Module 13 Cloud Forensics

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

NIST document SP 500-322 defines more than 75 cloud services, including which of the following?

- Backup as a service - Security as a service - Drupal as a service

Which of the following is a mechanism the ECPA describes for the government to get electronic information from a provider?

- Court orders -Search warrents - Subpoenas with prior notice

What capabilities should a forensics tool have to acquire data from a cloud?

- examine virtual systems - Expand and contract data storage capabilites as needed for service changes. - Identify and acquire data from the cloud.

hybrid cloud

A cloud deployment model that combines public, private, or community cloud services under one cloud. Segregation of data is used to protect private cloud storage and applications.

Platform as a service (PaaS)

A cloud is a service that provides a platform in the cloud that has only an OS. The customer can use the platform to load their own applications and data. The CSP is responsible only for the OS and hardware it runs on; the customer is responsible for everything else that they have loaded on to it.

private cloud

A cloud service dedicated to a single organization.

public cloud

A cloud service that's available to the general public.

multitenancy

A principle of software architecture in which a single installation of a program runs on a server accessed by multiple entities (tenants). When software is accessed by tenants in multiple jurisdictions, conflicts in copyright and licensing laws might result.

community cloud

A shared cloud service that provides access to common or shared data.

management plane

A tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly.

provisioning

Allocating cloud resources, such as additional disk space.

cloud service agreements (CSAs)

Contracts between a cloud service provider and a cloud customer. Any additions or changes to a CSA can be made through an addendum. See also cloud service providers (CSPs).

What are the two states of encrypted data in a secure cloud?

Data in motion and data at rest

deprovisioning

Deallocating cloud resources that were assigned to a user or an organization. See also provisioning.

spoliation

Destroying, altering, hiding, or failing to preserve evidence, whether it's intentional or a result of negligence.

Commingled data isn't a concern when acquiring cloud data.

False

In which cloud service level can customers rent hardware and install whatever OSs and applications they need?

IaaS

Which of the following cloud deployment methods typically offers no security?

Public cloud

Evidence of cloud access found on a smartphone usually means which cloud service level was in use?

SaaS

What are the three levels of cloud services defined by NIST?

SaaS, PaaS, and IaaS

A CSP's incident response team typically consists of system administrators, network administrators, and legal advisors.

True

A(n) CSA or cloud service agreement is a contract between a CSP and the customer that describes what services are being provided and at what level.

True

Amazon was an early provider of Web-based services that eventually developed into the cloud concept.

True

Public cloud services such as Dropbox and OneDrive use Sophos SafeGuard and Sophos Mobile Control as their encryption applications

True

The cloud services Dropbox, Google Drive, and OneDrive have Registry entries.

True

The multitenancy nature of cloud environments means conflicts in privacy laws can occur.

True

To see Google Drive synchronization files, you need a SQL viewer.

True

Updates to the EU Data Protection Rules will affect how data is moved during an investigation regardless of location.

True

cloud service providers (CSPs)

Vendors that provide on-demand network access to a shared pool of resources (typically remote data storage or Web applications).

When should a temporary restraining order be requested for cloud environments?

When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case

Infrastructure as a service (IaaS)

With this cloud service level, an organization supplies its own OS, applications, databases, and operations staff, and the cloud provider is responsible only for selling or leasing the hardware.

Software as a service (SaaS)

With this cloud service level, typically a Web hosting service provides applications for subscribers to use.

Cloud Service Providers have incident response teams that consist of all of the following, EXCEPT:

backup operators

All of the following pose challenges to cloud computing, EXCEPT:

cloud uptime

All of the following are considered cloud service levels, EXCEPT:

computer as a service

Which of the following contain metadata on the last date and time an application was run and how many times it has run since being installed?

prefetch files

All of the following are mechanisms that are used to collect digital evidence under the U.S. Electronic Communications Privacy Act (ECPA), EXCEPT:

subpoenas without prior notice to the subscriber or customer


Ensembles d'études connexes

Events Leading to the American Revolution

View Set

Ch 44 (neuromuscular/musculoskeletal disorder), 49 (genetic alterations), 2 (family centered care),

View Set

Med-Surg Ch 46: Care of Patients with Cognitive Function Disorders

View Set