Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

C838: MANAGING CLOUD SECURITY 2026 WITH CORRECTANSWERS., Exams of Network security

Chamberlain College of NursingNetwork security

C838: MANAGING CLOUD SECURITY 2026 WITH CORRECTANSWERS.

Typology: Exams

2025/2026

Available from 03/03/2026

prof_mary011
prof_mary011 🇺🇸

2.8K documents

1 / 75

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
C838: MANAGING CLOUD SECURITY 2026 WITH
CORRECT ANSWERS.
Cloud Bursting -
Correct Answers - When a company uses its own
computing infrastructure for normal usage and accesses
the cloud when it needs to scale for high/peak load
requirements, ensuring a sudden spike in usage does not
result in poor performance or system crashes.
No; under current laws, liability and risk for safeguarding
PII and meeting regulations reside with the organization,
even if they have contracted with a cloud provider. -
Correct Answers - Can an organization transfer risk and
liability for safeguarding PII to a cloud provider?
- Elasticity
- Scalability -
Correct Answers - - The ability to acquire resources as
you need them and release resources when you no longer
need them
- This is similar, but usually relates more to environments
with more predictable workloads. Usually done in advance
to give resources room to grow. For example, purchasing
additional room to allow a database to grow larger in the
coming months due to projected business growth.
- SaaS
- PaaS; it is everything included in IaaS which the addition
of operating systems
- IaaS
- Physical access to the devices on which their data
resides -
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b

Partial preview of the text

Download C838: MANAGING CLOUD SECURITY 2026 WITH CORRECTANSWERS. and more Exams Network security in PDF only on Docsity!

C838: MANAGING CLOUD SECURITY 2026 WITH

CORRECT ANSWERS.

Cloud Bursting - Correct Answers - When a company uses its own computing infrastructure for normal usage and accesses the cloud when it needs to scale for high/peak load requirements, ensuring a sudden spike in usage does not result in poor performance or system crashes. No; under current laws, liability and risk for safeguarding PII and meeting regulations reside with the organization, even if they have contracted with a cloud provider. - Correct Answers - Can an organization transfer risk and liability for safeguarding PII to a cloud provider?

  • Elasticity
  • Scalability - Correct Answers - - The ability to acquire resources as you need them and release resources when you no longer need them
  • This is similar, but usually relates more to environments with more predictable workloads. Usually done in advance to give resources room to grow. For example, purchasing additional room to allow a database to grow larger in the coming months due to projected business growth.
  • SaaS
  • PaaS; it is everything included in IaaS which the addition of operating systems
  • IaaS
  • Physical access to the devices on which their data resides -

Correct Answers - - This cloud service model includes applications, CRM, hosted HR, and email

  • This model includes operating systems and is popular with DevOps for creating and testing software
  • This model includes hardware, blades, connectivity, and utilities; it is similar to a "warm site"
  • What does a customer give up in all three of these models?
  • The customer. The vendor provides all hardware, but not logical resources such as software
  • The vendor - Correct Answers - - Who is responsible for all logical resources, such as software, in an IaaS service model?
  • Who is responsible for administering, patching, and updating the OS in a PaaS service model?
  • Public
  • Private
  • Community - Correct Answers - - This type of cloud deployment model is owned by a specific company and offered to anyone who contracts it services.
  • This type of cloud is owned by a specific organization but is only available to users authorized by that organization; it is similar to a legacy IT structure or what used to be considered an itranet
  • This type of cloud features infrastructure and processing owned or controlled by distinct individuals and organizations, but they come together in some fashion to perform joint tasks; an example is the Playstation gaming network CASB (Cloud Access Security Broker) - Correct Answers - A software tool or service that enforces cloud-based security requirements such as IAM (Identity and Access Management). It is placed between

are in terms of security capabilities and to plan a roadmap to meet the security needs of their business.

  • Vendor Lock-in
  • Vendor Lock-out - Correct Answers - - This is when a customer may be unable to leave, migrate, or transfer to an alternate provider due to technical or non-technical constraints.
  • This is when a customer is unable to access their data because a cloud vendor has gone out of business or otherwise left the marketplace.
  • IaaS: the customer is responsible for everything from OS on down including choosing, installing, and administering software and supplying and managing data. Vendor provides buildings and hardware for the datacenter. The customer can still collect and review logs from the software. - Correct Answers - - In which Cloud Model does the customer have the most responsibility and authority?
  • PaaS - Correct Answers - - In which Cloud Model is the vendor responsible for installing and administering the OS but not other software?
  • SaaS; the vendor owns the hardware, software, and admin duties for both. The customer only supplies the data. The customer is essentially the same as a basic user in legacy IT environments: they have little to no admin rights or privileged accounts and few permissions and responsibilities. - Correct Answers - - In which Cloud Model does the customer have the least amount of control over the environment? Homomorphic Encryption -

Correct Answers - This technology is still theoretic. It would enable processing of encrypted data without the need to decrypt the data. It allows the cloud customer to upload data to a cloud service provider for processing without the requirement to decipher the data first. The Usefulness of the asset - Correct Answers - What is something that cannot be determined about assets by gathering business requirements? Delivering computing resources to a remote customer over a network - Correct Answers - What is a simple definition of Cloud Computing?

  • Ubiquitous: the resources are everywhere and can be accessed by a client with an internet connection
  • Convenient: easy for the client to use
  • On-demand: available whenever the client needs to use it and can be upgraded easily; for example, adding a new virtual with a few mouse clicks
  • Minimal management effort by client and minimal interaction with the cloud service provider; when you need to add that virtual server, you can do it easily yourself and do not need to send a request to AWS or speak to an AWS representative - Correct Answers - What are some features of cloud computing as defined by NIST? Cloud Service Partner - Correct Answers - Third party which is engaged in the support of, or auxiliary to, activities of either the cloud service provider or the cloud service customer or both. For example, they might help implement a cloud application, provide operational assistance, or help with security monitoring

Correct Answers - What should a client perform to determine if they should move to a cloud environment and which model they should select?

  • Cloud Service Providers
  • Cloud Service Partners - Correct Answers - - Who provides cloud computing services for sale to third parties?
  • Who provides add-on services to cloud computing?
  • Type 1 or bare-metal
  • Type 2 - Correct Answers - - Which type of hypervisor runs directly on top of the hardware and hosts guest OSs on top of that? This is the most common type of virtualization found in cloud data centers and in the cloud
  • With this type of hypervisor, the physical machine runs an OS of its own and the hypervisor runs as a program on top of the OS. This is commonly used on PCs
  • VM Escape attack
  • VM Sprawl - Correct Answers - - An attack that allows an attacker to access the host system from within a virtual machine. The primary protection is to keep hosts and guests up to date with current patches.
  • A vulnerability that occurs when an organization has created too many VMs and some aren't properly managed. Unmanaged VMs are not kept up to date with current patches.
  • Virtual Desktop Infrastructure (VDI), or Desktop Virtualization
  • Application Virtualization - Correct Answers - - A desktop operating system running within a virtual machine (VM) running on a server. For example, using Amazon WorkSpaces installed on a Mac

to access a VM in the cloud running Windows. The resources it uses are cloud-based, not on the local computer

  • This streams applications to a user's desktop EC2 (Elastic Compute Cloud) - Correct Answers - Amazon's web service that provides resizable computing capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Reduces the time required to obtain & boot new server instances.
  1. Block Storage: allocates a large chunk of storage for access as a disk volume managed by the OS
  2. File Storage: data stored and displayed as a file structure like in the legacy environment with hierarchical and naming functions
  • Object Storage: stores files as individual objects managed by the Cloud Service Provider. The client uploads files, and the provider has to figure out how to store them. Allows for significant level of description (marking, labels, classification, etc)
  • Both volume and object
  • Object storage is much less expensive b/c you are only paying for the storage you are using rather than paying for the equivalent of an entire disk drive - Correct Answers - - What are the two types of volume storage in the cloud?
  • What is the alternative to volume storage, usually associated with IaaS?
  • Which type of storage do Enterprise environments commonly need?
  • Which type of storage is less expensive?
  1. Block storage can use either magnetic drives (cheaper but slower) or solid state drives (faster but more expensive)

Correct Answers - - The process of managing and provisioning computer data centers through machine- readable definition files rather than manually configuring physical hardware. For example, using a baseline script to spin up a new Linux server instead of manually logging into a system and configuring it step by step.

  • What are three advantages of this? APIs - Correct Answers - What technology do cloud orchestration services use to interact with cloud service providers? These are coding components which allow applications to speak to each other, generally through a web interface Amazon EBS (Elastic Block Storage) - Correct Answers - What is an Amazon service that offers block storage volumes?
  • ISO 17789
  • Customer activities: use cloud services, perform service trials, monitor services, administer security, provide billing reports, handle problems, administer tenancies, perform business administration, select services, request audit reports
  • Provider activities: prepare systems and services, monitor services, manage assets, provide audit data, manage customer relationships, perform peering with other cloud providers, ensure compliance with laws & regulations, provide network connectivity
  • Partner activities vary depending on what services they provide, but can include any of the following: design, create, and maintain services, test services, perform audits, set up legal agreements, acquire and assess customers, assess the marketplace - Correct Answers - - This document is a cloud reference architecture. It lays out a common terminology framework

for providers, partners, and clients to communicate about roles & responsibilities. It defines different activities which are the responsibilities of different entities

  • What customer activities are defined in this document?
  • What cloud service provider activities are defined in this document?
  • What cloud service partner activities are defined in this document?
  1. Governance: ensures effective oversight of cloud use in an organization. This is how vendors are vetted and relationships are managed
  2. Auditability: a contract should state that a customer has the right to audit their cloud service provider
  3. Regulatory Oversight: any customer subject to regulations such as HIPAA, PCI, etc, needs to ensure their cloud service provider is also in compliance with them - Correct Answers - What three security and privacy conerns are introduced with a cloud environment in addition to the standard CIA triad?
  • Resiliency
  • Performance
  • Availability - Correct Answers - - This is the ability of the cloud infrastructure to withstand disruptive events
  • This is how well the cloud service can stand up to demands of the customer
  • This is what percentage of the time the cloud service is up and running and meeting customer needs
  • Reversibility or rollback plan
  • Portability
  • Interoperability -

out how best to use marketing funds by running simulations of consumer response and then using algorithms to prescribe behavior. - Correct Answers - What are several types of analytics in Machine Learning (ML)?

  • Blockchain
  • Originally created for cryptocurrency, but can also address important business needs where immutable ledgers would be useful, such as property ownership, tracking supply chains (ensuring items came from reputable sources and allowing regulators to track items easily), and tracking vital records such as passports, birth certificates, etc. - Correct Answers - - This is a distributed, immutable ledger. It can store records in a way that distributes those records among many different systems around the world and do so in a manner which prevents anyone from tampering with the records. It creates a data store that nobody can tamper with or destroy.
  • What was this originally created for, and what are three larger business applications for this technology?
  1. It is difficult or impossible for users to update the embedded OS
  2. They connect to our home or wireless networks, so if a device is compromised it can be the gateway for an attack
  3. IoT devices often connect back to cloud services for command & control, creating a path for attackers which bypasses firewalls - Correct Answers - What are three security challenges involving IoT devices?
  • ICS (Industrial Control System)
  1. Attacks have dramatic implications. Could disable a nation's power grid, or damage parts of a city's infrastructure.
  1. ICS devices are often not well secured.
  2. Systems are less likely to be current on patches because of requirements for high stability and availability. Some manufacturers even advise customers not to update the devices, ever. - Correct Answers - - A network or system used to support municipal services (sewage, electricity, gas, etc), industrial processes, and transportation systems, often full of IoT devices with embedded operating systems.
  • What are three reasons a threat actor might want to attack these types of devices?
  • Containers
  • Similar security concerns to VMs, especially strictly enforcing an isolation policy to ensure containers cannot access the data or resources allocated for other containers.
  1. VMs can be heavy. For example, if you have 10 VMs, you essentially have 10 different computers to maintain, 10 different copies of Windows to keep up to date & manage, etc. Containers package up application code and dependencies only, in a standardized format, so it can be easily moved between systems.
  2. Instead of running on a hypervisor, system-supporting containers run on a containerization platform. The platform provides a standard interface to the OS which allows the containers to function regardless of the OS and hardware.
  3. They do not have their own OS, and instead use the host's OS - Correct Answers - - These are the next evolution in virtualization. They are a lightweight way to package up an entire application and make it portable so it can easily move between hardware platforms.
  • What sort of security considerations do these have?
  • What are three ways this an improvement on traditional virtualization?
  • What cloud-related document did this agency create and what is it known for?
  1. Common Criteria technology certification. This is actually an ISO standard 15-408, which describes a certification program for technology, products, and services. Mostly applies to hardware and software products instead of services.
  2. The FedRAMP program (Risk and Authorization Management) is a centralized approach to certifying cloud service providers. It is run by the US General Services Administration and certifies the security of cloud services. Vendors can go to this single source for a certification which applies across the US government.
  3. FIPS 140-2: Describes the process used to approve cryptographic implementations for use in government applications. Any cryptographic algorithms used must in compliance. - Correct Answers - What are three federal government programs which are of interest to cloud security professionals?
  4. Create: where the data owner is identified; new data is generated, either directly in the cloud or in an on-premises system that will move to the cloud. Also includes modifications to existing data.
  5. Store: data is placed into one or more storage systems (e.g. block or object cloud storage)
  6. Use: where active use of the data takes place. Users view and process the data.
  7. Share: data is made available to other people through one or more sharing mechanisms, such as providing a link to a file or modifying access controls
  8. Archive: when data is no longer being actively used. It is retained in long term storage and not immediately accessible but can be restored if necessary
  1. Destroy: data is destroyed when no longer needed. Should take place using a secure method.
  • Not all of these steps are followed in order, and not every piece of data will use all of these steps - Correct Answers - - What are the six stages of the Cloud Data Lifecycle?
  • What is something to keep in mind in terms of use with the Cloud Data Lifecycle?
  1. Raw disk storage: permanently allocated storage space that exists independently of a server instance
  2. Ephemeral storage: temporary storage associated with a specific instance that is destroyed when the instance is stopped. This is faster, but temporary storage only - Correct Answers - What are two types of block storage? Data Dispersion - Correct Answers - A core principal of business continuity which states that important data should always be stored in more than one location to ensure that a copy of the data exists even if a copy is destroyed Asymmetric cryptography - Correct Answers - Which type of cryptography allows for nonrepudiation?
  • Out-of-band key exchange
  • In-band key exchange
  • Diffie-Helman: it is a way to do in-band key exchange securely
  • ECDH (Elliptical Curve Diffie Helman) - Correct Answers - - Involves the use of a separate, independent channel, such as snail mail, USB stick, or even a different network connection, to send an encryption key to the authorized users.
  • Involves using the same communications channel you are using to send the message to send the encryption key.

Correct Answers - - A device that can safely store and manage encryption keys and perform cryptographic operations. They can be used in servers, data transmission, protecting log files, etc.

  • What are the three security levels for these devices as defined in FIPS 140-2?
  • WOT (Web Of Trust)
  • Its decentralized approach makes it hard to manage, there is a high barrier to entry for new participants, and it requires a good deal of technical knowledge from the end user - Correct Answers - - What trust model is used by PGP and uses indirect approval such as you might find on LinkedIn where someone you know can vouch for someone you don't know?
  • What are problems with this model?
  • Message Digest
  • MD
  • SHA-
  • RIPEMD - Correct Answers - - What is another term for Hash?
  • Which 128-bit hashing algorithm was created by Ron Rivest in 1991, but is now insecure?
  • Which (still secure) algorithm was created by NIST and uses the Keccak algorithm?
  • Which algorithm of Belgian origin was created as an alternative to the above, for those who are leery of using an algorithm created by the US gov't, and supports Bitcoin transactions?
  • HMAC (Hash-Based Message Authentication Code)
  • With the user's PRIVATE key, then decrypted with the recipient's public key
  • A digital signature; it is simply a message digest encrypted with the sender's private key -

Correct Answers - - What combines symmetric cryptography with hashes to provide authentication and integrity for message?

  • How are these hashes encrypted?
  • What is this output called?
  • X.
  1. Create a CSR (Certificate Signing Request) which contains the requestor's public key
  2. Send the CSR to a CA (Certificate Authority)
  3. The CA verifies identity of the requestor
  4. Once verified, the CA creates the X.509 certificate and digitally signs it using the CA's private key, then sends the certificate back to the requestor - Correct Answers - - What standard is used for creating digital signatures?
  • What are the four steps in obtaining a digital certificate?
  1. The CRL (Certificate Revocation List): the CA places the serial number of the certificate to be revoked on the list. This often has time delays and can be slow if everyone is constantly downloading the latest CRL from each CA
  2. The OCSP (Online Certificate Status Protocol): CAs provide a real-time service that allows users to verify that a certificate is not revoked. Most modern web browsers use this method, except Google Chrome which uses its own proprietary method - Correct Answers - What are two methods of revoking a digital certificate?
  • No, it is only a protocol which uses different encryption algorithms
  • SSL
  • HTTP for secure web browsing via HTTPS
  1. Client sends the TLS request listing which cipher suites they support