Cloud Computing

Ace your homework & exams now with Quizwiz!

A privilege escalation threat is caused due to which of the following weaknesses? A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed. Weak authentication and authorization controls could lead to illegal access thereby compromising confidential and critical data stored in the cloud. Due to isolation failure, cloud customers can gain illegal access to the data. Due to flaws while provisioning or de-provisioning networks or vulnerabilities in communication encryption.

A mistake in the access allocation system causes a customer, third party, or employee to get more access rights than needed.

Detective security controls detect and react appropriately to the incidents that happen on the cloud system. Which of the following is an example of detective security controls? Implementing strong authentication mechanism Restoring system backups Employing IDSs and IPSs Identifying warning sign on the fence

Employing IDSs and IPSs

Which of the following types of cloud computing services provides virtual machines and other abstracted hardware and operating systems (OSs) which may be controlled through a service API? IaaS PaaS SaaS XaaS

IaaS

You are a security engineer for a cloud-based startup, XYZ Partners LLC, and they would like you to choose the best platform to run their environment from. The company stores sensitive PII and must be SOC 2 compliant. They would like to run their Windows server VMs and directory services from the cloud. Which of the following services and deployment models would meet the company's requirements? IaaS and Private PaaS and Public SaaS and Hybrid XaaS and Community

IaaS and Private

The components such as DLP, CMF, database activity monitoring, and encryption are included in which of the following cloud security control layers? Applications Layer Management Layer Information Layer Computer and Storage

Information Layer

In which of the following cloud computing threats does an attacker try to control operations of other cloud customers to gain illegal access to the data? Privilege Escalation Illegal Access to the cloud Isolation Failure Supply Chain Failure

Isolation Failure

Which of the following mechanisms should be incorporated into the cloud services to facilitate networks and resources to improve the response time of a job with maximum throughput? Load balancing Encryption mechanism Lockout mechanism Two-factor authentication

Load balancing

The components such as NIDS/NIPS, firewalls, DPI, Anti-DDoS, QoS, DNSSEC, and OAuth are included in which of the following cloud security control layers? Applications Layer Management Layer Network Layer Computer and Storage

Network Layer

In which of the following cloud security control layers do the security controls DNSSEC, OAuth operates? Management layer Information layer Network layer Computation and Storage layer

Network layer

Which of the following is not a legitimate cloud computing attack? Port Scanning Denial-Of- Service (DoS) Privilege Escalation Man-In- The-Middle (MiTM)

Port Scanning

Which of the following categories of security controls strengthens the system against incidents by minimizing or eliminating vulnerabilities? Deterrent Controls Preventive Controls Detective Controls Corrective Controls

Preventive Controls

Which of the following types of cloud platforms is most secure? Private Hybrid Public Internal

Private

Which of the following is NOT a best practice for cloud security? Verify one's cloud in public domain blacklists Undergo AICPA SAS 70 Type II audits Provide unauthorized server access using security checkpoints Disclose applicable logs and data to customers

Provide unauthorized server access using security checkpoints

In which of the following cloud deployment models does the provider make services such as applications, servers, and data storage available to the public over the Internet? Public Cloud Private Cloud Community Cloud Hybrid Cloud

Public Cloud

Identify the services provided by the application layer of the cloud security control model? DLP, CMF, Database Activity Monitoring, Encryption Hardware and software RoT and API's Physical Plant Security, CCTV, Guards SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec

SDLC, Binary Analysis, Scanners, Web App Firewalls, Transactional Sec

Which of the following protocols is used for secure information passage between two endpoints? SSL TCP UDP FTP

SSL

You are a security engineer for XYZ Corp. You are looking for a cloud-based e-mail provider to migrate the company's legacy on-premise e-mail system to. What type of cloud service model will the new e-mail system be running on? SaaS IaaS PaaS XaaS

SaaS

Which of the following three service models are the standard cloud service models? SaaS, PaaS, and IaaS XaaS, Private, and Public SaaS, IaaS, and Hybrid Private, Public, and Community

SaaS, PaaS, and IaaS

Out of the following types of virtualizations, which type of virtualization is used in increasing space utilization and reducing the hardware maintenance cost? Storage Virtualization Network Virtualization Server Virtualization Resource Virtualization

Server Virtualization

In which of the following attacks does an attacker steal a CSP's or client's credentials by methods such as phishing, pharming, social engineering, and exploitation of software vulnerabilities? Service Hijacking Using Social Engineering Attacks Wrapping Attack DNS Attack Side Channel Attack

Service Hijacking Using Social Engineering Attacks

Which of the following is not a type of DNS attack? Domain Snipping Session Hijacking Domain Hijacking Cybersquatting

Session Hijacking

In which of the following attacks does an attacker ride an active computer session by sending an email or tricking the user into visiting a malicious web page while they are logged into the targeted site? Session Hijacking Using Session Riding Wrapping Attack DNS Attack Side Channel Attack

Session Hijacking Using Session Riding

An attacker runs a virtual machine on the same physical host as the victim's virtual machine and takes advantage of shared physical resources (processor cache) to steal data (cryptographic key) from the victim. Which of the following attacks he is performing? XSS Attack MITC Attack Side Channel Attack Cryptanalysis Attack

Side Channel Attack

Which of the following is not a characteristic of virtualization in cloud computing technology? Partitioning Storage Isolation Encapsulation

Storage

An attacker creates anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attack. Which of the following threats is he posing to the cloud platform? Insecure Interface and APIs Data Breach/Loss Abuse and nefarious use of cloud services Insufficient due diligence

Abuse and nefarious use of cloud services

Which of the following NIST cloud reference architecture factors manages cloud services in terms of use, performance, and delivery, and who also maintains a relationship between cloud providers and consumers? Cloud Consumer Cloud Provider Cloud Broker Cloud Carrier

Cloud Broker

You are a security engineer for XYZ Inc. Your company is based on a private cloud infrastructure and discovers a potential breach through a vulnerability that was not properly patched. XYZ Inc. wants to perform a root cause analysis and discover if any data was exfiltrated and if so, what type of information did it contain? How would XYZ Inc. find out this information? Cloud Forensics Data Analysis Vulnerability Scanning Penetration Testing

Cloud Forensics

Which of the following categories of security controls minimizes the consequences of an incident by limiting the damage? Deterrent Controls Preventive Controls Detective Controls Corrective Controls

Corrective Controls

Out of the following, which is not a type of side-channel attack? Timing Attack Data Remanence Out of the following, which is not a type of side-channel attack? Timing Attack Data Remanence Cybersquatting Acoustic Cryptanalysis Acoustic Cryptanalysis

Cybersquatting

In which of the following attacks, does an attacker divert a user to a spoofed website by poisoning the DNS server or the DNS cache on the user's system? Cybersquatting Domain Hijacking Domain Snipping DNS Poisoning

DNS Poisoning


Related study sets

Chapter 16 - Basic First Aid and Emergency Care

View Set

participant recruitment and sampling

View Set

Chapter 1.6: Physical and Chemical Properties

View Set

CFP Investment Planning M8 Portfolio Management Theory, Portfolio Development, Asset Allocation

View Set

Chapter 1-4 Anatomy and Physiology

View Set

Evolution Chapters 1-3 exam study guide

View Set

Things Fall Apart- Part 1 Quotes

View Set