Chapter 6 All In One Flashcards
What is the first step in the process of creating a baseline image?
A.Patch the operating system to the latest level. B.Update all software and utilities on the image. C.Perform a clean install with a base operating system. D. Disable nonessential services.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 263). McGraw Hill LLC. Kindle Edition.
C. Perform a clean install with a base operating system
Explanation:
When creating a new baseline image, you always want to start with a clean operating system install. This allows configuration settings to be applied from the bottom up, without the possibility of other changes from previous images impacting the new image and without having to clean up an old image and remember to reset everything to the original. Once a new operating system install is used, it can have all nonessential services disabled and brought to the latest patching level, have updated software and utilities installed, and have all security and configuration requirements set.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (pp. 263-264). McGraw Hill LLC. Kindle Edition.
Which networking concept allows for segregation and isolation of systems in a cloud environment?
A. VLAN
B. WAN
C. LAN
D. PLAN
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 264). McGraw Hill LLC. Kindle Edition.
A. VLAN
Explanation:
A VLAN allows for network isolation in a cloud environment by establishing virtual network segments, with their own IP space and firewall settings, that are segregated from other network segments. Wide area network (WAN) and local area network (LAN) are both network concepts that speak to networks as a whole, and not to segments within a network and separation, while PLAN is an extraneous choice.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 264). McGraw Hill LLC. Kindle Edition.
What is the most important security reason for centralizing log collection?
A. To minimize storage needs on hosts
B.To prevent log manipulation or deletion on a host
C. To encrypt logs that contain sensitive information
D. To facilitate immediate response for eDiscovery requests
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 264). McGraw Hill LLC. Kindle Edition.
B. To prevent log manipulation or deletion on a host
Explanation:
B. Preventing log manipulation or deletion on a host is the main reason for log aggregation. Sending or copying the logs from hosts into a central system prevents those with system or administrative access on host servers from altering the logs to cover traces of unauthorized access, or even the wholesale deletion of logs. This enables separation of duties as well, where the security team and auditors can have access to the aggregated logs, and the system administrators have access to the actual systems, but not to each other. Although minimizing storage on systems and allowing more aggressive log rotation and cleanup are benefits of a SIEM solution, they are not a main reason for it or a security-focused benefit. Encryption of log files can be done at any level if needed or desired, although, in general, sensitive information should not be written to log files. Also, a SIEM solution may assist with eDiscovery orders, but it would depend on the scope of the order and is not a primary reason for a SIEM solution.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 264). McGraw Hill LLC. Kindle Edition.
What type of application allows centralized log searching and reporting?
A. LSRT
B. SIEM
C. SAMS
D. CLSR
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 265). McGraw Hill LLC. Kindle Edition.
B. SIEM
Explanation:
A security information and event management (SIEM) solution allows centralized searching and reporting of log files or any other event data that has been collected and aggregated into it. The other examples are extraneous acronyms to the question.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 265). McGraw Hill LLC. Kindle Edition.
Which of the following concepts is focused on preventing potential issues from occurring within a system or process?
A. Incident management
B. Continuity management
C. Availability management
D. Problem management
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 265). McGraw Hill LLC. Kindle Edition.
D. Problem management
Explanation:
D. Problem management is focused on preventing issues from occurring within a system or process in a proactive manner. Incident management is focused on the response and mitigation of problems or incidents after they have occurred in a reactionary manner. Continuity management is focused on the resiliency or restoration of services after an unexpected outage or event, and availability management is focused on meeting SLA requirements for performance and availability of systems.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 265). McGraw Hill LLC. Kindle Edition.
What is the name for the centralized unit that deals with security issues within an organization?
A. Security operations group
B. Incident response group
C. Security operations center
D. Security control office
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 265). McGraw Hill LLC. Kindle Edition.
C. Security operations center
Explanation:
A security operations center (SOC) is a centralized group that deals with all security issues within an organization or enterprise and is responsible for the monitoring, reporting, and handling of security incidents.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 265). McGraw Hill LLC. Kindle Edition.
What is the name of the Microsoft tool for performing patches on systems?
A. WUSU
B. MPMT
C. MSPT
D. WSUS
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 266). McGraw Hill LLC. Kindle Edition.
D. WSUS
Explanation:
Windows Server Update Services (WSUS) is the name of the Microsoft tool for installing patches on a Windows system. The other acronyms are extraneous.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 266). McGraw Hill LLC. Kindle Edition.
8.To automatically detect and block attacks against systems, which type of device would you employ?
A. IDS
B. NIDS
C. HIPS
D. IPS
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 266). McGraw Hill LLC. Kindle Edition.
D. IPS
Explanation:
An intrusion prevention system (IPS) is used to detect and automatically block attacks against a system, as opposed to an intrusion detection system (IDS), which is designed to detect and alert on potential attacks. The other options are specific types of either device: a HIPS is a host-based IPS and a NIDS is a network-based IDS device.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 266). McGraw Hill LLC. Kindle Edition.
Who has responsibility for forensic collection of data in an IaaS implementation?
A. Cloud provider
B. Cloud customer
C. Cloud broker
D. Cloud administrator
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 266). McGraw Hill LLC. Kindle Edition.
A. Cloud provider
Explanation:
Since a cloud provider controls the physical and underlying systems within a cloud and is the only party that has full administrative and system access to everything, they are responsible for forensic data collection within the environment. Expectations and requirements should be established within the contract between the cloud customer and cloud provider to govern the collection and timeline to do so.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 266). McGraw Hill LLC. Kindle Edition.
Which technology allows the assigning of network configurations to systems from a centralized location?
A. DHCP
B. DNS
C. IPSec
D. Network security groups
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 266). McGraw Hill LLC. Kindle Edition.
A. DHCP
Explanation:
DHCP is a centralized server that dynamically assigns IP addresses and other network configurations to devices on a network.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 267). McGraw Hill LLC. Kindle Edition.
Which of the following is not part of the management plan for operations of a cloud environment?
A. Orchestration
B. Maintenance
C. Planning
D. Scheduling
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 267). McGraw Hill LLC. Kindle Edition.
C. Planning
Explanation:
The three main building blocks for a cloud environment and the management plan for it are orchestration, maintenance, and scheduling. Planning would occur before systems or applications are deployed to a cloud environment and therefore is not part of the actual management plan for cloud operations.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 267). McGraw Hill LLC. Kindle Edition.
What type of system is often used to enable access from untrusted networks to a trusted network with optimal security and monitoring?
A. Proxy server
B. XML firewall
C. Bastion host
D. Virtual console
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 267). McGraw Hill LLC. Kindle Edition.
C. Bastion host
Explanation:
A bastion host is a heavily fortified system that allows access from untrusted networks into trusted networks. It is specifically implemented to only allow the required protocols or services and is heavily monitored and audited for any malicious activity.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 267). McGraw Hill LLC. Kindle Edition.
Which of the following is concerned with ensuring enough resources are available to meet SLA requirements?
A. Capacity management
B. Allocation management
C. Availability management
D. System management
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (p. 267). McGraw Hill LLC. Kindle Edition.
A. Capacity management
Explanation:
Capacity management is concerned with ensuring that sufficient resources are available to meet the needs of cloud customers throughout the environment, as established through their SLAs. Availability management is ensuring that systems and services are available and accessible when needed by users. System management is concerned with the overall management of IT systems and assets within an environment. Allocation management is not one of the principles of ITIL.
Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition (pp. 267-268). McGraw Hill LLC. Kindle Edition.