CHAPTER 6 - CLOUD SECURITY
Helen designed a new payroll system that she offers to her customers. She hosts the payroll system in AWS and her customers access it through the web. What tier of cloud computing best describes Helen's service? a. PaaS b. SaaS c. FaaS d. IaaS
SaaS
Under the shared responsibility model, which component always remains the responsibility of the customer, regardless of the cloud service model used? A. Application B. Hardware C. Datacenter D. Data
Data
Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers? A. Public Cloud B. Private Cloud C. Community Cloud D. Hybrid Cloud
Hybrid Cloud
In which cloud computing service model does the customer share responsibility with the cloud provider for datacenter security? A. IaaS B. SaaS C. PaaS D. None of the above
None of the above.
Which one of the following conditions is not likely to trigger an alert during an automated cloud security assessment? A. Presence of an API key in a public repository B. Unrestricted API keys C. Transmission of an API key over unsecured channels D. Sharing of API keys among different developers
Sharing of API keys among different developers
Which one of the following is not an example of infrastructure as code? A. Defining infrastructure in JSON B. Writing code to interact with a cloud provider's API C. Using a cloud provider's web interface to provision resources D. Defining infrastructure in YAML
Using a cloud provider's web interface to provision resources
Brian is selecting a CASB for his organization and he would like to use an approach that interacts with the cloud provider directly. Which CASB approach is most appropriate for his needs? A. Inline CASB B. Outsider CASB C. Comprehensive CASB D. API-based CASB
API Based CASB
What type of credential is commonly used to restrict access to an API? A. Encryption key B. API key C. Password D. Biometrics
API Keys
Which one of the following would not commonly be available as an IaaS service offering? A. CRM B. Storage C. Networking D. Computing
CRM
Which one of the following statements about cloud computing is incorrect? A. Cloud computing offers ubiquitous, convenient access. B. Cloud computing customers store data on hardware that is shared with other customers. C. Cloud computing customers provision resources through the service provider's sales team. D. Cloud computing resources are accessed over a network
Cloud computing customers provision resources through the service provider's sales team.
A coalition of universities banded together and created a cloud computing environment that is open to all member institutions. The services provided are basic IaaS components. What term best describes this cloud model? A. Public cloud B. Private cloud C. Community cloud D. Hybrid cloud
Community Cloud
Which one of the following services is not an example of FaaS computing? A. Lambda B. DeepLens C. Google Cloud Functions D. Azure Functions`
DeepLens
Gina gained access to a client's AWS account during a penetration test. She would like to determine what level of access she has to the account. Which one of the following tools would best meet her need? A. ScoutSuite B. Inspector C. Prowler D. Pacu
Pacu
Tony purchases virtual machines from Microsoft Azure and uses them exclusively for use by his organization. What model of cloud computing is this? A.Public cloud B. Private cloud C. Hybrid cloud D. Community cloud
Public Cloud
Amanda would like to run a security configuration scan of her Microsoft Azure cloud environment. Which one of the following tools would be most appropriate for her needs? A.Inspector B.ScoutSuite C.Prowler D.Pacu
ScoutSuite
Under the shared responsibility model, in which tier of cloud computing is the customer responsible for securing the operating system? A. IaaS B. PaaS C. SaaS D. All of the above
A. Under the shared responsibility model, the customer only bears responsibility for operating system security in IaaS environments. In all other environments, the service provider is responsible for securing the operating system.
Kevin is using a service where a cloud provider offers a platform that executes his code in response to discrete events. He is billed based on the actual resources consumed during each code execution event. What term best describes this service? A. PaaS B. SaaS C. FaaS D. IaaS
FaaS
In which of the following cloud categories are customers typically charged based on the number of virtual server instances dedicated to their use? A. IaaS only B. SaaS only C. IaaS and PaaS D. IaaS, SaaS, and PaaS
IaaS and PaaS
Which one of the following is a characteristic of DevOps approaches to technology? A. Isolating operations teams from development teams B. Requiring clear hand-offs between development and production C. Increasing the frequency of application releases D. Eliminating the need for developers to understand business requirements
Increasing the frequency of application releases
Which one of the following statements about inline CASB is incorrect? A. Inline CASB solutions often use software agents on endpoints. B. Inline CASB solutions intercept requests from users to cloud providers. C. Inline CASB solutions can monitor activity but cannot actively enforce policy. D. Inline CASB solutions may require network reconfiguration.
Inline CASB solutions can monitor activity but cannot actively enforce policy.
