CHAPTER 6 - CLOUD SECURITY

Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service? a. PaaS b. SaaS c. FaaS d. IaaS

SaaS

Under the shared responsibility model, which component always remains the responsibility of the customer, regardless of the cloud service model used? A. Application B. Hardware C. Datacenter D. Data

Data

Under the shared responsibility model, in which tier of cloud computing is the customer responsible for securing the operating system? A. IaaS B. PaaS C. SaaS D. All of the above

A. Under the shared responsibility model, the customer only bears responsibility for operating system security in IaaS environments. In all other environments, the service provider is responsible for securing the operating system.

Kevin is using a service where a cloud provider offers a platform that executes his code in response to discrete events. He is billed based on the actual resources consumed during each code execution event. What term best describes this service? A. PaaS B. SaaS C. FaaS D. IaaS

FaaS

In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use? A. IaaS only B. SaaS only C. IaaS and PaaS D. IaaS, SaaS, and PaaS

IaaS and PaaS

Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers? A. Public Cloud B. Private Cloud C. Community Cloud D. Hybrid Cloud

Hybrid Cloud

Which one of the following is a characteristic of DevOps approaches to technology? A. Isolating operations teams from development teams B. Requiring clear hand-offs between development and production C. Increasing the frequency of application releases D. Eliminating the need for developers to understand business requirements

Increasing the frequency of application releases

Which one of the following statements about inline CASB is incorrect? A. Inline CASB solutions often use software agents on endpoints. B. Inline CASB solutions intercept requests from users to cloud providers. C. Inline CASB solutions can monitor activity but cannot actively enforce policy. D. Inline CASB solutions may require network reconfiguration.

Inline CASB solutions can monitor activity but cannot actively enforce policy.

In which cloud computing service model does the customer share responsibility with the cloud provider for datacenter security? A. IaaS B. SaaS C. PaaS D. None of the above

None of the above.

Which one of the following conditions is not likely to trigger an alert during an automated cloud security assessment? A. Presence of an API key in a public repository B. Unrestricted API keys C. Transmission of an API key over unsecured channels D. Sharing of API keys among different developers

Sharing of API keys among different developers

Which one of the following is not an example of infrastructure as code? A. Defining infrastructure in JSON B. Writing code to interact with a cloud provider's API C. Using a cloud provider's web interface to provision resources D. Defining infrastructure in YAML

Using a cloud provider's web interface to provision resources

Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs? A. Inline CASB B. Outsider CASB C. Comprehensive CASB D. API-based CASB

API Based CASB

What type of credential is commonly used to restrict access to an API? A. Encryption key B. API key C. Password D. Biometrics

API Keys

Which one of the following would not commonly be available as an IaaS service offering? A. CRM B. Storage C. Networking D. Computing

CRM

Which one of the following statements about cloud computing is incorrect? A. Cloud computing offers ubiquitous, convenient access. B. Cloud computing customers store data on hardware that is shared with other customers. C. Cloud computing customers provision resources through the service provider's sales team. D. Cloud computing resources are accessed over a network

Cloud computing customers provision resources through the service provider's sales team.

A coalition of universities banded together and created a cloud computing environment that is open to all member institutions. The services provided are basic IaaS components. What term best describes this cloud model? A. Public cloud B. Private cloud C. Community cloud D. Hybrid cloud

Community Cloud

Which one of the following services is not an example of FaaS computing? A. Lambda B. DeepLens C. Google Cloud Functions D. Azure Functions`

DeepLens

Gina gained access to a client's AWS account during a penetration test. She would like to determine what level of access she has to the account. Which one of the following tools would best meet her need? A. ScoutSuite B. Inspector C. Prowler D. Pacu

Pacu

Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this? A.Public cloud B. Private cloud C. Hybrid cloud D. Community cloud

Public Cloud

Amanda would like to run a security configuration scan of her Microsoft Azure cloud environment. Which one of the following tools would be most appropriate for her needs? A.Inspector B.ScoutSuite C.Prowler D.Pacu

ScoutSuite