Fundamentals of Cloud Security
True or False? The key to Cortex XDR is blocking core exploit and malware techniques, not individual attacks.
True.
Which three options partially comprise the six elements of SecOps? (Choose three.) A. People B. Networking C. Data storage D. Technology E. Processes
A. People D. Technology E. Processes
Which SecOp function requires processing large amounts of information, and typically is automated? A. Identify B. Investigate C. Mitigate D. Improve
A. Identify
Which step of the CI/CD pipeline cannot be automated? A. Coding B. Integration C. Testing D. Monitoring
A. Coding
Which NIST cloud service model requires the customer to keep the operating system up to date? A. IaaS B. PaaS C. FaaS D. SaaS
A. IaaS
Which three options partially comprise the six elements of SecOps? (Choose three.) A. Visibility B. Disaster recovery C. Business D. Interfaces E. Regular audits
A. Visibility C. Business D. Interfaces
Which two advantages does endpoint protection technology have over network traffic analysis? (Choose two.) A. ability to identify most common attacks by their symptoms B. deployed and managed centrally C. easier to deploy endpoint protection when people work from home D. detects command and control channels E. can easily identify worms
A. ability to identify most common attacks by their symptoms C. easier to deploy endpoint protection when people work from home
What are the two meanings of the CI/CD pipeline? (Choose two.) A. continuous integration/continuous delivery B. continuous implementation/continuous delivery C. continuous integration/continuous deployment D. continuous implementation/continuous deployment
A. continuous integration/continuous delivery C. continuous integration/continuous deployment
An analysis tool raised an alert, but the security analyst who researched it discovered it wasn't a problem. Which type of finding is this? A. false positive B. true positive C. false negative D. true negative
A. false positive
Which option is a type 2 hypervisor? A. hosted B. native C. bare-metal D. imported
A. hosted
What is the term for traffic between a web site and a remote user's browser? A. north-south B. east-west C. unknown D. cloud
A. north-south
Which type of traffic can be secured by a physical appliance? A. north-south B. east-west C. unknown D. cloud
A. north-south
In which cloud computing service model does a provider's applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure? A. platform as a service (PaaS) B. infrastructure as a service (IaaS) C. software as a service (SaaS) D. public cloud
A. platform as a service (PaaS)
Who is responsible for the software of a sanctioned SaaS application? A. provider B. IT department C. line of business that uses it D. users
A. provider
Which NIST cloud deployment model would you recommend for a startup that does not have much money to pay for hosting or a data center and needs a 24x7 server? A. public B. private C. community D. hybrid
A. public
Which three attributes are advantages of serverless computing, when compared with CaaS? (Choose three.) A. reduced costs B. increased control over the workload C. increased ability to monitor and identify problems D. increased agility E. reduced operational overhead
A. reduced costs D. increased agility E. reduced operational overhead
Which cloud use model restricts your choice of a runtime environment to the environments supported by the cloud provider? A. serverless B. on-demand containers C. containers as a service (CaaS) D. standard docker containers
A. serverless
What is the advantage of automated responses over manual responses? A. speed B. accuracy C. flexibility D. user friendliness
A. speed
Which action is part of the identity security pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory
A. user and entity behavior analytics (UEBA)
Ten containers running on five virtual machines are spread between two type 1 hypervisors. How many OS instances are you running? A. 2 B. 5 C. 7 D. 17
B. 5
Which cloud provider calls its IaaS service Elastic Computing Service (ECS)? A. Alibaba B. AWS C. Azure D. GCP
B. AWS
Who is responsible for the security settings of a sanctioned SaaS application? A. provider B. IT department C. line of business that uses it D. users
B. IT department
Which three operating systems are supported by Cortex XDR? (select three) A. z/OS B. Linux C. macOS D. Minix E. Android
B. Linux C. macOS E. Android
Which action is part of the network security pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory
B. Microservice-aware micro-segmentation
Which environment allows you to install an appliance that sees all traffic? A. LAN when people work from home B. Non-virtualized data center C. virtualized data center D. VPC network
B. Non-virtualized data center
Which NIST cloud service model limits your choice of runtime environments in which an application can be written? A. IaaS B. PaaS C. FaaS D. SaaS
B. PaaS
What are the two advantages of SASE? (Choose two.) A. a single physical point of ingress into the organization B. a single logical point of ingress into the organization C. a single physical point of egress out of the organization D. a single logical point of egress from the organization
B. a single logical point of ingress into the organization D. a single logical point of egress from the organization
Two companies use Gmail for their email (SaaS). Which two components may be transparently shared between them? (Choose two.) A. address book B. application code C. messages D. message database E. user identities
B. application code D. message database
1. What does the first phase of implementing security in virtualized data centers consist of? A. consolidating servers across trust levels B. consolidating servers within trust levels C. selectively virtualizing network security functions D. implementing a dynamic computing fabric
B. consolidating servers within trust levels
Which cloud use model allows you to use containers without having to manage the underlying hardware and virtualization layers, but still lets you access the underlying virtualization if needed? A. serverless B. containers as a service (CaaS) C. standard docker containers D. VM-integrated containers
B. containers as a service (CaaS)
What is the term for traffic between a web site and a local database that stores information for it? A. north-south B. east-west C. unknown D. cloud
B. east-west
Which type of traffic can stay contained in a single physical server? A. north-south B. east-west C. unknown D. trusted
B. east-west
An analysis tool's machine learning identified, correctly, that the network is infected by a worm. What type of finding is this? A. false positive B. true positive C. false negative D. true negative
B. true positive
Ten containers running on five virtual machines are spread between two type 2 hypervisors. How many OS instances are you running? A. 2 B. 5 C. 7 D. 17
C. 7
What is the relationship between SIEM and SOAR? A. SIEM products implement the SOAR business process. B. SIEM and SOAR are different names for the same product category. C. SIEM systems collect information to identify issues that SOAR products help mitigate. D. SOAR systems collect information to identify issues that SIEM products help mitigate.
C. SIEM systems collect information to identify issues that SOAR products help mitigate.
Which step of the CI/CD pipeline is the ideal place for automated penetration testing? A. Coding B. Integration C. Testing D. Deployment
C. Testing
What is the order in which the endpoint checks if a new program is safe? A. behavioral threat protection, then local analysis, then WildFire query B. local analysis, then behavioral threat protection, then WildFire query C. WildFire query, then local analysis, then behavioral threat protection D. local analysis, then WildFire query, then behavioral threat protection
C. WildFire query, then local analysis, then behavioral threat protection
Which systems must you secure to ensure compliance with security standards? A. the servers in the data center B. the devices owned by the enterprise, whether they are servers in the data center, cloud vms you manage, or user endpoint devices C. any system where the data for which you are responsible goes D. every device that is either owned by the enterprise, or used by enterprise employees
C. any system where the data for which you are responsible goes
Intra-VM traffic is also known as which type of traffic? A. north-south B. unknown C. east-west D. untrusted
C. east-west
Which action is part of the compute security pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory
C. integration with the CI/CD workflow
What stage of an attack is typically east-west traffic? A. reconnaissance B. weaponization C. lateral spread D. actions on the objective
C. lateral spread
Of the endpoint checks, what is bypassed for known programs? A. WildFire query B. behavioral threat protection C. local analysis D. Firewall analysis
C. local analysis
Which two types of services does SASE provide? (Choose two.) A. Storage B. security C. networking D. compute
C. networking
What does Cortex XSOAR use to automate security processes? A. bash scripts B. Windows PowerShell C. playbooks D. Python scripts
C. playbooks
Which cloud service model lets you install a firewall to protect your information? A. SaaS B. PaaS C. FaaS D. IaaS
D. IaaS
You are responsible for the security of the application, the runtime, and the VM operating system. Which cloud deployment model are you using? A. SaaS B. FaaS C. PaaS D. IaaS
D. IaaS
GDPR compliance is required to do business in which area? A. United States of America B. Canada C. China D. European Union
D. European Union
What is the meaning of a SaaS application that is advertised as being HIPPA compliant? A. Regardless of how you configure the application for your enterprise, you will be HIPPA compliant. B. If your administrator configures the security settings on the application correctly, you will be HIPPA compliant. C. If your administrator and your users use the application correctly, you will be HIPPA compliant. D. If your administrator and your users use the application correctly, the application will not cause you to not be HIPPA compliant.
D. If your administrator and your users use the application correctly, the application will not cause you to not be HIPPA compliant.
Which SecOp function is proactive? A. Identify B. Investigate C. Mitigate D. Improve
D. Improve
How would a port filter firewall classify access to the URL https://example.com:22/this/page? A. HTTP B. HTTPS C. Telnet D. SSH
D. SSH
Which NIST cloud service model does not require the customer organization to do any programming? A. IaaS B. PaaS C. FaaS D. SaaS
D. SaaS
What does SASE stand for? A. Service Access SEcurity B. Semi-Accessible Sensitive Environment C. Secrets Accessible in a Secure Environment D. Secure Access Service Edge
D. Secure Access Service Edge
What does SOAR stand for? A. Security Operations Automation for Reaction B. Secure Operations And Research C. Security Operations, Analysis, and Research D. Security Orchestration, Automation, and Response
D. Security Orchestration, Automation, and Response
Which cloud use model runs just one container per virtual machine? A. serverless B. containers as a service (CaaS) C. standard docker containers D. VM-integrated containers
D. VM-integrated containers
Which action is part of the compute cloud governance and compliance pillar? A. user and entity behavior analytics (UEBA) B. Microservice-aware micro-segmentation C. integration with the CI/CD workflow D. automated asset inventory
D. automated asset inventory
Which continuous processes replaces manual checks with automated code testing and deployment? A. integration B. development C. delivery D. deployment
D. deployment
Which of the following security issues can cause a long patched vulnerability to resurface? A. VM sprawl B. intra-vm communications C. hypervisor vulnerabilities D. dormant virtual machines
D. dormant virtual machines
A news company can serve all requests from their data center 95% of the time. However, some days there is a huge demand for news updates. Which NIST deployment model is recommended for the company? A. public B. private C. community D. hybrid
D. hybrid
Which component may be shared with other cloud tenants even when using IaaS? A. application B. runtime C. virtual machine (guest) D. physical machine (host)
D. physical machine (host)
True or False? Prisma SaaS is used to protect sanctioned SaaS use, as part of an integrated security solution that includes next-generation firewalls to prevent unsanctioned SaaS use. Prisma SaaS communicates directly with the SaaS applications themselves and therefore does not need to be deployed inline and does not require any software agents, proxies, additional hardware, or network configuration changes.
False
True or False? Prisma SaaS protects data in hosted files and application entries.
True
Which type of hypervisor is hosted and runs within an operating system environment? Type 1 Type 2 Type 3 Type 4
Type 2
Which DevOps CI/CD pipeline feature requires developers to integrate code into a repository several times per day for automated testing? continuous delivery continuous deployment continuous identity continuous integration
continuous integration
Which cloud security compliance requirement uses granular policy definitions to govern access to SaaS applications and resources in the public cloud and to apply network segmentation? access governance compliance auditing configuration governance real-time discovery
access governance
Which cloud native security platform function remediates vulnerabilities and misconfigurations consistently across the entire build-deploy-run lifecycle? automation integration visibility continuity
automation
Which SASE security-as-a-service layer capability provides visibility into SaaS application use, understands where sensitive data resides, enforces company policies for user access, and protects data from hackers? secure web gateway (SWG) data loss prevention (DLP) firewall as a service (FWaaS) cloud access security broker (CASB)
cloud access security broker (CASB)
Which Prisma SaaS feature connects directly to the applications themselves and provides continuous silent monitoring of the risks within sanctioned SaaS applications, with detailed luminosity that is not possible with traditional security solutions? granular data visibility large scale data control data exposure visibility contextual data exposure
data exposure visibility
Which security consideration is associated with inadvertently missed anti-malware and security patch updates to virtual machines? hypervisor vulnerabilities VM sprawl dormant VMs intra-VM communications
dormant VMs
Which phased approach of hybrid cloud security requires networking and security solutions that not only can be virtualized but also are virtualization-aware and can dynamically adjust as necessary to address communication and protection requirements, respectively? consolidation servers within trust levels dynamic computing fabric consolidation servers across trust levels selective network security virtualization
dynamic computing fabric
Which value can be achieved by the ability to pool resources in cloud computing? resource aggregation economies of scale and agility application consolidation elasticity
economies of scale and agility
In which cloud service model are customers responsible for securing their virtual machines and the virtual machine operating systems, and for operating system runtime environments, application software, and application data? platform as a service (PaaS) identity as a service (IaaS) software as a service (SaaS) infrastructure as a service (IaaS)
infrastructure as a service (IaaS)
Which cloud solution is hosted in-house and usually is supported by a third party? distributed workforce cloud infrastructure on-premises infrastructure as a service
on-premises
Which security technology is designed to help organizations embrace the concepts of cloud and mobility by providing network and network security services from a common cloud-delivered architecture? cloud native secure access service edge (SASE) platform as a service distributed cloud
secure access service edge (SASE)
Which cloud security best practice is deployed to ensure that every person who views or works with your data has access only to what is absolutely necessary? set appropriate privileges keep cloud software updated build security policies and best practices into cloud images review default settings
set appropriate privileges
Which type of algorithm does Prisma SaaS use to sort sensitive documents into top-level categories for document classification and categorization? dynamic programming supervised machine learning artificial intelligence recursive
supervised machine learning
Which software development concept that also has been applied more generally to IT says that additional future costs for rework are anticipated due to an earlier decision or course of action that was necessary for agility but was not necessarily the most optimal or appropriate decision or course of action? role-based access control technical debt software lifecycle runtime environment
technical debt
Which sanctioned SaaS use control prevents known and unknown malware from residing in sanctioned SaaS applications, regardless of source? threat prevention data visibility control risk prevention data exposure control
threat prevention