CEH#18 - Oriyano - Cloud Technologies and Security
18. At which layer of the OSI model would you expect a cloud based solution to operate at? a. layer 1 b. layer 2 c. layer 3 d. layer 4
c, d. Since one of the goals of a cloud based solution is to abstract the hardware from the client, Layer 3 and above would likely be the only layers that the user would interact with.
1. SaaS is a cloud hosting environment that offers what? a. development options b. testing options c. software hosting d. improved security
c. SaaS, or software as a service, is an environment used to host software services offsite and possibly license just what a copmany needs and only for as long as they need it.
14. An application would be developed on what type of cloud service? a. BaaS b. SaaS c. IaaS d. PaaS
d. platform as a service is ideally suited for development and deployment of custom applications.
7. A cloud environment can be in which of the following configurations except? a. IaaS b. PaaS c. SaaS d. LaaS
d. there is no officially recognized environment referred to as LaaS.
2. Which of the following can be used to protect data stored in the cloud? a. ssl b. drive encryption c. transport encryption d. harvesting
b. drive encryption or its equivalent would be useful in protecting data stored in the cloud.
16. HTTPS is typically open on which port in a cloud based firewall? a. 25 b. 443 c. 80 d. 110
b. even though it would be a cloud based solution, the same ports would be used for common services and endpoints.
19. What type of firewall analyzes the status of trafic and would be part of a IaaS solution? a. circuit level b. packet filtering c. stateful inspection d. NIDS
c. a firewall with stateful inspection analyzes the status of trafic.
20. What can be used instead of a URL to evade some firewalls used to protect a cloud based web application? a. ip address b. encryption c. stateful inspection d. NIDS
a. an ip address can be used instead of a URL to evade some firewalls. Much like standard web applications, ones based in the cloud could still be exploited in the same way.
13. A cloud-based firewall is used to separate which of the following? a. networks b. hosts c. permissions d. ACL
a. cloud-based firewalls are used to separate networks with different security ratings.
10. Why wouldn't someone create a private cloud? a. to reduce costs b. to offload technical support c. to increase availability d. to maintain universal access
a. you would not create a private cloud to reduce costs as most likely it would increase costs due to the need to acquire and maintain expensive hardware and software.
3. SOAP is used to perform what function? a. transport data b. enable communication between applications c. encrypt information d. wrap data
b. soap is used to enable protocol-indepeendent communication between applications.
11. There are how many different types of cloud hosting environments? a. two b. three c. four d. five
b. three forms of cloud-hosting environments are currently recognized: SaaS, PaaS, and IaaS.
9. Who has legal responsbility for data hosted in the cloud? a. the cloud ervice provided b. the IT department of the client c. the client d. the consumer
c. The client who pays the cloud service provider to host their data still has legal responsibility for its safety.
17. What system is used as a choke point for traffic and could be offered through IaaS? a. IDS b. DMZ c. Bastion host d. SNMP host
c. a bastion host is used as a choke point
4. Which attack alters data in trasnit within the cloud? a. packet sniffing b. port scanning c. MitM d. Encryption
c. man-in-the-middle attacks are effective at altering data in trasnit between applications and the cloud.
5. Altering a checksum of a packet can be used to do what? a. send an RST b. send a URG c. reset a connection d. evade an NIDS
d. if an NIDS is employed within a cloud environment, attacks such as altering checksums of a packet can be used to avoid detection.
6. Cloud technologies are used to accomplish which of teh following? a. increase management options b. offload operations onto a third party c. transfer legal responsibility of data to a third party d. cut costs
a, b, d. Cloud technologies can be used for amny reasons, but legal responsibility cannot ever be transferred to a third party.
15. Which of the following issues would be a good reason for moving to a cloud based environment? a. reduced costs b. improved performance c. easier forensics d. increased redundancy
a, b, d. Forensics would not be easier in the cloud; in fact, it may be harder if not impossible to perform.
12. Which of the following would be hosted as SaaS? a. email b. active directory c. applications d. firewalls
a. Email would be a prime example of SaaS as would hosting office suites and other types of software.
8. What type of cloud service would provide email hosting and associated security services? a. PaaS b. SaaS c. IaaS d. SSaS
b. SaaS is the platform type that hosts email servic es as well as security services in most cases.