Module 06 Securing Cloud Resources
Which protocol provides the best encryption for data in transit over a Wi-Fi network?
AES AES (Advanced Encryption Standard) is a modern and secure encryption standard used to secure WPA2 and WPA3 Wi-Fi communications.
Which device would be best to provide traffic shaping services on your network?
ADC In addition to load balancing services, an ADC (application delivery controller) can incorporate traffic shaping and monitoring techniques.
Which security appliance can be used to secure an LMS (learning management system) application with some components deployed in a public cloud platform and some components deployed on-prem?
CASB A CASB (cloud access security broker) increases transparency on the network, both on-prem and in the cloud, and provides a central dashboard for managing security across the cloud and on-prem environments.
How should you decide which security configurations to apply in a cloud deployment?
Check CSP best practices. Security can and should be applied at multiple layers, and each CSP has different best practice recommendations for which layers provide the best security in their platform.
Suppose you are running an application secured by client-side encryption and you receive an error stating CLUSTER_NOT_FOUND. Which of the following problems is most likely the source of the issue?
Connection misconfiguration The most likely cause of an unreachable cluster is a connection misconfiguration, such as providing the wrong cluster ID or attempting to connect to a cluster that has been deleted.
Which type of scan provides the most in-depth view of system misconfigurations?
Credentialed scan A credentialed scan gives scanning tools actual credentials for sensitive accounts to determine, from a trusted user's perspective, the sophistication and security of other kinds of configurations in a system.
Which security tool can you use to find security vulnerabilities in forgotten EC2 instances?
EDR EDR (endpoint detection and response) solutions detect and monitor endpoints in the cloud to increase visibility of attack surfaces from forgotten or outdated instances.
What security technique can you use to control traffic to a web server separately from traffic control for the website database?
Micro-segmentation Micro-segmentation techniques allow for more granular control of security for traffic and workflows.
Which of the following security rules would allow an incoming Echo Reply on a stateful firewall?
Outbound rule: ICMP Allow to 0.0.0.0/0 A stateful firewall will allow inbound traffic in response to allowed outbound traffic. The outbound rule ICMP Allow from 0.0.0.0/0 allows outbound ICMP traffic; therefore, an Echo Reply in response to this traffic will also be allowed.
Your credentialed scan revealed a known vulnerability in a recently updated application that is widely used across the company. Where can you get information on your company's policies for how to reconfigure the application to close the vulnerability?
Risk register A risk register is a project management tool that can be used to document cybersecurity risks, background information on these risks, mitigation strategies specific to each risk, plans for responding should a vulnerability be attacked, and team members with responsibilities related to each risk.
