Skillsoft - Final Exam: Cloud Security
Which offering from Amazon allows you to run the AWS infrastructure on-premise?
A) Amazon CloudFront B) Amazon Outpost C) Global Accelerator D) Amazon Lightsail B
Which type of Service Organization Control (SOC) report deals with availability, integrity, and confidentiality of information?
A) SOC 3 B) SOC 1 C) SOC 4 D) SOC 2 D
When using an AWS account, what is the maximum number of characters that you can use in a password?
A) 128 B) 256 C) 24 D) 64 A
Which of the following AWS tool can integrate with SAML 2.0, Active Directory, or any type of LDAP directory?
A) AWS GuardDuty B) Web Application Firewall C) AWS SSO and Cognito D) AWS Shield and Inspector C
In the AWS environment, you need to implement a fully managed threat detection service that can continuously monitor for malicious or unauthorized behavior. You intend to protect your AWS accounts and different applications and database workloads. Which of the following tool should you implement?
A) AWS GuardDuty B) Web Application Firewall C) AWS Shield and Inspector D) AWS SSO and Cognito A
You want to protect your virtual infrastructure in AWS from any kind of denial of service attack. Which of the following tool should you use?
A) AWS SSO and Cognito B) Web Application Firewall C) AWS Shield and Inspector D) AWS GuardDuty C
In the cloud environment, you are transferring a set of files from one virtual machine to another one. Which of the following data function are you performing?
A) Access B) Store C) Transfer D) Process A
If you are going to move your data to the cloud, which of the following precautions should you apply? [Choose all that apply.]
A) Apply the IT governance guidelines B) Define who will audit the data C) Classify the data D) Define the access given on the data A, C, D
In the AWS environment, which of the following factors are attained if you use the access keys? [Choose all that apply.]
A) Authenticity B) Anti-replay protection C) Integrity D) Confidentiality E) Availability B, C
In the Parkerian hexad, which of the additional information is added to the CIA Triad? [Choose all that apply.]
A) Authorization B) Compression C) Ownership D) Utility E) Possession F) Authenticity D, E, F
Which of the following countermeasure strategies would be most appropriate in the cloud environment? [Choose all that apply.]
A) Avoid using the compensating controls B) Implement a redundant control for every control C) Use as much automation as possible D) Implement multiple layers of controls B, C, D
In the IaaS cloud deployment model, which of the following security controls are the sole responsibility of a customer? [Choose all that apply.]
A) CCTV B) Certificates C) Sensors D) Side-to-side VPNs E) Security Guards B, D
In the cloud deployments, who is responsible for maintaining availability, integrity, and confidentiality?
A) Cloud Service Provider B) Cloud Services Broker C) Cloud Service Provider and Consumer D) Cloud Consumer C
Which of the following terminology defines the movement of applications and data from one cloud service provider to another one?
A) Cloud migration B) Cloud management C) Cloud enablement D) Cloud portability D
You have subscribed to several services with a cloud service provider. What is the role that you are playing in cloud computing?
A) Cloud services brokerage (CSB) B) Cloud computing reseller C) Cloud consumer D) Cloud backup service provider C
If you are reviewing the organizational charts, which type of data are you dealing with?
A) Confidential B) Restricted C) Internal Only D) Public C
You are responsible for storing the data as per the defined business rules. Which role are you playing?
A) Data Processor B) Data subject C) Data custodian D) Data controller E) Data owner C
Which of the following challenges create roadblocks in cloud forensics? [Choose all that apply.]
A) Data volatility B) Multitenancy C) Cloud deployment model Elasticity D) Control over data E) Evidence acquisition A, B, D, E
Which type of threat is likely to occur with the use of phishing?
A) Denial of Service B) Attack on insecure API C) Data Loss D) Account and service traffic hijacking D
You have your infrastructure hosted in the cloud. If there is a need to perform the e-discovery process, which of the following challenge are you likely to face?
A) Difficulty in extracting the relevant information B) Running the e-discovery tools C) Getting online access to the relevant system D) Granting access to the relevant users A
On a virtual machine in the cloud environment, you find a file is taking much time to open and save. Applications are also taking the time to write data. Which of the following system component should you monitor for performance?
A) Disk B) Memory C) Network D) CPU A
Which of the following security threats are likely to arise with the poor implementation of Identity and Access Management (IAM)? [Choose all that apply.]
A) Distributed denial-of-service attacks B) Cryptojacking attacks C) Credentials creep D) Loss of access keys E) Privilege creep C, E
You want to access a private network on the Amazon cloud from an external network. You want to ensure there are minimal chances of penetration, and the access to the private network is secured. Which of the following tool will help you achieve this?
A) Firewall B) Bastion Host C) Secure Shell D) Intrusion Prevention System (IPS) B
Which of the following framework focuses on the protection of privacy and trans-border flow of personal data?
A) General Data Protection Regulation B) EU Directive 95/46/EC C) Organization for Economic Cooperation and Development (OECD) D) Asia-Pacific Economic Cooperation Privacy Framework C
Which type of attack will allow the attacker to gain control over the virtual machines, running applications, and the host?
A) Hypervisor attack B) VM attack C) Virtual switch attack D) Virtual network attack A
Which data privacy act enforces restrictions on data held with federal agencies?
A) ISO 27001 B) US Privacy Act of 1974 C) Gramm-Leach-Biley Act (GLBA) D) Sarbanes-Oxley Act (SOX) B
In which of the cloud deployment models does the data security becomes the responsibility of the cloud consumer?
A) IaaS and PaaS B) SaaS and PaaS C) IaaS, SaaS, and PaaS D) IaaS and SaaS C
You are planning to implement incident management on the cloud infrastructure. Which of the following purposes should you define for the incident management? [Choose all that apply.]
A) Identify and implement the new configurations B) Restore the business operations as quickly as possible C) Implement the change management processes D) Ensure stability of the quality and availability of the services E) Minimize the impact on the operations B, D, E
If you are using cryptographic hashing to compare two files, which of the following factor are you checking?
A) Integrity B) Availability C) Confidentiality D) Authenticity A
From a cloud service provider's point of view, when comparing physical security with logical security, which of the following should be given more priority?
A) It depends where your data is B) Logical security C) Physical security D) Both logical and physical security D
If you are implementing a Web Application Firewall in the AWS, which ISO layer are you trying to protect?
A) Layer 6 B) Layer 3 C) Layer 4 D) Layer 7 D
If you need to create a continuity management plan, which of the following component should you include? [Choose all that apply.]
A) List the services that will be excluded from the plan B) Define the stakeholder who will initiate the plan C) Define the roles and responsibilities D) Define the backup systems and their capacity E) Define the recovery processes and procedures F) Define triggers that will initiate the plan C, D, E, F
You have been hired to manage a private cloud. You have been asked to use a tool to create, stop, or start a virtual machine instance remotely. Using this tool, you should also be able to perform a live migration of virtual machines. Which tool is being referred to here?
A) Management plane B) Compute controller C) Hypervisor D) Compute pool A
You manage a private cloud for your organization. You have been asked to allow a few vendors to access the data using an application that is hosted on the private cloud. You need to ensure the integrity and confidentiality of the data hosted on the private cloud but also allow the vendors to access relevant data. Which of the following solution should you implement? [Choose all that apply.]
A) Move the servers to the DMZ network B) Configure a jump server in its trust zone C) Create a new network segment and host vendors' data D) Create an application trust zone and allow access E) Configure the firewall rules to permit limited access B, D
Which of the following factors represent the redundancy in a data center? [Choose all that apply.]
A) Multiple virtual machines B) Multiple leased lines C) Multiple power distribution units D) Multiple building entrances E) Multiple power lines B, C, D, E
You have received a notification from a software vendor that several patches have been released. After you download these patches, what is the next step that you should perform?
A) Perform an audit of the virtual machines B) Deploy the patches C)Test the patches D) Prioritize the deployment of the patches D
You have just created a new account with Amazon Web Services. You need to deploy a small network and launch several virtual machines. Before you do this, which of the following task should you complete?
A) Plan for NAT configuration B) Design the virtual private cloud (VPC) C) Deploy a jump server in the public subnet D) Plan for the Internet gateway implementation B
When creating a BCDR plan, you are translating the BCDR requirements into inputs that you will use in the design phase. Which of the following phase of BCDR plan creation are you in?
A) Planning B) Designing C) Analysis D) Gathering Requirements C
If you need to have elasticity for the resources in a cloud, which deployment model should you adopt? [Choose all that apply.]
A) Private B) Public C) Community D) Outsourced B, D
Which of the following are characteristics of a Linux security group in Amazon Web Services (AWS)? [Choose all that apply.]
A) Processes the rules in numbered order B) Applies to all instances in the subnet C) Supports only whitelisting rule D) Functions at the instance level C, D
In which phase of the IAM in an enterprise, will you define the account creation process?
A) Provisioning and deprovisioning B) Centralized directory service C) Privileged user management D) Authentication and access management A
On your private cloud, you need to configure specific resources to be exposed externally. Which of the following method should you use to meet this goal? [Choose all that apply.]
A) Put them in a DMZ network B) Separate them from the internal components C) Segregate them into an isolated network D) Expose them only through the VPN A, B
If you are conducting an audit with a cloud service provider, which of the following two factors, are you checking for? [Choose all that apply.]
A) Quality B) Data validity C) Compliance D) Data Confidentiality E) Data Integrity A, C
On your cloud infrastructure, you have configured to the firewall to allow traffic only from one public IP. Which of the network functionality have you used?
A) Rate limiting B) Routing C) Access control D) Filtering D
Which of the following statement is correct about a risk? [Choose all that apply.]
A) Risk is focused on the potential of future events, not the present events B) All types of risk can be avoided using a risk mitigation plan C) A risk mitigation plan is a full proof method to eliminate all risks D) Risk is a potential or probability of a loss that may occur E) Risk is always not avoidable and can happen A, D, E
In the AWS KMS encryption, when S3 has the keys necessary to perform the encryption, which of the following steps are performed? [Choose all that apply.]
A) S3 combines the file with the plain text key B) S3 makes a copy of the plain text key and deletes the original C) S3 stores the encrypted data key along with the encrypted file D) S3performs AES 256 encryption on the file and plain text key A, C, D
Which of the following is a corrective physical control?
A) Sensors B) Guards C) Fences D) CCTV Camera E) Fire extinguisher E
You have a set of critical files that are no longer actively used. You have moved these files from the central file server to the backup file server. Which phase of the data lifecycle are you in?
A) Share B) Use C) Archive D) Store C
Which of the following is an example of a physical control?
A) Smart Cards B) Tokens C) Swipe Cards D) Firewalls C
Which of the following can be a user in the Identity and Access Management (IAM) on Amazon AWS?
A) System and Application B) Individual and System C) The system, Individual, and Application D) Individual and Application C
You are planning to set up a new business continuity site with a cloud service provider. Which of the following capabilities should you check with the cloud service provider? [Choose all that apply.]
A) The disaster recovery functionality available B) The available resources C) The number of users can simultaneously work D) The amount of storage available E) The speed at which recovery can be performed A, B, E
Which principle of ISO/IEC 27018 is focused on the consumers and their control over how cloud service providers handle their information?
A) Transparency B) Communication C) Consent D) Audit E) Control E
You are a cloud administrator of your organization's private cloud. You are worried about the security of the data residing in the virtual machines. You need to ensure that you protect the data along with the virtual machines. Which of the following methods would be most appropriate to implement? [Choose all that apply.]
A) Use trust zones to segregate the physical infrastructure B) Implement layered security controls C) Log all access to the management plane D) Implement the physical controls in the cloud data center E) Harden the management plane components A, B, C, E
In Amazon Web Services (AWS), which type of peering connections are possible? [Choose all that apply.]
A) VPCs with the hardware devices B) VPCs with VPCs with other cloud service provider C) VPCs with other VPCs of a vendor D) VPCs within your account C, D
Which type of challenges is likely to arise in the distributed IT model? [Choose all that apply.]
A) Varying level of information completeness B) Retrieval of information from varying sources C) No access to the evidence in case of a threat arises D) Different types of reporting formats A, B, D
You need to implement an IRM solution for desktops and mobiles. The users using desktops and mobiles should be able to read the IRM protected documents. What is the task that you should perform before implementing the IRM solution?
A) Verify the compatibility of IRM solution with desktops and mobiles B) Gain administrative privileges on desktops and mobiles C) Upgrade the operating system of desktops and mobiles D) Update all desktops and mobile devices A
On Amazon AWS, you are using TLS certificates from your certificate authority. If there is a need to renew these certificates, which of the following entity will perform the renewal?
A) Web Application Firewall B) AWS GuardDuty C) AWS Shield and Inspector D) AWS Certificate Manager E) AWS SSO and Cognito D
Which of the following recommendation from Amazon is correct about the secret access key?
A) You should store the access key in a safe place B) You should backup the access key C) You should use the access key D) You should delete the access key D
What is likely to happen if you use server-side AES-256 from S3 on an object that you have uploaded?
A) You will need to use the master keys across all services B) You will need to rotate the keys manually C) You will manage your keys centrally D) The encryption will be applied at the client-side B
After creating the root account on Amazon, you did choose the option to create the access key. What is likely to happen to the root account in this scenario?
A) You will not be able to use the root account B) You will be forced to use an alternate account instead of the root account C) Amazon will force you first to create the access key D) You can log in with your E-mail account and use multi-factor authentication D