Download WGU - Managing Cloud Security - C838 and more Exams Advanced Education in PDF only on Docsity!
WGU - Managing Cloud Security -
C
What are the 4 characteristics of cloud computing? - CORRECT ANSWER ✔✔✔ Broad network access On-demand services Resource Pooling Measured or "metered" service What NIST publication number defines cloud computing? - CORRECT ANSWER ✔✔✔ 800- What ISO/IEC standard provides information on cloud computing? - CORRECT ANSWER ✔✔✔ 17788 What is another way of describing a functional business requirement? - CORRECT ANSWER ✔✔✔ necessary What is another way of describing a nonfunctional business requirement? - CORRECT ANSWER ✔✔✔ not necessary What is the greatest driver pushing orgs to the cloud? - CORRECT ANSWER ✔✔✔ Cost savings What is cloud bursting? - CORRECT ANSWER ✔✔✔ Ability to increase available cloud resources on demand What are 3 characteristics of cloud computing? - CORRECT ANSWER ✔✔✔ Elasticity Simplicity Scalability What is a cloud customer? - CORRECT ANSWER ✔✔✔ Anyone purchasing cloud services What is a cloud user? - CORRECT ANSWER ✔✔✔ Anyone using cloud services What are the three cloud computing service models? - CORRECT ANSWER ✔✔✔ SaaS(Software as a service) PaaS(Platform as a service) IaaS(Infrastructure as a service) What is IaaS (Infrastructure as a Service)? - CORRECT ANSWER ✔✔✔ Cloud provider provides all the physical capability and administration, while the customer is responsible for logical resources.
What is PaaS (Platform as a Service)? - CORRECT ANSWER ✔✔✔ A cloud computing service that provides the hardware and the operating system and is responsible for updating and maintaining both. What is SaaS (Software As A Service)? - CORRECT ANSWER ✔✔✔ Cloud provider manages everything. What are the four cloud deployment models? - CORRECT ANSWER ✔✔✔ Public Private Community Hybrid What cloud model is owned by a single organization? - CORRECT ANSWER ✔✔✔ Private What cloud model is an arrangement of two or more cloud servers? - CORRECT ANSWER ✔✔✔ Hybrid What cloud model is a shared setup between orgs? - CORRECT ANSWER ✔✔✔ Community What cloud model is open for free usage? - CORRECT ANSWER ✔✔✔ Public What is a cloud service provider? - CORRECT ANSWER ✔✔✔ Cloud service provider manages and provides entire hosting ability What is a Cloud Access Security Broker? - CORRECT ANSWER ✔✔✔ Third-party acting as an intermediary for identity and access management What do regulators do? - CORRECT ANSWER ✔✔✔ Ensure organizations are in compliance with regulatory framework. What word in the CIA triad describes: What protects information from unauthorized access/dissemination? - CORRECT ANSWER ✔✔✔ Confidentiality What word in the CIA triad describes: Ensuring that information is not subject to unauthorized modification? - CORRECT ANSWER ✔✔✔ Integrity What word in the CIA triad describes: Ensuring that authorized users can access the information when they are permitted to do so? - CORRECT ANSWER ✔✔✔ Availability What is a cloud architect? - CORRECT ANSWER ✔✔✔ Expert in cloud computing What is cloud os also known as? - CORRECT ANSWER ✔✔✔ PaaS NIST standard number that lists accredited and outmoded cryptosystems - CORRECT ANSWER ✔✔✔ FIPS 140- customer may be unable to leave, migrate, or transfer to an alternate provider due to technical or non-technical constraints. - CORRECT ANSWER ✔✔✔ vendor lock-m
In risk, what is the avoidance method? - CORRECT ANSWER ✔✔✔ Avoiding high risk In risk, what is the acceptance method? - CORRECT ANSWER ✔✔✔ Acceptable level of risk In risk, what is an example of the avoidance method? - CORRECT ANSWER ✔✔✔ Insurance In risk, what is the mitigation method? - CORRECT ANSWER ✔✔✔ Controls or countermeasures Assets can be what? - CORRECT ANSWER ✔✔✔ Tangible Intangible Personnel What does Business Impact Analysis do? - CORRECT ANSWER ✔✔✔ Defines which of the assets provide the intrinsic value of an organization. What is risk appetite - CORRECT ANSWER ✔✔✔ Level, Amount, or Type of risk that an org finds acceptable What is the IaaS boundary? - CORRECT ANSWER ✔✔✔ The provider is responsible for connectivity and power and the customer is in charge for installation of software. What is the PaaS boundary? - CORRECT ANSWER ✔✔✔ The provider is responsible for updates and administration of the OS and the customer monitors and reviews software events. What is the SaaS boundary? - CORRECT ANSWER ✔✔✔ The provider is responsible for system maintenance and the customer supplies and processes data to and in the system. What should encryption be used for in a cloud datacenter? - CORRECT ANSWER ✔✔✔ Long-term storage/archiving Protecting near-term stored files, such as snapshots of virtualized instances Preventing unauthorized access to specific datasets by authorized personnel What should encryption be used for in communications between cloud providers and users? - CORRECT ANSWER ✔✔✔ Creating secure sessions Ensuring the integrity and confidentiality of data in transit What are 4 controls/mechanisms a cloud provider should play a role in in layered defense? - CORRECT ANSWER ✔✔✔ Strong personnel controls Technological controls Physical controls Governance mechanisms
In cloud layered defense what are examples of personnel controls? - CORRECT ANSWER ✔✔✔ background checks continual monitoring In cloud layered defense what are examples of technological controls? - CORRECT ANSWER ✔✔✔ encryption event logging access control enforcement In cloud layered defense what is an examples of physical controls? - CORRECT ANSWER ✔✔✔ access to overall campus In cloud layered defense what is an example of governance mechanisms? - CORRECT ANSWER ✔✔✔ auditing What are ways for securing devices in a datacenter? - CORRECT ANSWER ✔✔✔ Guess accounts removed no default passwords systems are patched, maintained and updated unused ports are closed limited physical access What is layered defense? - CORRECT ANSWER ✔✔✔ The practice of having multiple overlapping means of securing the environment with a variety of methods Who determines risk appetite? - CORRECT ANSWER ✔✔✔ senior management Experimental technology of processing encrypted data w/o decrypting it first? - CORRECT ANSWER ✔✔✔ Homomorphic T/F: Data owners remain legally responsible for all data they own - CORRECT ANSWER ✔✔✔ True What are four ways an org might categorize data? - CORRECT ANSWER ✔✔✔ Regulatory compliance business function function unit by project What are three examples of classification? - CORRECT ANSWER ✔✔✔ sensitivity jurisdiction criticality
What are five examples of exceptions under copyright laws? - CORRECT ANSWER ✔✔✔ Fair use satire library preservation personal backup versions for people with physical disabilities What is copyright? - CORRECT ANSWER ✔✔✔ protection of written material or ideas What is a trademark? - CORRECT ANSWER ✔✔✔ a symbol, word, or words legally registered or established by use as representing a company or product. What is a patent? - CORRECT ANSWER ✔✔✔ legal mechanism for protecting intellectual property in the form of inventions, processes, materials, decorations, and plant life What are trade secrets? - CORRECT ANSWER ✔✔✔ Any form of knowledge or info that has economic value from not being known to others, or readily ascertainable by proper means and has been the subject of reasonable efforts by the owner to maintain secrecy What are rudimentary reference checks? - CORRECT ANSWER ✔✔✔ Content itself can automatically check for proper usage or ownership What is the presence of licensed media? - CORRECT ANSWER ✔✔✔ DRM engine on the media identifies the unique disk What are online reference checks? - CORRECT ANSWER ✔✔✔ Product key What is support-based licensing? - CORRECT ANSWER ✔✔✔ the need for continual help for content What are local agent checks? - CORRECT ANSWER ✔✔✔ Installed reference tool that checks the protected content against the user's license What are four examples of conflicts that are posed while employing DRM to the cloud? - CORRECT ANSWER ✔✔✔ API Replication Jurisdiction Enterprise What are six retention policies that should be included in data retention? - CORRECT ANSWER ✔✔✔ retention periods applicable regulation retention formats
data classification archiving and retrieval procedures monitoring, maintenance, and enforcement What are four legacy examples of data destruction? - CORRECT ANSWER ✔✔✔ Physical destruction of media and hardware degaussing overwriting Cryptoshredding data retention policy: Retention period - CORRECT ANSWER ✔✔✔ how long data should be kept data retention policy: data classification - CORRECT ANSWER ✔✔✔ how and when data should be categorized data retention policy: retention format - CORRECT ANSWER ✔✔✔ how data is achieved and stored data retention policy: applicable regulation - CORRECT ANSWER ✔✔✔ senior management's decision to resolve conflict in policy What is jurisdiction? - CORRECT ANSWER ✔✔✔ geophysical location of the source or storage point of the data might have significant bearing on how that data is treated and handled What is a data audit? - CORRECT ANSWER ✔✔✔ A powerful tool to regularly review, inventory, and inspect usage and condition of the information that an organization owns. What does copyright not protect? - CORRECT ANSWER ✔✔✔ ideas, facts, titles, names, short phrases, blank forms Who is the data processor in the cloud motif? - CORRECT ANSWER ✔✔✔ Cloud provider What isn't included in data labels? - CORRECT ANSWER ✔✔✔ Data value What is the intellectual property protection for the tangible expression of a creative idea? - CORRECT ANSWER ✔✔✔ Copyright What federal agency accepts applications for new patents? - CORRECT ANSWER ✔✔✔ USPTO What is the intellectual property protection for a very valuable set of sales leads? - CORRECT ANSWER ✔✔✔ Trade secret What is the intellectual property protection for a useful manufacturing innovation? - CORRECT ANSWER ✔✔✔ Patent
What is volume storage? - CORRECT ANSWER ✔✔✔ allocates a storage space within the cloud; this storage space is represented as an attached drive to the user's virtual machine What are two types of volume storage architecture? - CORRECT ANSWER ✔✔✔ File Block Volume storage is associated with what infrastructure model? - CORRECT ANSWER ✔✔✔ Infrastructure as a Service(IaaS) What is object-based storage? - CORRECT ANSWER ✔✔✔ Data is stored as objects What is a database? - CORRECT ANSWER ✔✔✔ Provides some sort of structure for stored data; it is backend storage in the datacenter, accessed by users utilizing online apps What is a content delivery network? - CORRECT ANSWER ✔✔✔ Acts as a form of data caching, usually near geophysical locations of high use demand, improves bandwidth and provides quality What are three levels of encryption related to databases? - CORRECT ANSWER ✔✔✔ File-level Transparent application-level When the database is stored on a volume, what encryption type should be used? - CORRECT ANSWER ✔✔✔ file-level When wanting to encrypt the entire database or specific portions of it, what type of encryption should be used? - CORRECT ANSWER ✔✔✔ transparent When should application-level encryption be used with a database? - CORRECT ANSWER ✔✔✔ compromised administrative accounts other database and application-level attacks What is tokenization? - CORRECT ANSWER ✔✔✔ Practice of having two distinct databases: one with the live, actual sensitive data, and one with nonrepresentational tokens mapped to each piece of data What are the four goals of Security Information and Event Management(SIEM)? - CORRECT ANSWER ✔✔✔ Centralize collection of log data enhanced analysis capabilities dashboarding automated response What does DLP in egress monitoring stand for? - CORRECT ANSWER ✔✔✔ data loss, leak prevention, and protection
What are the four major goals of DLP? - CORRECT ANSWER ✔✔✔ Additional security Policy Enforcement Enhanced Monitoring Regulatory compliance What is randomization - CORRECT ANSWER ✔✔✔ replacement of data with random characters What is hasing? - CORRECT ANSWER ✔✔✔ Using a one-way cryptographic function to create a digest of the original data What is shuffling - CORRECT ANSWER ✔✔✔ Using different entries from within the same data set to represent the data What is masking? - CORRECT ANSWER ✔✔✔ Hiding the data with useless characters What are nulls? - CORRECT ANSWER ✔✔✔ deleting the raw data from the display before it is represented or displaying null What is key recovery? - CORRECT ANSWER ✔✔✔ A procedure that involves multiple people, each with access to only a portion of the key What is block storage? - CORRECT ANSWER ✔✔✔ A blank volume that the customer or user can put anything into and it might allow more flexibility and higher performance What is the U.S. Commerce Department controls on technology exports? - CORRECT ANSWER ✔✔✔ Export Administration Regulations(EAR) What is the U.S. State Department controls on technology exports? - CORRECT ANSWER ✔✔✔ International Traffic in Arms Regulations(ITAR) T/F: Cryptographic keys for encrypted data stored in the cloud should be stored with cloud provider. - CORRECT ANSWER ✔✔✔ False What is the practice of obscuring raw data where only a portion is displayed for operational purposes? - CORRECT ANSWER ✔✔✔ Masking What are third-party providers of IAM functions for the cloud environment? - CORRECT ANSWER ✔✔✔ Cloud Access Security Broker(CASB) T/F: The goals of DLP include elasticity - CORRECT ANSWER ✔✔✔ False T/F: Risk and responsibilities will be shared between the cloud provider and customer - CORRECT ANSWER ✔✔✔ True T/F: The customer is concerned with dat, whereas the provider is concerned with security and operation - CORRECT ANSWER ✔✔✔ True
Privilege escalation Information bleed Legal activity What are 3 risks associated with Infrastructure as a Service(Iaas)? - CORRECT ANSWER ✔✔✔ Personnel threats External threats Lack of specific skillsets what are 4 risks associated with Platform as a service(Paas)? - CORRECT ANSWER ✔✔✔ Interoperability issues Persistent backdoors Virtualization Resource Sharing What are 3 risks associated with Software as a service(SaaS)? - CORRECT ANSWER ✔✔✔ Proprietary formats Virtualization Web application security What are 4 risk with virtualization? - CORRECT ANSWER ✔✔✔ Attacks on the hypervisor Guest escape Information bleed Data seizure What is a type 1 hypervisor? - CORRECT ANSWER ✔✔✔ Installed on top of a bare metal install, bootable software what is a type 2 hypervisor? - CORRECT ANSWER ✔✔✔ Applications that run on a standard OS What are 8 threats to a private cloud? - CORRECT ANSWER ✔✔✔ malware internal threats external attackers man in the middle social engineering theft or loss of devices regulatory violations
natural disasters What three additional concerns from a private cloud apply to a community cloud - CORRECT ANSWER ✔✔✔ Loss of policy control loss of physical control lack of audit access What are three additional threats to public clouds from community and private clouds? - CORRECT ANSWER ✔✔✔ rogue administrator privilege escalation contractual failure What are three methods of using cloud backups for business continuity / disaster recover(BC/DR)? - CORRECT ANSWER ✔✔✔ Private architecture, cloud service as a backup Cloud operations, cloud provider as backup Cloud operations, third-party cloud backup provider What are some examples of cloud computing external threats? - CORRECT ANSWER ✔✔✔ malware, hacking, man-in-the-middle What is a personnel threats? - CORRECT ANSWER ✔✔✔ Malicious or negligent insider who can cause negative impact, as they have physical access to the resources What is resource sharing? - CORRECT ANSWER ✔✔✔ Programs and instances run by the customer that will operate on the same devices used by other customers, sometimes simultaneously What is an interoperability issue? - CORRECT ANSWER ✔✔✔ Customer's software may not function properly with each new adjustment in the environment if the OS is updated by the provider What is a data seizure? - CORRECT ANSWER ✔✔✔ Legal activity that might results in a host machine being confiscated or inspected by law enforcement or plaintiffs' attorneys What is guest escape? - CORRECT ANSWER ✔✔✔ improperly designed or poorly configured hypervisor might allow for a user to leave the confines of their own virtualized instance What is information bleed? - CORRECT ANSWER ✔✔✔ Possibility that processing performed on one virtualized instance may be detected by other instances on the same host What are three techniques to enhance the portability of data and avoid vendor lock- in - CORRECT ANSWER ✔✔✔ Favorable contract terms
What are three methods to protect data in transit? - CORRECT ANSWER ✔✔✔ Encryption Virtual private network Strong authentication What creates a secure tunnel across an untrusted network? - CORRECT ANSWER ✔✔✔ Virtual private network What reduces the possibility that someone would be unable to acquire raw data in plaintext? - CORRECT ANSWER ✔✔✔ Encryption What uses robust tokens and requires mutifactor verification reducing unauthorized user access? - CORRECT ANSWER ✔✔✔ Strong authentication What cloud service type: Cloud provider maintains physical security control of the facility and the cloud customer provides all other security - CORRECT ANSWER ✔✔✔ PaaS What cloud service type: Cloud provider maintains infrastructure's physical security and the cloud customer is responsible for access and administration. - CORRECT ANSWER ✔✔✔ SaaS What cloud service type: Cloud provider is responsible for physical security of the facility and systems. - CORRECT ANSWER ✔✔✔ IaaS Removing unnecessary services and libraries, closing unused ports, limiting administrator access, ensuring event logging is enabled, are examples of what? - CORRECT ANSWER ✔✔✔ hardening Who facilitates the data access method: The customer will provision, manage, and remove user accounts without input or cooperation with the cloud provider if the cloud customer retains control. - CORRECT ANSWER ✔✔✔ Customer directly administers access Who facilitates the data access method: The user submits a request to the provider, either directly or through some point of contact, the provider verifies and then assigns - CORRECT ANSWER ✔✔✔ Provider administers access on behalf of the customer Who facilitates the data access method: The user requests to a local administrator, and the administrator verifies the account and then assigns the appropriate access and permissions - CORRECT ANSWER ✔✔✔ Third-party administers access on behalf of the customer How many SOC report categories are there? - CORRECT ANSWER ✔✔✔ 3 What SOC report audits the financial reporting instruments of a corporation and consists of two subclasses - CORRECT ANSWER ✔✔✔ SOC 1
What SOC intends to report audits of controls on an organization's security, availability, processing integrity, and privacy - CORRECT ANSWER ✔✔✔ SOC 2 What SOC contains no actual data about the security controls of the audit target and is also known as seal of approval - CORRECT ANSWER ✔✔✔ SOC 3 What helps the customer to seek financial restitution for damages caused to them, that occurred because of negligence or malfeasance on the part of the provider? - CORRECT ANSWER ✔✔✔ shared policy In all cloud models, security controls are driven by what? - CORRECT ANSWER ✔✔✔ business requirements What are 3 things the provider will offer to address shared monitoring and testing responsibilities in a cloud configuration? - CORRECT ANSWER ✔✔✔ SIM, SEIM, and SEM logs DLP solution results Access to audit logs and performance data What would a cloud provider offer to customers to enhance customer trust in provider? - CORRECT ANSWER ✔✔✔ Audit and performance log data What are 3 examples that cloud provider would offer to enhance the customer's trust? - CORRECT ANSWER ✔✔✔ Shared administration SLAs Audits Who is responsible for the liability and responsibility for any data loss or disclosure?
- CORRECT ANSWER ✔✔✔ Customer What ensures trust in the provider's performance and duties? - CORRECT ANSWER ✔✔✔ the contract What does a cloud provider not allow physical access to their datacenters? - CORRECT ANSWER ✔✔✔ To keep the physical layout and controls confidential How many subtypes of SOC 2 are there? - CORRECT ANSWER ✔✔✔ 2 What is SOC 2 Type 1? - CORRECT ANSWER ✔✔✔ Reviews the design of controls What is SOC 2 Type 2? - CORRECT ANSWER ✔✔✔ Detail report that provides how controls are implemented and maintained, or their function What term is used for moving an entire application to the cloud without any significant change? - CORRECT ANSWER ✔✔✔ forklifting What are 4 examples of issues that developers and administrators must deal with? - CORRECT ANSWER ✔✔✔ multitenancy third-party admins
What are the 3 key elements in ISO/IEC 27034-1 - CORRECT ANSWER ✔✔✔ organizational normative framework (ONF) application normative framework (ANF) application security management process (APSM). What does IAM stand for and what two categories is IAM divided into? - CORRECT ANSWER ✔✔✔ Identity and Access Management What is identity management? - CORRECT ANSWER ✔✔✔ process where individuals are given access to system resources by associating user rights with a given identity What is access management? - CORRECT ANSWER ✔✔✔ part of the process that deals with controlling access to resources once they have been granted What are 5 ways access management uses, to control access? - CORRECT ANSWER ✔✔✔ authentication authorization policy management federation identity repositories Within access management what does authentication do? - CORRECT ANSWER ✔✔✔ establishes an identity of user What is an example of access management authentication - CORRECT ANSWER ✔✔✔ username and password What is an example of access management authorization? - CORRECT ANSWER ✔✔✔ comparing authentication with ACL What is an example of access management policy management? - CORRECT ANSWER ✔✔✔ enforces authentication and authorization based on business needs and management decisions What does access management federation do? - CORRECT ANSWER ✔✔✔ allows organization to exchange of information between trusted organizations What are identity repositories? - CORRECT ANSWER ✔✔✔ directory services for the administrator of user accounts and their associated attributes What are all of access management resources stored in? - CORRECT ANSWER ✔✔✔ identity repository directory What are 5 examples of directory services? - CORRECT ANSWER ✔✔✔ X. LDAP Active directory
Novell eDirectory metadata and replication and synchronization What are two general types of federation? - CORRECT ANSWER ✔✔✔ web-of-trust model third-party identifier What is a web of trust model? - CORRECT ANSWER ✔✔✔ each member of the federation has to approve each other member for inclusion What is a third-party identifer? - CORRECT ANSWER ✔✔✔ outsource responsibilities to an external party. Identity provider and replying parties are terms that apply to what concept? - CORRECT ANSWER ✔✔✔ federation What are 3 federation standards? - CORRECT ANSWER ✔✔✔ WS-Federation OAuth OpenID Connect What encryption technique ensures privacy when communicating between applications? - CORRECT ANSWER ✔✔✔ transport layer security(TLS) What encrypts all of the system's data at rest in one instance? - CORRECT ANSWER ✔✔✔ Whole-instance encryption What encrypts only a partition instead of the entire disk? - CORRECT ANSWER ✔✔✔ volume encryption What encrypts data transmission between servers? - CORRECT ANSWER ✔✔✔ secure sockets layer(SSL) What does STRIDE stand for in threat modeling? - CORRECT ANSWER ✔✔✔ Spoofing Tampering Repudiation Information Disclosure Denial of Service Elevation of privilege What does SDLC stand for? - CORRECT ANSWER ✔✔✔ Software Development Life Cycle What are 10 examples in threat modeling of common application vulnerabilities? - CORRECT ANSWER ✔✔✔ Injection Broken Authentication
