4. Security in the Cloud Flashcards
What is the term we use to describe the general ease and efficiency of moving data from one cloud provider to another cloud provider or down from the cloud?
A. Mobility
B. Elasticity
C. Obfuscation
D. Portability
Answer: D. Portability
Elasticity is the name for the benefit of cloud computing where resources can be apportioned as necessary to meet customer demand. Obfuscation is a technique to hide full raw datasets, either from personnel who do not need to know or for use in testing. Mobility is not a term pertinent to the CBK.
The various models generally available for cloud BC/DR activities include all of the following except___________________.
A. Private architecture, cloud backup
B. Cloud provider, backup from same provider
C. Cloud provider, backup from another cloud provider
D. Cloud provider, backup from private provider
Answer: D. Cloud provider, backup from private provider
This is not a normal configuration and would not likely provide genuine benefit.
Countermeasures for protecting cloud operations against external attackers include all of the following except___________________.
A. Continual monitoring for anomalous activity
B. Detailed and extensive background checks
C. Hardened devices and systems, including servers, hosts, hypervisors, and virtual machines
D. Regular and detailed configuration/change management activities
Answer: B. Detailed and extensive background checks
Background checks are controls for attenuating potential threats from internal actors; external threats aren’t likely to submit to background checks.
All of the following are techniques to enhance the portability of cloud data in order to minimize the potential of vendor lock-in except ___________________.
A. Avoiding proprietary data formats
B. Using IRM and DLP solutions widely throughout the cloud operation
C. Ensuring there are no physical limitations to moving
D. Ensuring favorable contract terms to support portability
Answer: B. Using IRM and DLP solutions widely throughout the cloud operation
IRM and DLP are used for increased authentication/access control and egress monitoring, respectively, and would actually decrease portability instead of enhancing it.
Which of the following is a technique used to attenuate risks to the cloud environment, resulting in loss or theft of a device used for remote access?
A. Remote kill switch
B. Dual control
C. Muddling
D. Safe harbor
Answer: A. Remote kill switch
Dual control is not useful for remote access devices because we’d have to assign two people for every device, which would decrease efficiency and productivity. Muddling is a cocktail preparation technique that involves crushing ingredients. Safe harbor is a policy provision that allows for compliance through an alternate method rather than the primary instruction.
Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except___________________.
A. The cloud provider’s suppliers
B. The cloud provider’s vendors
C. The cloud provider’s utilities
D. The cloud provider’s resellers
Answer: D. The cloud provider’s resellers
The cloud provider’s resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer.
When reviewing the BIA after a cloud migration, the organization should take into account new factors related to data breach impacts. One of these new factors is ___________________.
A. Legal liability can’t be transferred to the cloud provider.
B. Many states have data breach notification laws.
C. Breaches can cause the loss of proprietary data.
D. Breaches can cause the loss of intellectual property.
Answer: A. Legal liability can’t be transferred to the cloud provider.
State notification laws and the loss of proprietary data/intellectual property preexisted the cloud; only the lack of ability to transfer liability is new.
The cloud customer will have the most control of their data and systems and the cloud provider will have the least amount of responsibility in which cloud computing arrangement?
A. IaaS
B. PaaS
C. SaaS
D. Community cloud
Answer: A. IaaS
IaaS entails the cloud customer installing and maintaining the OS, programs, and data; PaaS has the customer installing programs and data; in SaaS, the customer only uploads data. In a community cloud, data, and device owners are distributed.
After a cloud migration, the BIA should be updated to include a review of the new risks and impacts associated with cloud operations; this review should include an analysis of the possibility of vendor lock-in/lock-out. Analysis of this risk may not have to be performed as a new effort because a lot of the material that would be included is already available from which of the following?
A. NIST
B. The cloud provider
C. The cost-benefit analysis the organization conducted when deciding on cloud migration
D. Open-source providers
Answer: C. The cost-benefit analysis the organization conducted when deciding on cloud migration.
NIST offers many informative guides and standards but nothing specific to any one organization. The cloud provider will not have prepared an analysis of lock-out/lock-in potential.
Open-source providers can offer many useful materials but, again, nothing specific to the organization.
A poorly negotiated cloud service contract could result in all the following detrimental effects except
___________________.
A. Vendor lock-in
B. Malware
C. Unfavorable terms
D. Lack of necessary services
Answer: B. Malware
Malware risks and threats are not affected by the terms of the cloud contract.
All of the following are cloud computing risks in a multitenant environment except___________________.
A. Risk of loss/disclosure due to legal seizures
B. Information bleed
C. DDoS
D. Escalation of privilege
Answer: C. DDoS
DoS/DDoS threats and risks are not unique to the multitenant architecture.
Countermeasures for protecting cloud operations against internal threats include all of the following except___________________.
A. Aggressive background checks
B. Hardened perimeter devices
C. Skills and knowledge testing
D. Extensive and comprehensive training programs, including initial, recurring, and refresher sessions
Answer: B. Hardened perimeter devices
Hardened perimeter devices are more useful at attenuating the risk of external attack.
Countermeasures for protecting cloud operations against internal threats include all of the following except___________________.
A. Active physical surveillance and monitoring
B. Active electronic surveillance and monitoring
C. Redundant ISPs
D. Masking and obfuscation of data for all personnel without the need to know for raw data
Answer: C. Redundant ISPs
ISP redundancy is a means to control the risk of externalities, not internal threats.
Countermeasures for protecting cloud operations against internal threats at the provider’s data center include all of the following except___________________.
A. Broad contractual protections to make sure the provider is ensuring an extreme level of trust in its own personnel
B. Financial penalties for the cloud provider in the event of negligence or malice on the part of its own personnel
C. DLP solutions
D. Scalability
Answer: D. Scalability
Scalability is a feature of cloud computing, allowing users to dictate an increase or decrease in service as needed, not a means to counter internal threats.
Countermeasures for protecting cloud operations against internal threats at the provider’s data center include all of the following except___________________.
A. Separation of duties
B. Least privilege
C. Conflict of interest
D. Mandatory vacation
Answer: C. Conflict of interest
Conflict of interest is a threat, not a control.
Benefits for addressing BC/DR offered by cloud operations include all of the following except___________________.
A. One-time pads
B. Distributed, remote processing, and storage of data
C. Fast replication
D. Regular backups offered by cloud providers
Answer: A. One-time pads
One- time pads are a cryptographic tool/method; this has nothing to do with BC/DR. All the other options are the benefits of using cloud computing for BC/DR.
All of the following methods can be used to attenuate the harm caused by escalation of privilege except ___________________.
A. Extensive access control and authentication tools and techniques
B. Analysis and review of all log data by trained, skilled personnel on a frequent basis
C. Periodic and effective use of cryptographic sanitization tools
D. The use of automated analysis tools such as SIM, SIEM, and SEM solutions
Answer: C. Periodic and effective use of cryptographic sanitization tools.
Cryptographic sanitization is a means of reducing the risks from data remanence, not a
way to minimize escalation of privilege.
What is the hypervisor malicious attackers would prefer to attack?
A. Type 1
B. Type 2
C. Type 3
D. Type 4
Answer: B. Type 2
Attackers prefer Type 2 hypervisors because the OS offers more attack surface and potential vulnerabilities. There are no Type 3 or 4 hypervisors.
What is the term used to describe the loss of access to data because the cloud provider has ceased operation?
A. Closing
B. Vendor lock-out
C. Vendor lock-in
D. Masking
Answer: B. Vendor lock-out
Vendor lock-in is the result of a lack of portability, for any number of reasons. Masking is a means to hide raw datasets from users who do not have a need to know. Closing is a nonsense term in this context.
Because PaaS implementations are so often used for software development, what is one of the vulnerabilities that should always be kept in mind?
A. Malware
B. Loss/theft of portable devices
C. Backdoors
D. DoS/DDoS
Answer: C. Backdoors
Software developers often install backdoors as a means to avoid performing entire workflows when adjusting the programs they’re working on; they often leave backdoors behind in production software, inadvertently or intentionally.
