Cloud Computing
A privilege escalation threat is caused due to which of the following weaknesses? A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed. Weak authentication and authorization controls could lead to illegal access thereby compromising confidential and critical data stored in the cloud. Due to isolation failure, cloud customers can gain illegal access to the data. Due to flaws while provisioning or de-provisioning networks or vulnerabilities in communication encryption.
A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed.
Detective security controls detect and react appropriately to the incidents that happen on the cloud system. Which of the following is an example of detective security controls? Implementing strong authentication mechanism Restoring system backups Employing IDSs and IPSs Identifying warning sign on the fence
Employing IDSs and IPSs
Which of the following types of cloud computing services provides virtual machines and other abstracted hardware and operating systems (OSs) which may be controlled through a service API? IaaS PaaS SaaS XaaS
IaaS
You are a security engineer for a cloud-based startup, XYZ Partners LLC, and they would like you to choose the best platform to run their environment from. The company stores sensitive PII and must be SOC 2 compliant. They would like to run their Windows server VMs and directory services from the cloud. Which of the following services and deployment models would meet the company's requirements? IaaS and Private PaaS and Public SaaS and Hybrid XaaS and Community
IaaS and Private
The components such as DLP, CMF, database activity monitoring, and encryption are included in which of the following cloud security control layers? Applications Layer Management Layer Information Layer Computer and Storage
Information Layer
In which of the following cloud computing threats does an attacker try to control operations of other cloud customers to gain illegal access to the data? Privilege Escalation Illegal Access to the cloud Isolation Failure Supply Chain Failure
Isolation Failure
Which of the following mechanisms should be incorporated into the cloud services to facilitate networks and resources to improve the response time of a job with maximum throughput? Load balancing Encryption mechanism Lockout mechanism Two-factor authentication
Load balancing
The components such as NIDS/NIPS, firewalls, DPI, Anti-DDoS, QoS, DNSSEC, and OAuth are included in which of the following cloud security control layers? Applications Layer Management Layer Network Layer Computer and Storage
Network Layer
In which of the following cloud security control layers do the security controls DNSSEC, OAuth operates? Management layer Information layer Network layer Computation and Storage layer
Network layer
Which of the following is not a legitimate cloud computing attack? Port Scanning Denial-Of- Service (DoS) Privilege Escalation Man-In- The-Middle (MiTM)
Port Scanning
Which of the following categories of security controls strengthens the system against incidents by minimizing or eliminating vulnerabilities? Deterrent Controls Preventive Controls Detective Controls Corrective Controls
Preventive Controls
Which of the following types of cloud platforms is most secure? Private Hybrid Public Internal
Private
Which of the following is NOT a best practice for cloud security? Verify one's cloud in public domain blacklists Undergo AICPA SAS 70 Type II audits Provide unauthorized server access using security checkpoints Disclose applicable logs and data to customers
Provide unauthorized server access using security checkpoints
In which of the following cloud deployment models does the provider make services such as applications, servers, and data storage available to the public over the Internet? Public Cloud Private Cloud Community Cloud Hybrid Cloud
Public Cloud
Identify the services provided by the application layer of the cloud security control model? DLP, CMF, Database Activity Monitoring, Encryption Hardware and software RoT and API's Physical Plant Security, CCTV, Guards SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec
SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec
Which of the following protocols is used for secure information passage between two endpoints? SSL TCP UDP FTP
SSL
You are a security engineer for XYZ Corp. You are looking for a cloud-based e-mail provider to migrate the company's legacy on-premise e-mail system to. What type of cloud service model will the new e-mail system be running on? SaaS IaaS PaaS XaaS
SaaS
Which of the following three service models are the standard cloud service models? SaaS, PaaS, and IaaS XaaS, Private, and Public SaaS, IaaS, and Hybrid Private, Public, and Community
SaaS, PaaS, and IaaS
Out of the following types of virtualizations, which type of virtualization is used in increasing space utilization and reducing the hardware maintenance cost? Storage Virtualization Network Virtualization Server Virtualization Resource Virtualization
Server Virtualization
In which of the following attacks does an attacker steal a CSP's or client's credentials by methods such as phishing, pharming, social engineering, and exploitation of software vulnerabilities? Service Hijacking Using Social Engineering Attacks Wrapping Attack DNS Attack Side Channel Attack
Service Hijacking Using Social Engineering Attacks
Which of the following is not a type of DNS attack? Domain Snipping Session Hijacking Domain Hijacking Cybersquatting
Session Hijacking
In which of the following attacks does an attacker ride an active computer session by sending an email or tricking the user into visiting a malicious web page while they are logged into the targeted site? Session Hijacking Using Session Riding Wrapping Attack DNS Attack Side Channel Attack
Session Hijacking Using Session Riding
An attacker runs a virtual machine on the same physical host as the victim's virtual machine and takes advantage of shared physical resources (processor cache) to steal data (cryptographic key) from the victim. Which of the following attacks he is performing? XSS Attack MITC Attack Side Channel Attack Cryptanalysis Attack
Side Channel Attack
Which of the following is not a characteristic of virtualization in cloud computing technology? Partitioning Storage Isolation Encapsulation
Storage
An attacker creates anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attack. Which of the following threats is he posing to the cloud platform? Insecure Interface and APIs Data Breach/Loss Abuse and nefarious use of cloud services Insufficient due diligence
Abuse and nefarious use of cloud services
Which of the following NIST cloud reference architecture factors manages cloud services in terms of use, performance, and delivery, and who also maintains a relationship between cloud providers and consumers? Cloud Consumer Cloud Provider Cloud Broker Cloud Carrier
Cloud Broker
You are a security engineer for XYZ Inc. Your company is based on a private cloud infrastructure and discovers a potential breach through a vulnerability that was not properly patched. XYZ Inc. wants to perform a root cause analysis and discover if any data was exfiltrated and if so, what type of information did it contain? How would XYZ Inc. find out this information? Cloud Forensics Data Analysis Vulnerability Scanning Penetration Testing
Cloud Forensics
Which of the following categories of security controls minimizes the consequences of an incident by limiting the damage? Deterrent Controls Preventive Controls Detective Controls Corrective Controls
Corrective Controls
Out of the following, which is not a type of side-channel attack? Timing Attack Data Remanence Out of the following, which is not a type of side-channel attack? Timing Attack Data Remanence Cybersquatting Acoustic Cryptanalysis Acoustic Cryptanalysis
Cybersquatting
In which of the following attacks, does an attacker divert a user to a spoofed website by poisoning the DNS server or the DNS cache on the user's system? Cybersquatting Domain Hijacking Domain Snipping DNS Poisoning
DNS Poisoning