7. Operations Elements Flashcards
Megan has downloaded a container from a public repository. What should her next step be to use the container?
A. Run the container using her containerization service.
B. Scan the container for malicious software.
C. Validate the container by decrypting it.
D. Check the container into her organization’s container repository.
Answer: B. Scan the container for malicious software.
Much as with any package downloaded from the internet, Megan needs to validate the container. Ideally she should check the container’s signature if one is provided and scan it for any malicious software. Running it or adding it to a repository without checking it is not a best practice, and decrypting a container does not validate it.
Chris is considering whether his organization should build a data center or buy a preexisting data center. His organization needs a large amount of space and uses a significant amount of power. Which of the following is a common reason to build a new data center rather than
pay for data center space in a scenario like the one Chris is facing?
A. Cost
B. Resilience
C. Efficiency
D. Flexibility
Answer: A. Cost
Significant data center usage usually makes building your own less expensive in the long term. For smaller deployments, third-party data center hosting companies can offer increased resilience, greater efficiency due to shared space and services, and greater flexibility as organizations grow until their needs exceed those of the commercial provider.
Stacey wants to detect attacks against her hosted systems and would like to be able to analyze the techniques and tools used in those attacks. What security tool could she use to accomplish both of these goals?
A. A network security group
B. A firewall
C. A honeypot
D. A beartrap
Answer: C. A honeypot
A honeypot is designed to be attractive to attackers and to capture their tools and techniques for later study. Firewalls and network security groups both block traffic based on rules but do not capture the tools or techniques in most cases. Beartrap is not a common term used in security work.
Olivia wants to ensure that her new data center cannot lose its internet connectivity due to a single event that damages the fiber optic cable running to her internet service providers. What term describes the solution Olivia is looking for?
A. Linear continuity
B. Multivendor pathway connectivity
C. Separation of networks
D. Redundant fiber assessment
Answer: B. Multivendor pathway connectivity
Multivendor pathway connectivity describes separate physical paths to the different vendors for internet access or other services. Key elements of a multivendor pathway connectivity design include ensuring that the paths do not intersect or overlap, that multiple vendors are used, and that those vendors themselves do not have shared upstream dependencies. The remainder of the answers were made up for this question.
Pete wants to configure network security defenses for his cloud-hosted instances. What cloud security tool is best compared to a firewall?
A. Cloud watchers
B. Cloud IDS
C. Cloud IPS
D. Network security groups
Answer: D. Network security groups
Network security groups, like firewalls, rely on rules to define what traffic is allowed to instances. Cloud watchers isn’t a common term, but CloudWatch is an Amazon tool used to monitor Amazon resources, and both intrusion detection and intrusion prevention systems (IDSs and IPSs) are used to monitor for attacks, while an IPS can also be used to stop them.
Daniel wants to provide SSH access to hosts in a protected subnet in his cloud-hosted data center environment. He deploys a system dedicated to this type of access with rules allowing lower security zones to connect through the system to higher security devices in the subnet.
What type of device has Daniel deployed?
A. A bastion host
B. A security gateway
C. A VPC span
D. A span port
Answer: A. A bastion host
Daniel has deployed a bastion host, a specifically secured device that allows external access from a lower-security zone to a higher- security zone. Security gateway is a broad term for network edge security devices. A span port is used to capture network traffic for analysis, and a VPC span was made up for this question.
Charles wants to detect abnormal traffic in his organization’s cloud environment. The vendor
who provides his SIEM tool has advanced analytical tools that baseline normal traffic and then analyze logs and traffic to identify potential attacks based on learning models. Which of the following options best describes this type of technology?
A. Behavior-based analysis
B. Artificial intelligence
C. Rules-based analysis
D. Pattern matching
Answer: B. Artificial intelligence
Learning systems that apply data to improve their detection are considered artificial intelligence models. They may apply behavior-based analysis, pattern matching, and rules as part of their actions, but learning from those is a hallmark of AI- based systems.
Geeta wants to connect to a Windows server using a full graphical user interface. What secure connection option should she use?
A. Telnet
B. SSH
C. RDP
D. Screen
Answer: C. RDP
Remote Desktop Protocol (RDP) is the built- in Windows remote desktop client that operates on TCP port 3389. Telnet is not encrypted, and the screen is a Linux command that allows sessions to be paused without losing connectivity. SSH can be used to tunnel other services,
but it is typically a command- line option.
The organization that Jules works for wants to ensure that a loss of chilled water does not cause an outage for her data center. What option should Jules ensure is in place in case of a failure of the chilled water system?
A. The ability to switch to utility water
B. A complete fire suppression system
C. The ability to switch to external temperature air
D. A complete generator system to provide backup power to the chiller
Answer: A. The ability to switch to utility water
While chilled water systems provide better cooling, the ability to switch to utility-provider water in the event of an outage is a common capability for chilled water systems. None of the other answers address the need for water-based cooling.
Amanda has joined a new company, and part of her orientation notes that staff use virtual clients to access secure data used by the company as part of their data center operations. What type of solution should Amanda expect to see?
A. Virtual clients hosted on her laptop
B. A cloud-based server environment
C. Virtual clients hosted in the cloud or on servers
D. A third- party managed data center
Answer: C. Virtual clients hosted in the cloud or on servers
Amanda should expect to use virtual desktops or applications hosted in the cloud or on servers, allowing all sensitive work to occur remotely via an encrypted connection. She should not expect local virtual machine hosting, and the problem does not indicate whether
the organization uses a cloud- based server environment or a third- party managed data center.
Jack wants to design a redundant power system for his data center. Which of the following is not a common element in a fully redundant power system?
A. Power from two or more utility providers
B. UPS devices in each rack
C. Multiple generators
D. Solar power arrays
Answer: D. Solar power arrays
While solar power may be used for a data center, it is not a common element in fully redundant power systems. Power from multiple providers on different physical paths, UPS
devices in each rack and multiple generators that allow maintenance to occur while still providing power to the facility during a power loss event are all common design features.
Jim wants to harden his virtualization environment. Which of the following is not a common hypervisor hardening technique?
A. Restricting the use of superuser accounts
B. Requiring multifactor authentication
C. Logging and alerting on improper usage
D. Enabling secure boot for guest systems
Answer: D. Enabling secure boot for guest systems
Enabling secure boot for guest systems does not help to harden the hypervisor itself. Restricting the use of superuser accounts, requiring MFA, and logging and alerting on improper usage are all examples of common hypervisor hardening techniques.
Naomi wants to provide secure SSH connectivity to systems in a protected VLAN. Which of the following describes the best security method for doing so?
A. Use SSH to a jumpbox, require multifactor authentication, and use SSH certificates.
B. Use SSH directly to the host, require multifactor authentication, and use SSH certificates.
C. Use SSH directly to the host, require multifactor authentication, and do not allow SSH certificates.
D. Use SSH to a jumpbox, do not require multifactor authentication, and use SSH certificates.
Answer: A. Use SSH to a jumpbox, require multifactor authentication, and use SSH certificates.
Using SSH with a jumpbox, requiring multifactor authentication, and using certificates are all best practices that Naomi should consider to provide a secure SSH solution.
Selah’s cloud environment analyzes traffic patterns, and load, and adjusts the number of systems in a web server pool to meet the current and expected future load as needed. Which of the following terms best describes what her organization is doing?
A. Distributed resource scheduling
B. Dynamic optimization
C. Maintenance mode
D. High availability
Answer: B. Dynamic optimization
Selah’s organization is using dynamic optimization techniques to use data- driven, responsive adjustments in their environment to meet load-based needs. Distributed resource scheduling focuses on providing resources to virtual machines to ensure their needs are met and
that maintenance can occur. Maintenance mode removes systems from a virtual machine cluster by shedding load to other systems so maintenance can occur. High availability can help with the scenario described but does not necessarily adjust to meet load conditions.
Frank’s organization wants to institute a 24/7 monitoring and response capability focused on security. What type of operations capability will Frank establish?
A. A SIEM
B. A NOC
C. A SOC
D. An IDS
Answer: C. A SOC
Frank will establish a security operations center, or SOC. A NOC, or network operations center, focuses on network management and monitoring, although SOCs and NOCs often have overlapping responsibilities. A SIEM, or security information and event management tool, is often used in a SOC, and IDSs, or intrusion detection systems, are used to gather data for a SOC.
Gary wants to drain currently running virtual machines from a VM server host so that he can replace failing hardware in the system. What should he enable to allow this to occur?
A. Distributed resource scheduling
B. Dynamic optimization
C. Storage clustering
D. Maintenance mode
Answer: D. Maintenance mode
Gary should set the system to maintenance mode, allowing the VM environment to move running virtual machines to other systems so that he can turn the server off and perform hardware maintenance. Distributed resource scheduling focuses on providing resources to VMs, dynamic optimization adjusts environments as demands change, and storage clustering is used to provide availability and performance for storage.
Dana wants to ensure the availability of her guest operating systems. Which of the following techniques is not a common technique to help improve the availability of guest operating systems?
A. Clustering of VM hosts
B. Storage clustering
C. Distributed resource scheduling
D. Enabling a load balancer
Answer: D. Enabling a load balancer
Clustering VM hosts, storage clustering for the underlying storage, and ensuring that resources are distributed appropriately will help improve the availability of guest operating systems. However, using a load balancer will help improve the availability of a service, not the
guest operating systems themselves.
Valerie has deployed an IDS to help protect her cloud-based systems. Which of the following actions isn’t an option that she can use the IDS for if it detects an attack?
A. Log the attack
B. Block the attack
C. Send a notification about the attack
D. Display information about the attack on a dashboard
Answer: B. Block the attack
IDSs, or intrusion detection systems, do not have the ability to block an attack. If Valerie wants to stop attacks, she should deploy an IPS.
Which of the following is not a common type of facility-based tenant partitioning?
A. Separate racks
B. Separate facilities
C. Separate cages
D. Separate bays
Answer: B. Separate facilities
Tenant partitioning is often done at the rack, cage, or bay level in the data center. Separate facilities are not common for tenant partitioning, since organizations that can fill a full facility or need one tend to acquire or manage their own.
Hu has placed copies of his data in multiple data centers. What data resiliency technique has he employed?
A. Mirroring
B. RAID
C. Data cloning
D. Data dispersion
Answer: D. Data dispersion
Hu is employing data dispersion, which places data in multiple locations to ensure that a loss event or corruption does not destroy the data. RAID and mirroring are both techniques for data resiliency at the disk or array level. The term data cloning simply describes copying data.
