Ch. 14 - Cloud Computing and Internet of Things
A. Delivers everything a developer needs to build an application on the cloud infrastructure.
Which of the following best describes the Platform as a Service (PaaS) cloud computing service model? A. Delivers everything a developer needs to build an application on the cloud infrastructure. B. Delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. C. Stores and provides data from a centralized location, omitting the need for local collection and storage. D. Delivers software applications to the client either over the Internet or on a local area network.
B. IaaS
You are employed by a small start-up company. The company is in a small office and has several remote employees. You must find a business service that will accommodate the current size of the company and scale up as the company grows. The service needs to provide adequate storage as well as additional computing power. Which of the following cloud service models should you use? A. PaaS B. IaaS C. SaaS D. DaaS
C. beSTORM
During a penetration test, Omar found unpredicted responses from an application. Which of the following tools was he most likely using while assessing the network? A. Censys B. Zniffer C. beSTORM D. Shodan
D. Need to bring costs down and growing demand for storage.
Google Cloud, Amazon Web Services, and Microsoft Azure are some of the most widely used cloud storage solutions for enterprises. Which of the following factors prompts companies to take advantage of cloud storage? A. Need for a platform as a service for developing applications. B. Need for a software as a service to manage enterprise applications. C. Need for a storage provider to manage access control. D. Need to bring costs down and growing demand for storage.
A. Ransomware attack
Which of the following attacks utilizes encryption to deny a user access to a device? A. Ransomware attack B. DoS C. HVAC attack D. DDoS attack
A. BLE
Which of the following is a short-range wireless personal area network that supports low-power, long-use IoT needs? A. BLE B. IoE C. Li-Fi D. Wi-Fi
B. Malicious insiders
Strict supply chain management, comprehensive supplier assessment, HR resource requirements, transparent information security and management, compliance reporting, and a security breach notification process are defenses against which of the following cloud computing threats? A. Data breach or loss B. Malicious insiders C. Multi-tenancy D. Denial-of-service
D. Computation and storage
Which of the following cloud security controls includes backups, space availability, and continuity of services? A. Administrative tasks B. Protecting information C. Trusted computing D. Computation and storage
C. IoT architecture
Which of the following has five layers of structure that include Edge technology, Access gateway, Internet, Middleware, and Application? A. IoT systems B. IoT structure C. IoT architecture D. IoT application areas and devices
C. Integrity RTOS and snappy
YuJin drove his smart car to the beach to fly his drone in search of ocean animal activity. Which of the following operation systems are most likely being used by his car and drone? A. Contiki and integrity RTOS B. RIOT OS and brillo C. Integrity RTOS and snappy D. ARM mbed OS and snappy
C. Natural disasters
A company has implemented the following defenses: The data center is located in safe geographical area. Backups are in different locations. Mitigation measures are in place. A disaster recovery plan is in place. Which of the following cloud computing threats has the customer implemented countermeasures against? A. Malicious insiders B. Data breach or loss C. Natural disasters D. Denial-of-service
D. Devices, gateway, data storage, and remote control
What are the four primary systems of IoT technology? A. Devices, data storage, remote control, and internet B. Devices, sensors, apps, and internet C. Devices, gateway, sensors, and apps D. Devices, gateway, data storage, and remote control
C. SaaS
Which of the following cloud computing service models delivers software applications to a client either over the Internet or on a local area network? A. DaaS B. IaaS C. SaaS D. PaaS
D. OWASP
Which of the following is a nonprofit organization that provides tools and resources for web app security and is made up of software developers, engineers, and freelancers? A. HaLow B. beSTORM C. KillerBee D. OWASP
C. Find and fix software flaws continuously, use strong passwords, and use encryption.
Which of the following is the best defense against cloud account and service traffic hijacking? A. Use design and runtime protection for data, cloud data encryption, and strong key generation. B. Research risks, perform CSP due diligence, and use capable resources. C. Find and fix software flaws continuously, use strong passwords, and use encryption. D. Use physical security programs and have pre-installed standby hardware devices.
A. Information gathering, vulnerability scanning, launch attack, gain remote access, maintain access
Which of the following is the correct order for a hacker to launch an attack? A. Information gathering, vulnerability scanning, launch attack, gain remote access, maintain access B. Vulnerability scanning, information gathering, gain remote access, launch attack, maintain access C. Gain remote access, maintain access, vulnerability scanning, information gathering, launch attack D. Launch attack, information gathering, vulnerability scanning, gain remote access, maintain access
B. Rapid elasticity
A company has subscribed to a cloud service that offers cloud applications and storage space. Through acquisition, the number of company employees quickly doubled. The cloud service vendor was able to add cloud services for these additional employees without requiring hardware changes. Which of the following cloud concepts does this represent? A. Resource pooling B. Rapid elasticity C. Measured service D. On-demand service
A. Device-to-device
Anabel purchased a smart speaker. She connected it to all the smart devices in her home. Which of the following communication models is she using? A. Device-to-device B. Device-to-gateway C. Back-end data-sharing D. Device-to-cloud
D. Service hijacking through network sniffing.
If an attacker's intent is to discover and then use sensitive data like passwords, session cookies, and other security configurations such as UDDI, SOAP, and WSDL, which of the following cloud computing attacks is he using? A. Service hijacking through social engineering. B. Session hijacking through session riding. C. Session hijacking through XSS attack. D. Service hijacking through network sniffing.
C. Default, weak, and hardcoded credentials
Joelle, an app developer, created an app using two-factor authentication (2FA) and requires strong user passwords. Which of the following IoT security challenges is she trying to overcome? A. Difficulty updating firmware and OS B. Lack of security and privacy C. Default, weak, and hardcoded credentials D. Cleartext protocols and open ports
C. The hacker uses phishing scams by making a domain name that is almost the same as the cloud service provider.
Which of the following best describes a cybersquatting cloud computing attack? A. The hacker discovers and uses sensitive data like passwords, session cookies, and other security configurations. B. The hacker sends the user to a fake website by poisoning the DNS server or cache on the user's system. C. The hacker uses phishing scams by making a domain name that is almost the same as the cloud service provider. D. The hacker runs a virtual machine on the physical host of a user's virtual machine in order to share physical resources.
A. An end-to-end performance and load testing tool that can simulate up to 1 million users and makes realistic load tests easier.
You are using BlazeMeter to test cloud security. Which of the following best describes BlazeMeter? A. An end-to-end performance and load testing tool that can simulate up to 1 million users and makes realistic load tests easier. B. An end-to-end security solution that assesses continually and is able to see all of your assets, no matter where they reside. C. A vulnerability scanner that can be used to detect viruses, malware, backdoors, and web services linking to malicious content. D. A load-testing tool for web and mobile applications that checks performance while the application is under a lot of traffic.
D. The provider is responsible for all the security.
You are using software as a service (SaaS) in your office. Who is responsible for the security of the data stored in the cloud? A. The provider and the customer split responsibility. B. The customer is responsible for all the security. C. The provider and the customer have no responsibility. D. The provider is responsible for all the security.