05

Question 1

____________ refers to the cybersecurity policies, best practices, controls, and technologies used to secure applications, data, and infrastructure in cloud environments

Answer 1

Cloud Security

Question 2

_____________ is the act of complying with regulatory standards of cloud usage in accordance with local, national, and international laws

Answer 2

Cloud Compliance

Question 3

A ___________ conforms to one or more specific sets of security and privacy standards

Answer 3

Compliant Cloud Environment

Question 4

__________ Under this model, cloud providers are responsible for managing some aspects of security. While the burden of securing most facets of resources that end users deploy in the cloud lies with end-users

Answer 4

Shared Responsibility Model

Question 5

The _____________ requires “reasonable security” to protect sensitive data

Answer 5

General Data Protection Regulation (GDPR)

Question 6

What are the general procedures for GDPR?

Answer 6

Define compliance rules
perform compliance audits

Question 7

The ______________ is European legislation that was designed to unify and strengthen the data protection laws of member states across the European union

Answer 7

GDPR

Question 8

What is the definitions for each GDPR regulation?
Data Residency
Data minimization
Storage limitations
right of access
right of erasure

Answer 8

Organizations may only process and store their personal data within the EEA and a limited number of other permitted countries unless they consent otherwise

Organizations should only collect and store personal data that is necessary pertaining to the organization requirements

Organizations must not retain this data for any longer then necessary

organizations must meet requests from individuals to access the personal data held about them

Organizations must meet requests from individuals to have there personal data erased

Question 9

_______________ is one of the few examples of governmental regulation that specifically covers data processed and stored in the cloud

Answer 9

Federal Risk and Authorization Management program (FEDRAMP)

Question 10

__________ is a streamlined version of _________ but specifically adapted to cloud environments

Answer 10

FEDRAMP FISMA

Question 11

______________ is a library of requirements categorized according to the risk to data, created from FEDRAMP

Answer 11

NIST SP 800-53

Question 12

______________ series is a family of international standards that provide best practice recommendations on how to protect information systems from a range of threats

Answer 12

ISO 27000

Question 13

_________ The core standard within the series, providing a general set of controls for managing information security

Answer 13

ISO 27001

Question 14

_________ An additional set of security controls for cloud computing implementations

Answer 14

ISO 27017

Question 15

_________ A set of privacy controls for managing personal data in cloud-based environments

Answer 15

ISO 27018

Question 16

_________________________ is a security-oriented standard that applies to any organization that accepts or processes card payments. It specifies 12 requirements that must be met to protect payment card transactions and cardholder details

Answer 16

Payment card industry data security standard (PCI DSS)

Question 17

What are each of the challenges when it comes to cloud compliance?

Certifications and Attestations

Data Residency

Cloud Complexity

Different Approach to security

Answer 17

Making sure the cloud environment is up to date on certifications and that they are monitor data protection laws and change as they do

Working within multiple regions and keeping track of all their data laws can be hard so ensuring their on top of that is important

The cloud is very complex and has lots of moving parts so it can be hard to come up with a protection strategy

Traditional security methods wont work in the cloud so a new approach is required with more focus on configuration management and individual workload protection

Question 18

What are some of the best practices to follow to help meet regulatory requirements?

Encryption
Privacy By default
Principle of least privilege
Zero Trust
Well-architected frameworks

Answer 18

encrypting data both at rest and in transit and ensuring good secure key management practices

privacy should form the basis for system design and process activities to make integrating compliance easier

Organizations should only grant users access to only the data and resources that are needed to carry out their specific duties

Organizations should use well-trusted/secure frameworks and follow their guiding principles

Question 19

What are each of the Challanges when it comes to cloud computing?

Answer 19

Certifications and Attestations

Data Residency

Cloud Complexity

Different Approach to security

Question 20

What are some of the best practices to follow to help meet regulatory requirements?

Answer 20

Encryption
Privacy By default
Principle of least privilege
Zero Trust
Well-architected frameworks

Question 21

_________________ encompasses the technologies, policies, services, and security controls that protect any type of data in the cloud from loss, leakage, or misuse through breaches, exfiltration, and unauthorized access

Answer 21

Cloud Data Security

Question 22

_______________ is a shared responsibility between the csp and its customers

Answer 22

Cloud Data Security

Question 23

______ helps protect sensitive data by tagging it, it is another best practice and is part of an organization’s overall security strategy that helps sensitive information from being leaked or stolen.

Answer 23

Data Loss prevention tool DLP

Question 24

________ refers to the state of data when it is stored, rather then moving from one place to another or loaded into memory for use by a software program

Answer 24

Data at rest

Question 25

What are the best practices for protecting data at rest?

Answer 25

Data classification, data encryption, data federation, hierarchical password protection

Question 26

___________ is data moving from one place to another, such as when it is transmitted over the internet

What are security measures for it?

Answer 26

Data in motion

authentication, access controls

Question 27

_______ is a hybrid approach of symmetric and asymmetric encryption

Answer 27

PKI

Question 28

__________ is meant to protect data as it moves to and from cloud-based applications, as well as when it is stored on the cloud network

Answer 28

Cloud Encryption

Question 29

What are some of the challenges with cloud encryption?

Answer 29

Time and cost
Data loss
key management

Question 30

A _____________ encrypts network traffic before it leaves the source computer and then decrypts the traffic on the destination computer

Answer 30

VPN

Question 31

What are the most popular tunneling protocols?

Answer 31

Layer 2 tunneling protocol L2TP
Secure socket tunneling protocol SSTP
OpenVpn
Internet key exchange version 2 IKEv2
point-to-point tunneling protocol PPTP
Internet protocol security IPSEC

Question 32

________ is the process of reducing risk to cloud systems by establishing and maintaining secure configurations and identifying and mitigating other vulnerabilities

Answer 32

Cloud Hardening

Question 33

_________ an application or data that is allowlisted is not checked against DLP rules. It is explicitly permitted

Answer 33

Allow-listing

Question 34

__________ data that is prevented from leaving the network environment, as identified by keywords or other criteria. It is explicitly denied

Answer 34

deny listing/ block list

Question 35

____________ is a defense-in-depth cybersecurity approach that wraps layer upon layer of security around IT systems and data, significantly reducing the risk of data breaches

Answer 35

Cloud Network Segmentation

Question 36

___________ is a cloud security process that applies identity-based protection to workloads without any architectural changes to the networks.

Answer 36

Cloud Workload segmentation

Question 37

What are the three goals of IAM?

Answer 37

AAA
Authorization
Authentication
Accounting

Question 38

____________ is a common goal for security administrators. This practice allows users to authenticate one time and then access all resources for which they are authorized, without having to re-authenticate

Answer 38

Single sign-on

Question 39

When two or more factors are required, that is known as ____________

What are some of the factors of this?

Answer 39

Multifactor authentication

What you know
What you have
Who you are

Question 40

________________ widely used, strong security

Answer 40

L2TP

Question 41

________________ primarily used with Windows OS’s

Answer 41

SSTP

Question 42

________________ open-source, very strong security, slower

Answer 42

OpenVpn

Question 43

________________ open-source protocol, strong security, fast

Answer 43

IKEv2

Question 44

_________________ Older, poor security, should be avoided

Answer 44

PPTP

Question 45

_________________ Easily implemented, powerful, flexible

Answer 45

IPSec