Chapter 1 - Architectural Concepts and Design Requirements
Which of the following concepts pertains to the ability to verify that proper controls and policies are in place on a system or application? A. Auditability B. Governance C. Regulation D. Elasticity
A. Auditing is a process of testing and verifying the security controls and configurations in place on a system or application and then comparing them to the requirements from regulations or configuration baselines that define what they should be. How easy or difficult this type of testing and verification on a system is to complete is the auditability of that system.
When a user accesses a system, what process determines the roles and privileges that user is granted within the application? A. Authorization B. Authentication C. Provisioning D. Privilege
A. Authorization is the process by which a user is granted roles and access to an application, after successfully completing the authentication process. It is typically based on group and role memberships.
Which of the following concepts, pertaining to cloud computing, allows the cloud customer to provision services with minimal assistance or involvement from the cloud provider? A. On-demand self-service B. Auto-scaling C. Elasticity D. Customer self-provisioning
A. Cloud services can be requested, provisioned, and put into use by the customer through automated means, without the need to interact with support personnel of the cloud provider. This is typically offered to the cloud customer through a web portal, but can also be exposed through API calls or other programmatic means. As services are changed, billing is adjusted based on the changing nature of the currently allocated resources.
Your IT security director has asked you to evaluate a cloud provider to determine whether its security practices match with current organizational policy in regard to data sanitation processes. Compared to your traditional data center, which of the following options is unlikely to be available with a cloud provider? A. Degaussing B. Cryptographic erasure C. Overwriting D. Zeroing
A. Degaussing is the process of physically altering or removing the magnetic nature of storage hardware, and as such would not be available within a cloud environment. This is due to resource pooling and multitenancy, as well as the dynamic nature of a cloud, where data can be moved and stored in different places constantly.
Data is modified from its original form by an application or user. Which phase of the cloud secure data lifecycle would this action be classified under? A. Use B. Share C. Archive D. Modify
A. During the "use" phase of the cloud secure data lifecycle, the data is consumed and possibly modified from its original form by an application, either via programmatic means or by the direct actions of a user of the application.
Within a cloud environment, which network location would be the LEAST effective for a cloud customer to expect the implementation of security controls? A. Border perimeter B. DMZ C. Between VLANs D. Between the data and application zones
A. In a traditional data center, the border perimeter of the network is a common place for security devices and controls to be implemented, to stop traffic of certain types or from certain origins from even getting to the IT systems hosted within it. However, in a cloud environment, especially with multitenancy, the ability to place anything at a network perimeter will likely be completely impossible, and even if it is possible, it will be extremely limited.
Which concept pertains to cloud customers paying only for the resources they use and consume, and only for the duration they are using them? A. Measured service B. Auto-scaling C. Portability D. Elasticity
A. Measured service refers to cloud customers paying only for the resources they consume, and only for the time they are consuming them. This would typically refer to the building blocks of cloud computing: CPU, memory, storage, and possibly network. This differs from a traditional data center, where an organization would need to have all resources available at all times.
Which of the following aspects of cloud computing makes data in transit (DIT) between internal servers more of a risk than in a traditional data center? A. Multitenancy B. Portability C. Interoperability D. Broad network access
A. Multitenancy, within a cloud environment, means having different customers, systems, and applications, all within the same physical systems and networks. Even with the use of secure communications and encryption, this poses an additional risk above a traditional data center because any compromise or malicious intent from one system could impact the other systems. Threats such as eavesdropping and internal attacks are a major concern with cloud computing and multitenancy.
Which of the following is a security consideration of a Type 2 hypervisor that is NOT a security concern of a Type 1 hypervisor? A. Operating system B. Firewall C. VLAN D. Access controls
A. Rather than interacting directly with the underlying hardware as a Type 1 hypervisor does, a Type 2 hypervisor runs on top of an operating system. This creates an additional layer of security considerations because the security of the host operating system will also impact the hypervisor software, and the hypervisor is susceptible to any security vulnerabilities or threats to the operating system. With a Type 1 hypervisor, there is no additional layer, and security can be tightly controlled by the vendor.
Your new contract with a customer requires the certification of cryptographic modules used within your systems and applications. Which certification framework would be the MOST appropriate to utilize to comply with the contractual requirements? A. FIPS 140-2 B. NIST SP 800-53 C. SOC 2 D. ISO/IEC 27001
A. The Federal Information Processing Standard (FIPS) 140-2 publication, authored by the National Institutes of Standards and Technology (NIST) of the United States, is a process by which cryptographic modules are evaluated and certified. It applies to both the hardware and software components used during cryptographic processes, and it's based on the particular needs for confidentiality and integrity of the data being protected. It is composed of four levels, with increasing intensities of security controls and implementations of them.
Which security certification serves as a general framework that can be applied to any type of system or application? A. ISO/IEC 27001 B. PCI DSS C. FIPS 140-2 D. NIST SP 800-53
A. The ISO/IEC 27001 standard, and its most current iteration ISO/IEC 27001:2013, serves as a general security framework for any type of system or application, regardless of its purpose and specific type of data. It is widely considered the "gold standard" for international security certification, even if it is does not specifically pertain to cloud computing.
Which of the following auditing or reporting types pertains ONLY to financial statements and reporting? A. SOC 1 B. NIST SP 800-53 C. SOC 2 D. FIPS 140-2
A. The Service Organization Control (SOC) Type 1 reports focus on the controls in place at an organization and pertain to financial reporting and the types of information useful with a financial audit. SOC 1 focuses on the management structure of the organization, the target customer base, and the regulations that an audit would be guided by and subjected to.
Which of the following threat types is mostly likely to occur as a result of an organization moving from a traditional data center to a cloud environment? A. Insufficient due diligence B. Data breach C. Insecure APIs D. System vulnerabilities
A. When an organization is considering moving its systems and applications from a traditional data center model to a cloud environment, it must evaluate a lot of variables and factors to determine if the move to a cloud system is appropriate or feasible. Without proper and thorough evaluation of its systems, designs, and controls, an organization may unintentionally expose itself to more security risk and vulnerabilities by moving to a cloud environment.
In a cloud environment, many different users and organizations have access to the same resources, and the cloud provider has systems staff who have access to storage systems where virtual machine images are housed. Which of the following, based on that information, is necessary to protect and isolate data to only those authorized? A. Encryption B. Sandboxing C. VLANs D. Reversibility
A. With resource pooling and multitenancy, as well as the support staff of the cloud provider having privileged access throughout the entire environment, encryption is of particular importance to protect data. With the keys under the control of the cloud customer, even if a system is compromised, the data will be protected, which would also apply to virtual images that could be accessed via storage systems.
Which cloud service category brings with it the most expensive startup costs, but also the lowest costs for ongoing support and maintenance staff? A. IaaS B. SaaS C. PaaS D. DaaS
B. A Software as a Service (SaaS) solution will typically have the highest startup and licensing costs, as the customer is buying a fully developed, integrated, secured, and production-ready software application. This means that the upfront costs are directly financial (and not as staff intensive as the others), but over its lifetime an SaaS solution will have the lowest costs in support staff and maintenance because the cloud provider will be responsible for those activities.
Which cloud service category is MOST likely to use a client-side key management system? A. IaaS B. SaaS C. PaaS D. DaaS
B. A client-side key management system is one where the software for the key management system is supplied by the cloud provider but hosted and run from a location chosen by the cloud customer. This is most common with SaaS implementations, as the cloud provider would need to supply the software to ensure compatibility with the application.
Which of the following would NOT be a reason a customer could be "locked in" to a particular cloud provider? A. Software versions B. Developers C. Application environments D. Regulations
B. A customer can become "locked in" to a particular cloud provider for a variety of reasons, but the developers who are responsible for their code and applications would not be such a reason. Applications are designed to work within specific frameworks or technologies, not with specific hosting providers.
For optimal security, where should the authorization process of user access and permissions be performed? A. Account provisioning B. Throughout use of the application C. Immediately after authentication D. As part of the change management process
B. Although initial authorization decisions are made when a user authenticates to an application, optimally they should be reevaluated as the user accesses different functions or data within the application. This will prevent attacks where users may find ways to elevate privileges after authentication, and it also catches cases where a user's access may have changed since he initially authenticated.
Which concept is focused on ensuring that users are given the appropriate rights to data and functions within an application? A. Authentication B. Authorization C. Privilege D. Provisioning
B. Authorization, performed after successful authentication, is the process by which appropriate roles and permissions are granted to the user or service account. This is based on the attributes of the account holders, such as group membership, employment status, location, or any other type of variable, and then is matched against roles for access.
Which of the following cloud concepts encapsulates the security concerns related to bring your own device (BYOD) that a cloud security professional must always be cognizant of? A. Portability B. Broad network access C. On-demand self-service D. Interoperability
B. Broad network access is a key concept of cloud computing, where services and applications are accessible across the public Internet and through a variety of clients and devices. This particularly applies to BYOD situations and the large number of clients and configurations that may interact with cloud services and data.
Which of the following methods of attack, used in a SaaS environment, poses the biggest threat to the exposure of data across different customers? A. DDoS B. XSS C. JSON D. XSLT
B. Cross-site scripting (XSS) poses a big risk with any environment, but especially within a SaaS implementation, where it is very likely that data from multiple customers is housed and accessible within the same software application.
Which of the following data sanitation methods would be the MOST effective if you needed to securely remove data as quickly as possible in a cloud environment? A. Zeroing B. Cryptographic erasure C. Overwriting D. Degaussing
B. Cryptographic erasure works by destroying the keys that were used to encrypt the data. Although it does not delete the data in a traditional sense, with the keys destroyed, the data is unreadable and unrecoverable, thus giving the same effect. Because the focus is on the destruction of keys, it is also something that can be done very quickly and with minimal effort, whereas deleting large volumes of data and then verifying it has been deleted can be a very time-consuming process.
Although encryption can help an organization to effectively decrease the possibility of data breaches, which other type of threat can it increase the chances of? A. Insecure interfaces B. Data loss C. System vulnerabilities D. Account hijacking
B. Data loss occurs when an organization either loses data or loses access to it. This is different from a data breach, where it is exposed to unauthorized parties. Although the use of encryption will serve as a strong mitigation against data breaches, the reliance on keys, and access to them, increases the possibility of data loss. If the keys were to be lost or destroyed, the organization would lose access to the data.
Which concept of cloud computing pertains to the ability to reuse components and services of an application for other purposes? A. Portability B. Interoperability C. Resource pooling D. Elasticity
B. Interoperability is the ease with which one can move or reuse components of an application or service. The main concept is to not have such dependencies on the underlying operating system, hosting environment, libraries, or APIs that lock in a service to one particular set of hosts or solutions. Services with a high degree of interoperability can easily move between cloud providers, hosting configurations, and cloud service categories, and give enormous flexibility to an organization. This allows different services to leverage applications and APIs for different purposes, along with the modularization of components for reuse.
Which of the following threats against a system is the MOST difficult to mitigate when the cloud service category is removed as part of the consideration? A. Insufficient due diligence B. Malicious insiders C. Account hijacking D. Data loss
B. Malicious insiders are typically individuals who have valid access and authorization to a system, application, or data, and then use that valid access for reasons outside the intended purpose. It is especially difficult to mitigate against malicious insiders because they have valid credentials and authorization for what they are accessing, and are using it for inappropriate purposes.
Which role, on behalf of the cloud customer, is responsible for the testing of cloud services? A. Cloud service user B. Cloud service administrator C. Cloud service business manager D. Cloud service integrator
B. One of the key tasks of the cloud service administrator is to test cloud services, but also to monitor services, administer security of services, provide usage reports, and address problem reports.
Which cloud service category offers the most customization options and control to the cloud customer? A. PaaS B. IaaS C. SaaS D. DaaS
B. The Infrastructure as a Service (IaaS) category allows for the most customization and control by the cloud customer; the cloud provider merely provides the virtualized environment to deploy virtual machines and virtual network devices within, but then leaves it to the cloud customer to deploy and configure those specific items.
If you are bidding on contracts with the US federal government, which security framework will you need to be knowledgeable of or familiar with? A. PCI DSS B. NIST SP 800-53 C. SOC 2 D. ISO/IEC 27001
B. The NIST SP 800-53 publication governs the requirements for the security of US government systems, with the exception of national security systems. Anyone bidding on such contracts will need to be very familiar with its requirements because they are very specific in how hardware configurations must be done and will be crucial for any contract proposal.
Which of the following roles works to obtain new customers and secure contracts? A. Cloud service manager B. Cloud service broker C. Cloud service deployment manager D. Cloud service business manager
B. The cloud service broker obtains new customers, analyzes the marketplace, and secures contracts and agreements for cloud services.
Which of the following aspects of cloud computing is a more prominent feature of PaaS versus IaaS? A. Availability B. Auto-scaling C. Portability D. Broad network access
B. With PaaS offering a full platform and framework, and just needing application code and data to function, auto-scaling is a prominent feature of the service category, and it's typically the service category being discussed with the topic.
Which type of cloud service category would having a vendor-neutral encryption scheme for data at rest (DAR) be the MOST important? A. Public B. Hybrid C. Private D. Community
B. With the hybrid cloud category, a vendor-neutral solution for encryption would be the most important because the application and data would span more than one cloud provider. There is little chance of success or scalability with the utilization of an encryption scheme from one cloud provider, and it wouldn't likely port or work well with another. By using a vendor-neutral solution, a cloud customer can maintain maximum flexibility going forward with a hybrid cloud solution.
Which of the following descriptions of a Type 1 Hypervisor is MOST correct? A. It runs on as an application on top of an operating system to host virtual machines. B. It runs on a separate management server and interacts with a virtualization appliance. C. It runs directly on top of the hardware and serves as the sole layer between the hardware and virtual machines. D. It runs directly on top of the hardware and runs an additional software layer to host virtual machines.
C. A Type 1 hypervisor runs directly on top of the underlying hardware and is tightly tied to it, with both hardware and software from the same vendor.
Which of the following types of software is a Type 2 hypervisor dependent on that a Type 1 hypervisor isn't? A. VPN B. Firewall C. Operating system D. IDS
C. A Type 2 hypervisor runs on top of a host operating system as a software application, and then the virtual machines are deployed within it. With a Type 1 hypervisor, the software is tied directly to the underlying hardware and does not rely on a host operating system to function.
What is the main drawback to having a remote key management service in production use, versus a local one? A. The cloud provider will have full control over the keys. B. The software may be insecure. C. Availability is crucial. D. Incompatibility issues.
C. A remote key service is one that is hosted apart and away from the applications and systems. This gives an organization much greater control over its keys and key practices, and also allows a great degree of portability. However, having the keys kept apart from the hosting provider and applications also means that availability is crucial. If the key system were to become unavailable or unreachable, the systems and applications that rely on these keys would effectively be down as far as the users are concerned because they would be unable to function.
Which of the following types of threats is often made possible via social engineering tactics? A. Data loss B. System vulnerabilities C. Advanced persistent threats D. Insufficient due diligence
C. Advanced persistent threats occur when an attacker is able to gain access to a system and reside there for a long period of time without being detected. This is usually done to snoop on traffic or collect information over time. Often it is accomplished through social engineering tactics to gain access to valid and real accounts so that access can be performed without detection.
Which concept of cloud computing pertains to the ability for a cloud customer and users to access their services through a variety of different devices and locations? A. Interoperability B. Open source C. Broad network access D. Single sign-on
C. Broad network access pertains to the availability of cloud resources from virtually any network location, and through any type of device. This can be from corporate networks or from the public Internet on virtually any type of connection. In regard to devices, while many cloud services are accessed via web browsers and mobile applications, it is possible to use any type of thick or thin desktop client that is appropriate as well.
Most modern web-based applications, especially those hosted within a cloud environment, rely heavily on web services and consumable resources. Which of the following is the most widely used security protocol to protect these types of technologies? A. IPSec B. VPN C. HTTPS D. SSH
C. The Hypertext Transfer Protocol Secure (HTTPS) is the most commonly used protocol for securing communications and applications within a cloud environment, especially as most are webbased systems. HTTPS extends the traditional HTTP protocol used for web communications by adding security protocols and encryption.
The NIST Cloud Technology Roadmap contains a component focused on the minimum requirements to meet satisfactory contractual obligations between the cloud provider and cloud customer. Which of the following encapsulates this concept? A. Accountability B. Governance C. SLA D. Auditing
C. The service level agreement (SLA) forms the basis for evaluating control compliance between the cloud customer and cloud provider. It documents and articulates specific requirements for availability, processes, customer service, support, security controls, auditing, reporting, and any other area deemed important by company policy or regulation from the cloud customer.
Your company is focused on software development, and your main focus is keeping the costs of development as low as possible to maximize profit. Which cloud service category would be the most appropriate to use for this goal? A. Infrastructure B. Software C. Platform D. Desktop
C. With the Platform as a Service (PaaS) service category, a development company can focus exclusively on software development and deployment, rather than having to maintain, install, or configure hosting systems. It also would enable a development team to quickly try out different hosting platforms or cloud providers to find what works best for their applications.
Which of the following aspects of an application is MOST likely to be a component of measured service with all SaaS implementations? A. CPU B. Storage C. Number of users D. Memory
C. Within a Software as a Service (SaaS) implementation, cloud customers are acquiring and paying for services that are explicitly tied to the use of a fully operational application package that is completely designed, maintained, and implemented by the cloud provider. Billing is often measured based on the number of users or the number of transactions the organization does with the application, rather than traditional computing resources associated with other service categories.
Which of the following concepts would MOST likely apply specifically to a private cloud deployment model? A. Portability B. Reversibility C. Ownership D. Resource pooling
C. Within the private cloud service category, in many circumstance the cloud will be owned by the organization, or done via a contract, where a level of ownership is maintained over hardware, systems, or processes that would not be available with other cloud service categories.
Which of the following is NOT part of the determination of the account provisioning process? A. Regulations B. Contracts C. Organizational policies D. Privacy notices
D. Privacy notices are publicly posted, on a website typically, and disclose to the users of the site how their information is collected and used. They are not part of the account provisioning process at all and would have no bearing on it.
Your company has undertaken a full study of moving services to a cloud environment, but due to budget constraints, the project has been delayed. You now have received budget money and a demand that the cloud services be set up as soon as possible. Which cloud service category would be your best option under the circumstances? A. Private B. Community C. Hybrid D. Public
D. Public cloud services are the quickest and easiest to set up and begin using. Most public cloud systems will be totally automated from a self-service portal, with only the need for a credit card to establish an account and begin allocating resources.
In a traditional data center, resources are owned, controlled, and maintained by a single entity for their exclusive use for services and systems. Within a cloud environment, this infrastructure is shared among many different customers. What is this concept called? A. Co-location B. Elasticity C. System sharing D. Resource pooling
D. Resource pooling is largely what separates a traditional data center from a cloud in regard to computing resources. In a traditional data center, resources are allocated to specific systems or applications, and for the most part are not shared. Within a cloud, the entire hardware infrastructure is viewed as an aggregate and then allocated accordingly to the various cloud customers and applications hosted within it. This is typically a massive pool of resources that not only can handle the typical operational load of the hosted applications, but also allow for expansion through auto-elasticity or cyclical loads of some applications.
Which of the following technologies has been deprecated and deemed unsafe to use for secure communications and data? A. TLS B. AES C. DNS D. SSL
D. Secure sockets layer (SSL) version 3.0 was deprecated in June 2015 by RFC 7568 because it was considered insecure, and admins were instructed to move systems to TLS.
Which of the following is NOT considered a building block technology for cloud computing? A. CPU B. Memory C. Storage D. Servers
D. Servers are not a key building block technology of a cloud environment, because the focus is on computing resources, not the number of actual servers being used.
Which group developed, maintains, and controls the PCI DSS standards and controls? A. NIST B. ISO/IEC C. EU D. Credit card companies
D. The PCI DSS standards were developed and are enforced by the major credit card companies and pertain to the systems that interact with their networks and process transactions on their behalf.
Which of the following is NOT considered an effective method of mitigation for the systems vulnerability threat? A. Patching B. Monitoring C. Scanning D. Virtualization
D. Virtualization would not be a method or effective tool for the mitigation of system vulnerabilities. When running, a virtual machine is subjected to the same security concerns and vulnerabilities as a physical server and operating system would be. Additionally, because the virtual machine is merely an image residing in storage, there are extra vulnerabilities in regard to securing the image, and the reality is that an image can be attacked or compromised even when not running.
