as on-demand, available in seconds, with pay-as-you-go pricing.

True

Cloud computing is made available over the internet with pay-as-you-go pricing.

True

EC2 encourages scalable deployment of applications by providing a web service through which a user can boot an Amazon Machine Image (AMI) to configure a virtual machine, which Amazon calls an "instance", containing any software desired.

True

For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms and you access the endpoints to store and retrieve data.

True

Information security threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion.

True

Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.

True

Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities and include doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, etc. Separating the network and workplace into functional areas are also physical controls.

True

Shared responsibility means the customer of cloud and the cloud provider, both, have a responsibility to secure the cloud environment. For example, when the customer uses Infrastructure as a Service (IaaS) the customer is responsible for ensuring the guest OS is hardened and secure.

True

When you launch a new Amazon EC2 instance from a standard AMI, you can access that instance using secure remote system access protocols, such as Secure Shell (SSH), or Windows Remote Desktop Protocol (RDP).

True

You can choose to generate your own Amazon EC2 key pairs using industry- standard tools like OpenSSL. You generate the key pair in a secure and trusted environment, and only the public key of the key pair is imported in AWS; you store the private key securely.

True

Remote Desktop Protocol is the preferred method to connect to a------- and-------- is the preferred connection to a Linux System.

Window OS SSH

Cloud computing what on-demand capabilities? (Select all that apply)

compute power database storage applications other IT resources

In Linux, the [answer1] command will allow you to elevate.

sudo