CNT4422 FINAL

Ace your homework & exams now with Quizwiz!

When you create a VPC, you must specify an IPv4 CIDR block for the VPC. The allowed block size is between a _______ netmask (65,536 IP addresses) and _________ netmask (16 IP addresses).

/16 , /28

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; Please select the correct CIDR Block notation required for creating a VPC.

10.0.0.0/16

Companies will often think of the best methods to meet its computing objectives. Please select the best option for a Cloud model?

A cloud-based application is fully deployed in the cloud and all parts of the application run in the cloud. Applications in the cloud have either been created in the cloud or have been migrated from an existing infrastructure to take advantage of the benefits of cloud computing. Cloud-based applications can be built on low-level infrastructure pieces or can use higher level services that provide abstraction from the management, architecting, and scaling requirements of core infrastructure.

Companies will often think of the best methods to meet its computing objectives. Please select the best option for a Hybrid-Cloud model?

A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud. The most common method of hybrid deployment is between the cloud and existing on-premises infrastructure to extend, and grow, an organization's infrastructure into the cloud while connecting cloud resources to internal system.

Math the command line interface with its correct description.

AWS Command Line Interface (CLI) - Provides commands for a broad set of AWS products, and is supported on Windows, Mac, and Linux. AWS Tools for Windows - Provides commands for a broad set of AWS products for those who script in the PowerShell environment.

You can control access to the objects you store in Amazon S3.

Access Control Information

Some of the key security tools of the operating system include [answer1] which supports least privilege and elevation of privilege access.

Account Management

The main account in Windows that has full rights to the operating system and configuration files is referred to as the [answer1].

Administrator account

AWS offers shared responsibility models for which services?

All of the above Abstracted services You Answered Container services Infrastructure services

Which statement best describes Desktop Virtualizaton?

Allows you to deploy multiple operating systems on a single machine—desktop virtualization allows a central administrator (or automated administration tool) to deploy simulated desktop environments to hundreds of physical machines at once.

To enable authentication to the EC2 instance, AWS provides asymmetric key pairs, known as [answer1] key pairs.

Amazon EC2

The acronym AMI stands for

Amazon Machine Image

Amazon Elastic Compute Cloud (EC2) is a service from [answer1] that allows users to rent virtual computers on which to run their own computer applications.

Amazon Web Services

[answer1] specifies that AWS manages the security of the following assets: Facilities Physical security of hardware Network infrastructure Virtualization infrastructure

Amazon elastic compute cloud

Select the rules that best apply to a Security Group.

Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on Operates at the instance level Supports allow rules only Is stateful: Return traffic is automatically allowed, regardless of any rules We evaluate all rules before deciding whether to allow traffic

Select the letter that best demonstrates how Cloud Trail Works.

B

All AMIs are categorized as either _______ by Amazon EBS, which means that the root device for an instance launched from the AMI is an Amazon EBS volume, or backed by ________ store, which means that the root device for an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3.

Backed, Instance

Which category does this best practice fall under? "Regularly back up your EBS volumes using Amazon EBS snapshots (Links to an external site.), and create an Amazon Machine Image (AMI) (Links to an external site.) from your instance to save the configuration as a template for launching future instances."

Backup and Recovery

Which category does this best practice fall under? "Regularly test the process of recovering your instances and Amazon EBS volumes if they fail."

Backup and Recovery

Which option best describes Cloud Computing benefit from massive economies of scale?

By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers are aggregated in the cloud, providers such as Amazon Web Services can achieve higher economies of scale which translates into lower pay as you go prices.

Select the use case that corresponds to the following diagram:

COMPLIANCE AID

When using the AWS SDKs, you first create a [answer1] and then use the client to send a request to create a bucket. When you create the client, you can specify an AWS Region.

Client

The risk management process consists of: (Pick all that apply)

Conduct a threat assessment. Identification of assets and estimating their value. Calculate the impact that each threat would have on each asset. Use qualitative analysis or quantitative analysis. Evaluate the effectiveness of the control measures. Ensure the controls provide the required cost effective protection without discernible loss of productivity. Conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, procedures, standards, training, physical security, quality control, technical security. Identify, select and implement appropriate controls. Provide a proportional response. Consider productivity, cost effectiveness, and value of the asset.

With CloudTrail, you can log, _______ monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides _______ history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

Continuously, Event

Select the options that best explains why to cloud provides deep visibility into compliance and governance.

Controlling Managing identity, configuration and usage Auditing

Select the correct description of the following image:

Core Checks and Recommendations

What are the most common operations you'll execute through the API?

Create a bucket Write an object Deleting an object Read an object

In information security, [answer1] means maintaining and assuring the accuracy and completeness of data over its entire lifecycle.

Data Integrity

Select the options that best explains why to cloud security recognized as stronger than on-premises.

Data encryption at rest and in-transit Broad security certification and accreditation Hardware security modules and strong physical security all contribute to a more secure way to manage your business

Companies will often think of the best methods to meet its computing objectives. Please select the best option for an On-Premise model?

Deploying resources on-premises, using virtualization and resource management tools, is sometimes called "private cloud". On-premises deployment does not provide many of the benefits of cloud computing but is sometimes sought for its ability to provide dedicated resources. In most cases this deployment model is the same as legacy IT infrastructure while using application management and virtualization technologies to try and increase resource utilization.

What is a Dynamic IP address and a Static IP address?

Dynamic IP address - a different IP address by your ISP every time your router connects to the internet Static IP address - ISP will provide you with a dedicated IP address which you will be using all the time

Remote Desktop allows a Windows System to connect to a Linux System over the network.

False

Spoofing attacks cannot happen locally.

False

For AWS Container services, you are responsible for the ______ and rules ________ .

Firewall, Data

Please enter the heading for the following image:

Full Trusted Advisor Benefits

An instance type essentially determines the [answer1] of the host computer used for your instance.

Hardware

Software called ____________ separates the physical resources from the virtual environments—the things that need those resources. They can sit on top of an operating system (like on a laptop) or be installed directly onto hardware (like a server), which is how most enterprises virtualize. They can also take your physical resources and divide them up so that virtual environments can use them.

Hypervisor

Select the Amazon S3 types of access keys.

IAM User Access Keys AWS Account Access Keys Temporary Security Credentials

What are the high level steps to create a user account? (Choose all that apply)

IAM user can use the AWS CLI Know the difference between a privilege administrator, user and systems IAM user can use a role

Each virtual machine, called an [answer1], functions as a virtual private server.

Instance

Select the best option that defines "trade capital expense for a variable expense".

Instead of having to invest heavily in data centers and servers before you know how you're going to use them, you can only pay when you consume computing resources, and only pay for how much you consume.

Based on the image below, Connecting to what network component makes the public subnet public?

Internet Gateway

The name that you assign to an object.

Key

Passwords, network and host-based firewalls, network intrusion detection systems, access control lists, and data encryption are examples of [answer1].

Logical Controls

A set of name-value pairs with which you can store information regarding the object.

Metadata

What is NAT?

Network Address Translation

What type of virtualization allows for a useful way to run Linux and Windows environments side-by-side. Enterprises can also push virtual operating systems to computers, which: Reduces bulk hardware costs, since the computers don't require such high out-of-the-box capabilities. Increases security, since all virtual instances can be monitored and isolated. Limits time spent on IT services like software updates.

Operating System Virtualization

Building on the AWS secure global infrastructure, you install and configure your ________ and _________ in the AWS cloud just as you would do on premises in your own data centers.

Operating systems, Platforms

IAM enables you to add which specific conditions? (choose all that apply)

Originating IP Address Time of Day Enforce SSL Require MFA

Security groups act as a firewall for associated instances, controlling both _______ and _________ traffic at the instance level.

Outbound, Inbound

Administrative controls consist of approved written _________, ________, ______ and _________.

Policies, Procedures, Standards, Guidelines

What are the 4 main functions of an operating system?

Provide a user interface, manage files, manage the hardware, and host and manage applications

Based on the image below, there are 3 elastic IP Addresses: (198.51.100.1, 198.51.100.2, 198.51.100.3). Are these IP Addresses public or private?

Public

Amazon S3 is a [answer1] service.

REST

The two common methods to connect to a remote system or a system hosted in the cloud are _______ or _________.

Remote Desktop Protocol (RDP), SSH

[answer1] shows up on operations like credit card transactions - a user purchases something and then claims that they didn't do it.

Repudiation

Which instance type enables EC2 or RDS service users to reserve an instance for one or three years?

Reserved Instances

Which category does this best practice fall under? "View your current limits for Amazon EC2. Plan to request any limit increases in advance of the time that you'll need them."

Resource Management

AWS provides a wide range of information regarding its IT control environment to customers through white papers, reports, certifications, accreditations, and other third-party attestations. More information is available in the ______ and ______ ________

Risk, Compliance, Whitepaper

When you launch an instance, the contains the image used to boot the instance.

Root Device Volume

Windows introduced a command to elevate rights for a specific process. The windows command used to elevate permissions is [answer1].

RunAs

The free tier for Amazon EC2 provides you with [answer1] hours usage of any Linux combination of t2.micro and t1.micro instances.

Seven hundred fifty

Confidentiality, possession, integrity, authenticity, availability, and utility are called the [answer1].

Six Atomic Elements

Viruses, worms, phishing attacks, and Trojan horses are a few common examples of [answer1].

Software Attacks

Select the best description that corresponds Platform-as-a-Service:

This service model removes the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allow you to focus on the deployment and management of your applications. This cloud model also helps you be more efficient as you don't need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.

A REJECT record for the response ping that the network ACL denied.

True

A policy consists of one or more statements, each of which describes one set of permissions.

True

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account.

True

Amazon EC2 is hosted in multiple locations world-wide.

True

Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web.

True

Amazon S3 is intentionally built with a minimal feature set that focuses on simplicity and robustness.

True

Amazon Web Services (AWS) publishes many Amazon Machine Images (AMIs) that contain common software configurations for public use.

True

Amazon Web Services provides a secure global infrastructure and services in the cloud.

True

An AWS GovCloud (US) account provides access to the AWS GovCloud (US) region only.

True

Cloud computing is made available over the internet with pay-as-you-go pricing.

True

Compliance responsibilities are shared between AWS and the owner of the systems built on top of the AWS cloud infrastructure.

True

EC2 encourages scalable deployment of applications by providing a web service through which a user can boot an Amazon Machine Image (AMI) to configure a virtual machine, which Amazon calls an "instance", containing any software desired.

True

Each Amazon EC2 region is designed to be completely isolated from the other Amazon EC2 regions.

True

For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms and you access the endpoints to store and retrieve data.

True

Nacls are stateless firewalls.

True

Only the bucket owner is allowed to associate a policy with a bucket.

True

Regions are isolated from each other, and we don't replicate resources across regions automatically.

True

The REST API is an HTTP interface to Amazon S3. Using REST, you use standard HTTP requests to create, fetch, and delete buckets and objects.

True

The default gateway is what your home devices, such as PCs, laptops, tablets and phones, will use when requesting pages and content on the web.

True

You receive the benefits of the free tier automatically for [answer1] months after you sign up for an AWS account.

Twelve

Which hypervisor runs directly on the host's hardware to control the hardware and to manage guest operating systems.

Type 1 - Bare-metal Hypervisors

Which hypervisor runs on a conventional operating system(OS) just as other computer programs do.

Type 2 - Hosted Hypervisors

You can create a flow log for a _______ , a _____, ________ or a ____________.

VPC, Subnet, Network, Interface

If a subnet doesn't have a route to the internet gateway, but has its traffic routed to a virtual private gateway for a VPN connection, the subnet is known as a ________ -only subnet.

VPN

The content that you are storing.

Value

A string that Amazon S3 generates when you add an object to a bucket.

Version ID

Match the Factor with the common approach:

Untrusted AMIs - You are responsible for patch management for your AMIs and live instances. Untrusted software - Only install and run trusted software from a trusted software provider. A trusted software provider is one who is well regarded in the industry, and develops software in a secure and responsible fashion, not allowing malicious code into its software packages. Open source software can also be trusted software, and you should be able to compile your own executables. We strongly recommend that you perform careful code reviews to ensure that source code is non-malicious. Trusted software providers often sign their software using code-signing certificates or provide MD5 or SHA-1 signatures of their products so that you can verify the integrity of the software you download. Untrusted software depots - You download trusted software from trusted sources. Random sources of software on the Internet or elsewhere on the network might actually be distributing malware inside an otherwise legitimate and reputable software package. Such untrusted parties might provide MD5 or SHA-1 signatures of the derivative package with malware in it, so such signatures should not be trusted. We advise that you set up your own internal software depots of trusted software for your users to install and use. Strongly discourage users from the dangerous practice of downloading and installing software from random sources on the Internet. Principle of least privilege - Give users the minimum privileges they need to carry out their tasks. That way, even if a user accidentally launches an infected executable, the impact on the instance and the wider cloud system is minimized. Patching - Patch external-facing and internal systems to the latest security level. Worms often spread through unpatched systems on the network. Botnets - If an infection-whether from a conventional virus, a Trojan, or a worm-spreads beyond the individual instance and infects a wider fleet, it might carry malicious code that creates a botnet-a network of infected hosts that can be controlled by a remote adversary. Follow all the previous recommendations to avoid a botnet infection. Spam - Infected systems can be used by attackers to send large amounts of unsolicited mail (spam). AWS provides special controls to limit how much email an Amazon EC2 instance can send, but you are still responsible for preventing infection in the first place. Avoid SMTP open relay, which can be used to spread spam, and which might also represent a breach of the AWS Acceptable Use Policy. For more information, see the Amazon Web Services Acceptable Use Policy- http://aws.amazon.com/aup/. Antivirus/antispam software - Be sure to use a reputable and up-to-date antivirus and antispam solution on your system. Host-based IDS software - Many AWS customers install host-based IDS software, such as the open source product OSSEC, that includes file integrity checking and rootkit detection software. Use these products to analyze important system files and folders and calculate checksum that reflect their trusted state, and then regularly check to see whether these files have been modified and alert the system administrator if so.

Based on the diagram below, do the web servers have a public IP Address and a Private IP Address?

Yes

[anwser1] are responsible for patch management for your AMIs and live instances.

You

What does on-demand delivery capabilities Cloud computing provide?

database storage other IT resources applications compute power

If an attacker can crash your component or redirect packets into a black hole, or consume all the CPU on the box, you have a ____________ situation.

denial of service

Which Threat allows an attacker to elevate their privilege level from anonymous to the local user (or whatever account is hosting the vulnerable component).

elevation of privelage

If a subnet doesn't have a route to the internet gateway, the subnet is known as a ______ ______

private, subnet

If a subnet's traffic is routed to an internet gateway, the subnet is known as a _________ ______.

public, subnet

Select the best description that corresponds Software-as-a-Service:

This service model provides you with a completed product that is run and managed by the service provider. With this cloud offering you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you only need to think about how you will use that particular piece software.

Select the best description that corresponds Infrastructure-as-a-Service:

This service model removes the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allow you to focus on the deployment and management of your applications. This cloud model also helps you be more efficient as you don't need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.

The process of switching levels of access from a lower privileged account to either the administrator or root level of access is referred to as "elevation of privileges".

True

The student is responsible for any cost incurred on his/her own AWS account.

True

There are various instance- and volume-related tasks you can do when an Amazon EBS-backed instance is in a stopped state.

True

To avoid charges while on the free tier, you must keep your usage below the free tier limits.

True

To connect to your Linux instance from a computer running Mac or Linux, you'll specify the .pem file to your SSH client with the -I option and the path to your private key.

True

To help you stay within the limits, you can track your free tier usage and set a billing alarm to notify you if you start incurring charges.

True

To import virtual machine (VM) images from your local environment into AWS and convert them into ready-to-use AMIs or instances, use VM Import/Export.

True

Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.

True

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

True

Virtualization is technology that lets you create useful IT services using resources that are traditionally bound to hardware.

True

When an instance is stopped, the instance performs a normal shutdown, and then transitions to a stopped state.

True

When you create a VPC, we recommend that you specify a CIDR block (of /16 or smaller) from the private IPv4 address ranges as specified in RFC 1918 (Links to an external site.): 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

True

When you launch a new Amazon EC2 instance from a standard AMI, you can access that instance using secure remote system access protocols, such as Secure Shell (SSH), or Windows Remote Desktop Protocol (RDP).

True

When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including Amazon EC2.

True

You are charged for any usage that exceeds the free tier limits.

True

You can access your bucket using the Amazon S3 console. Using the console UI, you can perform almost all bucket operations without having to write any code.

True

You can assign AWS security credentials to your IAM users by using the API, CLI, or AWS Management Console. You can rotate or revoke these credentials whenever you want.

True

You can choose to generate your own Amazon EC2 key pairs using industry- standard tools like OpenSSL. You generate the key pair in a secure and trusted environment, and only the public key of the key pair is imported in AWS; you store the private key securely.

True

You can migrate an instance from one Availability Zone to another.

True

You can monitor the accepted and rejected IP traffic going to and from your instances by creating a flow log for a VPC.

True

You can use AWS Identity and Access Management (IAM) to create users under your AWS account with their own access keys and attach IAM user policies granting appropriate resource access permissions to them.

True

You can use access keys to send authenticated requests to Amazon S3.

True

You must protect the root account and not use this account unless absolutely needed.

True

How does Cloud Computing increase speed and agility?

In a cloud computing environment, new IT resources are only ever a click away, which means you reduce the time it takes to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.

Multi-factor authentication (MFA) is a security feature available at an extra cost that augments user name and password credentials.

False

Only individuals can use bucket policies.

False

Passwords are used to make programmatic calls to AWS from the AWS APIs, AWS CLI, AWS SDKs, or AWS Tools for Windows ProwerShell.

False

Pricing for Amazon S3 is designed so that you have to plan for the storage requirements of your application.

False

Regions are designed with availability in mind and consist of at least three, often more, Availability Zones.

False

The ISP has no control over the content you can receive from the Internet.

False

The SOAP API uses the standard HTTP headers and status codes, so that standard browsers and toolkits work as expected.

False

The account access keys provide limited access to the AWS resources owned by the account.

False

The four main components of a policy are: actions, resources, effect, and time.

False

The operating system of a computer can only control a physical computer.

False

The process of risk management is an ongoing, iterative process. It must not be repeated indefinitely.

False

Third-party applications or services from AWS marketplace are eligible for the free tier.

False

To monitor the calls made to the Amazon EC2 API for your account, including calls made by the AWS Management Console, command line tools, and other services, use AWS CloudWatch.

False

Use AWS regions to manage network latency and regulatory compliance. When you store data in a specific region, it is replicated outside that region.

False

Virtualization does not allow you to use a physical machine's full capacity by distributing its capabilities among many users or environments.

False

When an instance is terminated, the instance does not perform a normal shutdown.

False

When creating an AWS AMI you do not need to do the following: Protect Credentials Protect Data Minimize exposure

False

When you create a bucket, you provide a name and the AWS Region where you want to create the bucket.

False

When you launch an instance, you must select an AMI that's in a different region.

False

When you work with an instance using the command line interface or API actions, you must not specify its regional endpoint.

False

You can not change the "DeleteonTermination" attribute when you launch an instance.

False

You can not create access keys for your AWS account to access the command line interface or API.

False

You can secure your VPC instances using only security groups; however, you can add network ACLs to reduce the additional layer of defense. For more information, see Network ACLs

False

You can store only a certain number of objects in a bucket.

False

You cannot choose to have Amazon EC2 key pairs generated by AWS.

False

You cannot easily customize the network configuration for your Amazon VPC.

False

You cannot provision Amazon EC2 resources, such as instances and volumes, directly using Amazon EC2.

False

You do not need to worry if your cloud provider is compliant with all standards.

False

Your AWS account has no limit on the number of instances that you can have running.

False

Your router's private address is the address it has been assigned in the public network.

False

How does Cloud Computing stop spending money on running and maintaining data centers?

Focus on projects that differentiate your business, not the infrastructure. Cloud computing lets you focus on your own customers, rather than on the heavy lifting of racking, stacking and powering servers.

IT security specialists are responsible for keeping all of the technology within the company secure from [answer1] that often attempt to acquire critical private information or gain control of the internal systems.

Malicious Cyber Attacks

Any data on the instance store volumes persists as long as the instance is ________ , but this data is deleted when the instance is ________ (instance store-backed instances do not support the Stopaction) or if it fails (such as if an underlying drive has issues).

Running Terminated

Identity and Access Management (IAM) service, can be used to manage users and user permissions in a subset of AWS services.

True

If you're transferring data from one computer to another, if the attacker can sniff the data on the wire, then your component is subject to an information disclosure threat.

True

Information security threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion.

True

Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.

True

Instances that use Amazon EBS for the root device automatically have an Amazon EBS volume attached.

True

Instances that use instance stores for the root device automatically have one or more instance store volumes available, with one volume serving as the root device volume.

True

It is a best practice to elevate to "SuperUser" in Linux or administrator access in Windows only when required.

True

Non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction, nor can the other party deny having sent a transaction.

True

Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities and include doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, etc. Separating the network and workplace into functional areas are also physical controls.

True

RunAs command is available in a current Windows OS and allows a standard user with privileged account credentials to elevate to an administrator user.

True

SSH stands for Secure Shell and allows an SSH client to connect to a Linux server configured with SSH.

True

Services in AWS, such as Amazon EC2, require that you provide credentials when you access them, so that the service can determine whether you have permission to access its resources.

True

Shared responsibility means the customer of cloud and the cloud provider, both, have a responsibility to secure the cloud environment. For example, when the customer uses Infrastructure as a Service (IaaS) the customer is responsible for ensuring the guest OS is hardened and secure.

True

Since many computers and devices can be connected to the internet through a modem at home, and there is a limited number of IPV4 addresses in the world, the modem or router will translate and route all the packets to the correct place.

True

Sources of industry-accepted system hardening standards include, but are not limited to: • Center for Internet Security (CIS) • International Organization for Standardization (ISO) • SysAdmin Audit Network Security (SANS) Institute • National Institute of Standards Technology (NIST)

True

Subnets, IP ranges, route tables, and security groups are automatically created for you so you can concentrate on creating the applications to run in your VPC.

True

The AWS Cloud provides a broad set of infrastructure services, such as computing power, storage options, networking and databases services.

True

The CIA triad of confidentiality, integrity, and availability is at the heart of information security.

True

The choice of countermeasures (controls) used to manage risks must strike a balance between productivity, cost, effectiveness of the countermeasure, and the value of the informational asset being protected.

True

The main purpose of an operating system is to control the computer.

True

Cloud providers are audited by industry-trusted 3rd party auditors to ensure they are compliant and to reduce access to the cloud provider data centers.

True

Conditions can be configured to provide an additional layer of security. For example, only allow access to this resource from a specific IP Address.

True

What does AWS IAM allow you to do?

All of the above Manage IAM users and their access Manage federated users and their permissions Manage IAM roles and their permissions

What are the types of virtualization?

All of the above Server Virtualization Desktop Virtualization Network Functions Virtualization You Answered Operating System Virtualization Data Virtualization

You can create and manage AWS users and groups, and use permissions to ___ or _____ their access toAWS resources.

Allow or Deny

Which statement best describes Data Virtualization?

Allows companies to treat data as a dynamic supply—providing processing capabilities that can bring together data from multiple sources, easily accommodate new data sources, and transform data according to user needs.

Select the use case that corresponds to the following diagram:

SECURITY ANALYSIS

If an Amazon EBS-backed instance fails, you can restore your session by following one of these methods: (choose all that apply).

Automatically snapshot all relevant volumes and create a new AMI. Attach the volume to the new instance. Stop and then start again

In the realm of information security, [answer1] can often be viewed as one of the most important parts of a successful information security program.

Availability

When you launch an instance, you can select an .

Availability Zone

The acronym [answer1] stands for: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.

STRIDE

An attacker that modified a TCP stream by predicting the sequence numbers would be [answer1] with that data flow.

Tampering

You can create a _____ ___ ____ ____ connection between your corporate data center and your VPC and leverage the AWS Cloud as an extension of your corporate data center.

Hardware Virtual Private Network

A hypervisor that runs one or more virtual machines is called a ______ , and each virtual machine is called a ________

Host Machine , Guest Machine

Federation allows for an enterprise directory of users to access AWS resources via Single Sign-On using protocols such as Security Assertion Markup Language 2.0 (SAML)

True

You can enable your mobile and browser based applications to securely access AWS resources by requesting _____ _______ ________that grant access to only specific AWS resources for a configurable period of time.

Temporary Security Credentials

Full Trusted Advisor Benefits is only available for Business or Enterprise support plans and has additional costs.

True

IAM enables you to grant temporary security credentials to any IAM user to enable them to access your AWS services and resources.

True

ISP stands for Internet Service Provider.

True

Cloud Computing go global in minutes can best be defined by which of the following options?

Easily deploy your application in multiple regions around the world with just a few clicks. This means you can provide a lower latency and better experience for your customers simply and at minimal cost.

If you don't specify a Region, Amazon S3 creates the bucket in the US [answer1] Region.

East

To automatically distribute incoming application traffic across multiple instances, _______ _________ _________

Elastic Load Balancing

EC2 instances can run with a role without specific permissions to access and make API calls to AWS.

False

In Linux, the "root user account" is not the account that has full access to the OS and the configuration files.

False

Information must be protected while in motion but not while at rest.

False

Information security, sometimes shortened to InfoSec, is the practice of preventing authorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

False

Laptop theft, password theft, or sensitive emails being sent to the incorrect individuals are examples of [answer1].

Confidentiality of Electronic Data

Where can you get answers to questions about your bill? (Choose all that apply)

Contacting AWS customer service AWS Knowledge Center

Amazon S3 is designed to make web-scale computing [answer1] for developers.

Easier

Stop guessing capacity

Eliminate guessing on your infrastructure capacity needs. When you make a capacity decision prior to deploying an application, you often either end up sitting on expensive idle resources or dealing with limited capacity. With cloud computing, these problems go away. You can access as much or as little as you need, and scale up and down as required with only a few minutes notice.

IAM can be used to grant your _____ and ________federal access to the AWS Management Console and AWS service APIs, using your existing Identity systems such as Microsoft Active Directory.

Employees, applications

(IAM) Identity and Access Management is offered with additional charges.

False

A Linux instance has many passwords.

False

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account and will fix all security-related issues.

False

AWS is an acronym for Amazon Web Subscriptions.

False

Access keys are used to sign in to secure AWS pages, such as the AWS Management Console and the AWS Discussion Forums.

False

After an instance store-backed instance fails or terminates, it can be restored.

False

After you launch an instance, it looks like a traditional host, and you can not interact with it as you would any computer.

False

All AWS services fall under the free tier.

False

Amazon EC2 does not enable you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic.

False

Amazon Web Services (AWS) offers a broad set of global compute, storage, database, analytics, application, and deployment services that help organizations move slower, increase IT costs, and descale applications.

False

An ACCEPT record for the originating ping that was allowed by both the network ACL and the security group, and therefore was not allowed to reach your instance.

False

An AWS Security Group is a stateless firewall.

False

An IAM user can request temporary security credentials for their own use but cannot hand them out to federated users or applications.

False

An IP address (short for Internet Program address) is a unique address for each device connected to a network or the internet.

False

An IPv4 is a version of internet protocol where each address has 3 bytes of data.

False

An important logical control that is frequently overlooked is the principle of least privilege, which requires that an individual, program or system process be granted more access privileges than are necessary to perform the task.

False

Before storing anything in Amazon S3, you need to register with the service and provide a payment instrument that will be charged at the end of each month. There are set-up fees to begin using the service. At the end of the month, your payment instrument is automatically charged for that month's usage.

False

[answer1] is the attempt to act as someone else usually to obtain that person's personal information or to take advantage of their access to vital information.

Identity Theft

What does the acronym IAM mean?

Identity and Access Management

Each region is completely _____ Each Availability Zone is _______ , but the Availability Zones in a region are connected through low-latency links.

Independent Isolated

[answer1] consists of theft of a company′s property or information as an attempt to receive a payment in exchange for returning the information or property back to its owner, as with ransomware.

Information Extortion

Using code to manage and deploy operating systems in the cloud is referred to as [answer1] as code.

Infrastructure

Cloud computing has three main types that are commonly referred to as ________ as a Service (IaaS), _______ as a Service (PaaS), and _________ as a Service (SaaS).

Infrastructure, Platform, Software

You can store data in Amazon S3 and [answer1] access so that it's only accessible from instances in your VPC.

Restrict

Select all of the Security Best Practices:

Review the rules in your security groups regularly, and ensure that you apply the principle of least privilege—only open up permissions that you require. Disable password-based logins for instances launched from your AMI. Use AWS Identity and Access Management (IAM) to control access to your AWS resources, including your instances. Restrict access by only allowing trusted hosts or networks to access ports on your instance.

Amazon EC2 provides the following features: (Choose all that apply)

Secure login information for your instances using key pairs (AWS stores the public key, and you store the private key in a secure place) Virtual computing environments, known as instances Virtual networks you can create that are logically isolated from the rest of the AWS cloud, and that you can optionally connect to your own network, known as virtual private clouds (VPCs) A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using security groups

The field of information security has grown and evolved significantly in recent years. What are the areas for specialization? Choose all that apply.

Securing applications and databases Answer Securing networks Security Testing Digital forensics

Cloud Trail event history simplifies [answer1] analysis, resource change tracking, and troubleshooting.

Security

What are the benefits of using AWS CloudTrail? (Choose all that apply)

Security Automation Security Analysis and Troubleshooting Visibility into User and Resource Activity Simplified Compliance

Which category does this best practice fall under? "Implement the least permissive rules for your security group."

Security and Network

Select the five categories that AWS Trusted Advisor will analyze.

Service Limits Performance Security Fault Tolerance Cost Optimization

What "instance" has spare compute capacity in the AWS cloud available at up to 90% discount compared to On-Demand prices. As a trade-off, AWS offers no SLA on these instances and customers take the risk that it can be interrupted with only two minutes of notification when Amazon needs the capacity back.

Spot Instances

Amazon Simple Storage Service is [answer1] for the Internet.

Storage

Which category does this best practice fall under? "Understand the implications of the root device type for data persistence, backup, and recovery."

Storage

A mechanism to store object-specific additional information.

Subresources

In Linux, the [answer1] command will allow you to elevate.

Sudo

Select the statement that best matches the following flow log.

The following is an example of a flow log record in which RDP traffic (destination port 3389, TCP protocol) to network interface eni-abc123de in account 123456789010 was rejected:

A hypervisor or virtual machine monitor (VMM) is computer software, firmware or hardware that creates and runs virtual machines.

True

A public IP address is an address your router gets assigned by your ISP, to handle all communications to the outside world.

True

A threat will use a vulnerability to cause harm which creates a risk.

True

A useful tool when trying to figure out the attack vectors against a particular threat is the "threat tree". A threat tree (also known as an attack tree) allows you to measure the level of risk associated with a particular vulnerability.

True

AWS Billing and Cost Management is the service that you use to pay your AWS bill, monitor your usage, and budget your costs.

True

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

True

AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password.

True

AWS and Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely.

True

AWS uses public-key cryptography to secure the login information for your instance.

True

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud.

True

Amazon S3 charges you only for what you actually use, with no hidden fees and no overage charges. This gives developers a variable-cost service that can grow with their business while enjoying the cost advantages of Amazon's infrastructure.

True

Amazon S3 gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites.

True

Amazon S3 offers a range of storage classes designed for different use cases.

True

Amazon S3 provides a REST and a SOAP interface.

True

Amazon VPC provides advanced security features, such as security groups and network access control lists, to enable inbound and outbound filtering at the instance level and subnet level.

True

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.

True

An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications).

True

An important aspect of a threat is that a threat applies to an asset. If there's no asset affected, then it's not a threat.

True

Availability Zones are designed for fault isolation. They are connected to multiple Internet Service Providers (ISPs) and different power grids. They are interconnected using high speed links, so applications can rely on Local Area Network (LAN) connectivity for communication between Availability Zones within the same region.

True

Based on the diagram below, If you add your Public IP Address of your home router in the field "Your network's public IPv4 address range" which corresponds to "Allow inbound RDP access to Windows instances from IPv4 IP addresses in your network (over the Internet gateway)" rule you will be able to Remote Desktop (RDP) into the instance from your home network. (Hint: We did an exercise where you figured out your external IP Address. This is the IP address the Security Group/firewall will see.)

True

Buckets can be accessed using path-style and virtual-hosted-style URLs.

True

Buckets serve several purposes: they organize the Amazon S3 namespace at the highest level, they identify the account responsible for storage and data transfer charges, they play a role in access control, and they serve as the unit of aggregation for usage reporting.

True

Cloud computing delivery as a utility can be described as on-demand, available in seconds, with pay-as-you-go pricing.

True

In the image below what device does Subnet 3 go thru to reach the corporate network? (Hint: This is a gateway device.)

Virtual Private Gateway

Risk management is the process of identifying ________ and ________ to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.

Vulnerabilities, Threats

Select the rules that best apply to a Network ACL.

We process rules in number order when deciding whether to allow traffic Automatically applies to all instances in the subnets it's associated with (therefore, you don't have to rely on users to specify the security group) Is stateful: Return traffic is automatically allowed, regardless of any rules Operates at the subnet level Is stateless: Return traffic must be explicitly allowed by rules Operates at the instance level

Sabotage usually consists of the destruction of an organization′s [answer1] in an attempt to cause loss of confidence on the part of its customers.

Website

Remote Desktop Protocol is the preferred method to connect to a ________ and __________ is the preferred connection to a Linux System.

Windows OS, SSH

Based on the image below is Subnet 1 a private or a public subnet. (Hint: If it has a connection to the internet gateway it is public.

Yes

Based on the image below, does the security group firewall rule allow access from all IP address?

Yes

[anwser1] manage your operating systems and applications security.

You


Related study sets

Barack Obama American President Project

View Set

Hemodynamics, HTN Crises, Valvular Disease & Aneurysms quiz 2

View Set

AZ-900 Azure Architecture and Services

View Set

APUSH - Learning Curve Chapter 5

View Set

ECONMT 115 - CH3 - Static Electricity

View Set