Network Defense Module 7.7.2 Cloud Security Quiz Questions Exam Answers
1. What are the two classes of encryption algorithms? (Choose two.)
Explanation: That’s not right.
Encryption algorithms belong to one of two classes, symmetric and asymmetric. Symmetric algorithms use a pre-shared key which is the same for sender and receiver. Asymmetric algorithms use two keys, one for encrypting and one for decrypting.
2. What term is used to describe the phenomenon of more VMs than can be managed effectively?
- VM Scaling
- VM Exhaustion
- VM Escape
- VM Sprawl
Explanation: VM Sprawl occurs when an organization has more VMs in the cloud than it can effectively control and manage.
3. Which cloud security domain covers the challenges of delivering, measuring, and communicating compliances when organizations migrate from traditional data centers to the cloud?
- Infrastructure Security
- Management Plane and Business Continuity
- Information Governance
- Compliance and Audit Management
Explanation: The Security Guidance for Critical Areas of Focus in Cloud Computing v4 document developed by the Cloud Security Alliance (CSA) covers 14 domains of cloud security. Some of these domains are:
- Infrastructure Security – describes cloud-specific aspects of infrastructure security and the foundation for operating securely in the cloud
- Information Governance – describes the need to ensure that the use of data and information complies with organizational policies, standards, and strategy including regulatory, contractual, and business objectives
- Compliance and Audit Management – describes challenges of delivering, measuring, and communicating compliance when organizations migrate from traditional data centers to the cloud
- Management Plane and Business Continuity – describes the need to secure the cloud computing management plane and business continuity and disaster recovery procedures
4. A company is deploying a product ordering system on a public cloud. The company IT specialist is working on security measures to protect the cloud resources. What are two possible negative impacts that should be considered when deploying a virtual firewall and an IPS appliance? (Choose two.)
- compatibility with VM operating systems
- routing issues associated with virtual security appliances
- traffic bottleneck
- possible VM escape attacks
- processor overloading
Explanation: Cloud computing customers can use virtual security appliances and software agents to secure the virtual environment. However, these tools may introduce bottlenecks when accessing resources or lead to processor overloading. The use of virtual appliances should be carefully evaluated and deployed.
5. What should be deployed to protect traffic confidentiality between a public cloud and a private cloud?
- proxy device
Explanation: A hybrid cloud contains a public cloud and a private cloud interconnected. A site-to-site VPN connection should be used to protect the traffic flow confidentiality between them.
6. In which type of environment would a developer run software to verify that required security settings are met prior to production deployment?
- sandbox environment
- development environment
- production environment
- staging environment
Explanation: The staging environment should closely match the production environment. This allows developers to verify that software can run under required security settings.
7. Which state of data refers to data moving between the CPU and the hard drive of a server?
- data in storage
- data in process
- data in transit
- data at rest
Explanation: Data in transit refers to any data that is being transmitted. This includes data moving between networks, between devices, or between motherboard components.
8. Which technology is used to verify the integrity of files to ensure they were not modified in transit?
- asymmetric encryption
- secure cookies
Explanation: Verification of file integrity is accomplished by using a checksum. If the checksum on the original file and the received file are the same then no change has occurred in transit.
9. Which threat type describes the case when cloud computing resources are set up incorrectly?
- inside threat
- cloud misconfiguration
- data breaches
- poor cloud security architecture strategy
Explanation: There are many threats associated with cloud computing including:
- inside threat – occurs when an employee, contractor, or business partner maliciously or unintentionally compromise the cloud service.
- data breaches – occurs when protected sensitive data is accessed by an unauthorized entity.
- cloud misconfiguration – occurs when the cloud computing resources are set up incorrectly making it vulnerable to attacks.
- poor cloud security architecture strategy – vulnerabilities introduced if the cloud security architecture is not fully understood or correctly implemented.
10. What term is used to refer to readable data in the context of the data encryption process?
Explanation: Readable data is called plaintext, while the encrypted version is encrypted text or ciphertext.
11. Which key component of virtualization allows for running multiple independent operating systems on one physical computing system?
Explanation: A hypervisor is a software or hardware program that builds a virtualization environment to support multiple independent virtual machines on one physical system. It is a key component of virtualization.
Oh, it’s hard to find anything about Cybersecurity courses of Cloud Security!