C90.07A: Fundamental Cloud Security

Question 1

____________ refers to ability to ensure that only authorized users can access data so that private or sensitive data remains private.

Answer 1

Confidentiality

Question 2

The _____________ mechanisms is a network of servers on the internet that maps domain names to their numeric IP addresses.

Answer 2

Domain Name Service (DNS)

Question 3

List the four main components that comprise the identity and access management (IAM) mechanism.

Answer 3

º Authentication
º Authorization
º User Management
º Credential Management

Question 4

The certificate revocation list (CRL) mechanism is a signed list that lists revoked certificates that are still within their validity dates. It is published and maintained by the ____________

Answer 4

Certificate Authority (CA)

Question 5

Trust is designation, while thrustworthiness is a characteristic.

(True / False)

Answer 5

True

Question 6

The ______________ mechanism consists of policies, procedures, components and devices that are used to protect, manage and distribute cryptographic keys and certain specific information.

Answer 6

Cryptographic Key Management System (CKMS)

Question 7

The ______________ mechanism provides a mechanism for thrusting self-signed certificate from internal and other organization’ certificate authorities.

Answer 7

Certficate Trust Store

Question 8

Which design pattern can be applied to coordinate cloud monitoring and logging activities between a cloud consumer and cloud provider?

Answer 8

Collaborative Monitoring and Logging

Question 9

________________ is the ability to prevent data from being modified in an authorized or uneducated manner.

Answer 9

Integrity

Question 10

The _______________ architecture enables full management control and integration of resources contained both on-premise and in the cloud.

Answer 10

Virtual Private Cloud (VPC)

Question 11

Which design pattern can be applied to make cloud- based IT resources with diverse protocol requirements accessible to cloud service consumers.

Answer 11

Cloud Authentication Gateway

Question 12

The __________________ mechanism is a tamper-resistant integrated circuit built into som computer motherboards that can perform cryptographic operations and protect small amounts of sensitive information. It is used to store platform measurements that help ensure that a platform remains trustworthy.

Answer 12

Trusted Platform Module (TPM)

Question 13

List the six security threat categories that make STRIDE.

Answer 13

º Spoofing
º Tampering
º Repudiation
º Information Disclosure
º Denial-of-Service
º Elevation of Privilege

Question 14

Which deign pattern can be applied to protect cloud communication from traffic hijacking?

Answer 14

Cloud Traffic Hijacking Protection

Question 15

The seizing of groups of IP addresses by an attacker trough corruption of Internet routing tables is known as ______________

Answer 15

IP hijacking

Question 16

_____________, _______________ and _____________ provide protection against loss of confidentiality.

Answer 16

Encryption, authentication and authorization

Question 17

The _______________ mechanism is a data file that binds the identity of an entity to a public key and contains the user’s identification and signature from the issuing authority.

Answer 17

certficate

Question 18

Identify the required and optional patterns for the Cloud Authentication compound pattern.

Answer 18

º Cloud Authentication Gateway (required)

º Federated Cloud Authentication (optional)

Question 19

Which design pattern is applied via the implementation of a local CVS that checks the revocation status of submitted certificates form multiple organizations?

Answer 19

Federated Cloud Authentication

Question 20

Identify two foundational cloud security technologies that are used to establish borders to protect workloads.

Answer 20

º Cryptography

º Identity and access management (IAM)

Question 21

Which design pattern can be applied to protect a perimeter that is dynamic and extends from on-premise to multi-vendor cloud resources?

Answer 21

Automatically Defined Perimeter (ADP)

Question 22

Identify the mechanism that is used to collect relevant data about an enterprise’s security posture in multiple locations and analyze the data form a single point of view, providing the capability to spot trends and patterns that may be the result of malicious activity.

Answer 22

Security Information and Event Management (SIEM)

Question 23

Which design pattern can be applied to audit cloud-hosted IT resources for compliance and SLA requirements when they are not owned or accessible by cloud consumers?

Answer 23

Independent Cloud Auditing

Question 24

_____________ is ability to ensure that an organization’s resources are available when required, from a performance and reliable access and use perspective.

Answer 24

Availability

Question 25

The ________________ mechanism is a hardware or software-based appliance located on the consumer premises that serves as a bridge between local and remote cloud-based networks.

Answer 25

Cloud Consumer Gateway (CCG)

Question 26

Which mechanism is responsible for assessing the integrity of the cloud compute nodes trough techniques introduced by trusted computing technology and TPMs?

Answer 26

Attestation service

Question 27

Which mechanism collects evidence-based knowledge about an existing or emerging threat to an asset that can be used to inform decisions as to how the organization should respond to that threat?

Answer 27

Threat intelligence system

Question 28

List four common threat agents.

Answer 28

º External attacker º Malicious service agent º Malicious tenant º Malicious insider

Question 29

Which mechanism is the public key infrastructure (PKI) entity that digitally signs and certificate revocation lists (CRLs)?

Answer 29

Certificate Authority (CA)

Question 30

The cloud-based resource segmentation process creates ______________ mechanisms that are determined trough security policies.

Answer 30

Cloud-based security group