Lesson 5 Security in the Cloud-c838
Which of the following risks of the public cloud can be caused when the cloud provider goes out of business, is acquired by another interest, or ceases operation for any reason? vendor lock-in vendor lock-out multitenant environment persistent backdoor
vendor lock-out
Occurs on the hypervisor itself, the underlying OS, and the machine directly
Attacks on the hypervisor
Because PaaS implementations are so often used for software development, what is one of the vulnerabilities that should always be kept in mind? Backdoors DoS/DDoS Malware Loss/theft of portable devices
Backdoors
The provider is responsible for determining the location and configuration of the backup and for assessing and declaring disaster events. Private architecture, cloud service as backup Cloud operations, cloud provider as backup Cloud operations, third-party cloud backup provider
Cloud operations, cloud provider as backup
The cloud provider hosts regular operations and the customer opts for contingency operations to distribute risks. Private architecture, cloud service as backup Cloud operations, cloud provider as backup Cloud operations, third-party cloud backup provider
Cloud operations, third-party cloud backup provider
The various models generally available for cloud BC/DR activities include all of the following except: Cloud provider, backup from private provider Cloud provider, backup from another cloud provider Cloud provider, backup from same provider Private architecture, cloud backup
Cloud provider, backup from private provider
Countermeasures for protecting cloud operations against internal threats include all of the following except: Mandatory vacation Conflict of interest Least privilege Separation of duties
Conflict of interest
Considers full offsite backups, secured and kept by a customer, to protect against vendor lock-in/lock-out
Contractual failure
A legal activity might result in a host machine being confiscated or inspected by law enforcement or plaintiffs' attorneys
Data seizure
A legal activity that might result in a host machine being confiscated or inspected by law enforcement or plaintiffs' attorneys.
Data seizure
Countermeasures for protecting cloud operations against external attackers include all of the following except: Continual monitoring for anomalous activity Detailed and extensive background checks Hardened devices and systems, including servers, hosts, hypervisors, and virtual machines Regular and detailed configuration/change management activities
Detailed and extensive background checks
Because of multitenancy, specific risks in the public cloud that don't exist in the other cloud service models include all the following except: DoS/DDoS Escalation of privilege Risk of loss/disclosure due to legal seizures Information bleed
DoS/DDoS
These attacks can take many forms, such as unauthorized access, eavesdropping, DOS/DDoS, and so on.
External Attacks
Includes hardened devices, hypervisors, and virtual machines, with thorough configuration and change management protocols
External attacker
Includes malware, hacking, DoS/DDoS, man-in-the-middle attacks, and so on
External threat
The customer wants to refute control, deny insight, and refrain from disclosing any information used for malicious purpose. .
False
An improperly designed or poorly configured hypervisor might allow for a user to leave the confines of their own virtualized instance
Guest escape
An improperly designed or poorly configured hypervisor might allow for a user to leave the confines of their own virtualized instance.
Guest escape
Countermeasures for protecting cloud operations against internal threats include all of the following except: Extensive and comprehensive training programs, including initial, recurring, and refresher sessions Aggressive background checks Hardened perimeter devices Skills and knowledge testing
Hardened perimeter devices
A poorly negotiated cloud service contract could result in all the following detrimental effects except: Unfavorable terms Malware Vendor lock-in Lack of necessary services
Malware
This can be considered an external or internal threat, depending on the source of the infection.
Malware
Benefits for addressing BC/DR offered by cloud operations include all of the following except: Fast replication Regular backups offered by cloud providers Metered service Distributed, remote processing, and storage of data
Metered service
Ensures multiple redundancies for all systems and services for the datacenter
Natural disaster
In the private cloud, the organization knows exactly how prepared they are to cope with this situation and how often, what kind, and where backups are done.
Natural disasters
All of the following methods can be used to attenuate the harm caused by escalation of privilege except: Extensive access control and authentication tools and techniques Analysis and review of all log data by trained, skilled personnel on a frequent basis Periodic and effective use of cryptographic sanitization tools The use of automated analysis tools such as SIM, SIEM, and SEM solutions
Periodic and effective use of cryptographic sanitization tools
This includes both inadvertent and malicious threats. In the private cloud, personnel controls remain at the behest of the organization, which can be reassuring.
Personnel Threats
A malicious or negligent insider can cause significant negative impact, as they have physical access to the resources
Personnel threat
What is the term we use to describe the general ease and efficiency of moving data from one cloud provider either to another cloud provider or down from the cloud? Obfuscation Portability Mobility Elasticity
Portability
The customer decides when normal operations will cease and the backup will be utilized as the operational network. Private architecture, cloud service as backup Cloud operations, cloud provider as backup Cloud operations, third-party cloud backup provider
Private architecture, cloud service as backup
Countermeasures for protecting cloud operations against internal threats include all of the following except: Masking and obfuscation of data for all personnel without need to know for raw data Active physical surveillance and monitoring Active electronic surveillance and monitoring Redundant ISPs
Redundant ISPs
In private configurations, full control resides internally, and the organization can know its exact regulatory exposure and confidently ensure that it is complying with all relevant regulations.
Regulatory Noncompliance
Implements DRM solutions, hires knowledgeable, trained personnel with skillsets, and uses encryption, obfuscation, and masking
Regulatory violation
Which of the following is a technique used to attenuate risks to the cloud environment, resulting in loss or theft of a device used for remote access? Safe harbor Remote kill switch Dual control Muddling
Remote kill switch
The programs and instances run by the customer will operate on the same devices used by other customers
Resource sharing
Countermeasures for protecting cloud operations against internal threats include all of the following except: Scalability DLP solutions Financial penalties for the cloud provider in the event of negligence or malice on the part of its own personnel Broad contractual protections to ensure the provider is ensuring an extreme level of trust in its own personnel
Scalability
Uses training and incentive programs to identify personnel who resist the attempts and bring them to the attention of the security office
Social engineering
Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except: The cloud provider's suppliers The cloud provider's resellers The cloud provider's utilities The cloud provider's vendors
The cloud provider's resellers
After a cloud migration, the BIA should be updated to include a review of the new risks and impacts associated with cloud operations; this review should include an analysis of the possibility of vendor lock-in/lock-out. Analysis of this risk may not have to be performed as a new effort, because a lot of the material that would be included is already available from which of the following? Open source providers NIST The cloud provider The cost-benefit analysis the organization conducted when deciding on cloud migration
The cost-benefit analysis the organization conducted when deciding on cloud migration
The customer is concerned with data, whereas the provider is concerned with security and operation.
True
The customer's ultimate legal liability for data it owns remains true even if the provider's failure was the result of negligence
True
The risks and responsibilities will be shared between the cloud provider and customer.
True
Which hypervisor malicious attackers would prefer to attack? Type 4 Type 1 Type 2 Type 3
Type 2
All of the following are techniques to enhance the portability of cloud data, in order to minimize the potential of vendor lock-in except: Avoid proprietary data formats Use DRM and DLP solutions widely throughout the cloud operation Ensure there are no physical limitations to moving Ensure favorable contract terms to support portability
Use DRM and DLP solutions widely throughout the cloud operation
What is the term used to describe loss of access to data because the cloud provider has ceased operation? Masking Vendor lock-in Vendor lock-out Closing
Vendor lock-out
The threats are enhanced because even more resource sharing and simultaneous multitenancy is going to occur
Virtualization
resources are shared and dispersed among an affinity group. Infrastructure can be owned and/or operated jointly, individually, centrally, across the community, or in any combination and mixture of these options.
community cloud
The cloud customer will have the most control of their data and systems, and the cloud provider will have the least amount of responsibility, in which cloud computing arrangement? IaaS PaaS SaaS Community cloud
IaaS
Refers to the possibility that processing performed on one virtualized instance may be detected by other instances on the same host.
Information bleed
The possibility exists that processing performed on one virtualized instance may be detected by other instances on the same host
Information bleed
An issue in which the customer's software may not function properly with each new adjustment in the environment if the OS is updated by the provider.
Interoperability issue
The customer's software may not function properly with each new adjustment in the environment if the OS is updated by the provider
Interoperability issue
When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts. One of these new factors is: Legal liability can't be transferred to the cloud provider. Breaches can cause the loss of intellectual property. Breaches can cause the loss of proprietary data. Many states have data breach notification laws.
Legal liability can't be transferred to the cloud provider.
Which of the following risks that private cloud operator face includes both inadvertent and malicious threat? natural disaster personnel threat malware regulatory compliance
personnel threat
a cloud that is owned and operated by an organization for its own benefit
private cloud
a company offers cloud services to any entity that wants to become a cloud customer, be it an individual, company, government agency, or other organization.
public cloud
Which of the following is the benefit of the community cloud deployment model that come with attendant risks? reliability accuracy shared cost provider longevity
shared cost