CIS test 4 Flashcards

1
Q

IDS type that:1) Analyzes activity loges, including system calls, application logs, etc.2) Better view of the monitored system but high vulnerability for an attack on IDS itself.

A

Server based IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

3 type of Intrusion Detection Systems (IDSs)

A

1) Server-based IDS 2) Network-based IDS3) Integrated IDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Process of detecting events and/or entities that could possibly compromise the security of the system.

A

Intrusion Detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Key method for providing confidentiality and integrity services

A

Encryption of data in flight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Protocol which allows client / server applications to enforce encryption service.

A

Transport Layer Security (TLS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Benefit of network level encryption

A

Network level encryption is independent of the underlying guest OS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Two general encryption methods

A

1) Application Level (where data is generated) 2) Network Level (IPSec to encrypt IP packets)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Key measure against “sniffing” attacks

A

Encryption of data in flight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or False: A virtualized DMZ can fully support and enforce multiple trust zones.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Physical or logical (sub)network that limits the exposure of the nodes in the internal network from external networks.

A

Demilitarized Zone (DMZ)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why can sandboxing be used as a security measure against side-channel-attacks?

A

Because sandboxing disallows a malicious software from monitoring system components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Where guest OS sandboxing is achieved

A

On the hypervisor level or at the OS kernel level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Where sandboxing should be applied

A

On a vulnerable or suspected guest OS or application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Guest OS Hardening Measures

A

Deleting unused files and applying latest patches. Applying hardening checklists available for specific OSs. Installing the guest OS in TCB mode if the VM is to be used for critical applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

VM Hardening Considerations

A

Use VM templates to provision new VMs. Limit the resources that VM can consume to prevent DoS attacks. Disable unused functions and devices on VM. Use a directory service for authentication. Perform vulnerability scanning and penetration testing of the guest OS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Ways to protect hypervisor management systems

A

1) Configuring strong security on the firewall between the management system and the network. 2) Providing direct access to management server only to administrators. 3) Disable access to management console to prevent unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Process of changing the default configuration in order to achieve greater security.

A

Hardening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Hypervisor Security Measures

A

1) Install hypervisor updates. 2) Harden VMs to prevent attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Protection measures for physical server security

A

1) Authentication and authorization mechanisms. 2) Disabling unused hardware such as NICs, USB ports, or drives. 3) Physical premises security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Server security considerations

A

1) Deciding whether the server will be used for specific applications or for general purpose. 2) Identifying the network services to be provided on the server. 3) Identifying users and/or user groups who will be given access rights on the server, including specific access privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Included in securing a compute system

A

Securing physical server. Securing hypervisor. Securing VMs (VM isolation, VM hardening). Security at guest OS level (guest OS hardening). Security at application level (application hardening).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

VM protective measure against DOS attacks

A

Resource consumption of a VM needs to be restricted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Attempt to prevent legitimate users from accessing a resource or service.

A

Denial of Service (DOS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Could reveal information of a client to another malicious client that runs its VMs on the same server.

A

Cross-VM Side Channel Attack (SCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Extracts information by monitoring indirect activities (e.g., cache data).

A

Side Channel Attack (SCA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A malicious program which is installed before a hypervisor or VMM is fully booted on a physical server, thereby running with privileged access and remains invisible to network administrators.

A

Rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

True or False: Regular security measures are effective against hyperjacking.

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A rootkit level vulnerability that enables an attacker to install a rogue hypervisor or VMM that can take complete control of the underlying physical server.

A

Hyperjacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Measures against hyperjacking

A

1) Hardware-assisted secure launching of the hypervisor. 2) Scanning hardware-level details to assess the integrity of the hypervisor and locating the presence of the rogue hypervisor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Enables an attacker to install a rogue hypervisor or VMM that can take control of the underlying server resources.

A

HyperJacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Copy and move restrictions should be limited to what?

A

Critical / sensitive VMs only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Bind a VM to a specific physical machine

A

Copy and move restrictions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Essential to safeguard against VM theft

A

Copy and Move restrictions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Vulnerability that enables an attacker to copy or move a VM in an unauthorized manner.

A

VM Theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

True or False: VMs are vulnerable to attack when they are running and when they are powered-off.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

How are VM image files protected?

A

Encryption of VM image files is required as a protection measure when it is powered-off or during its migration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

How are VM templates protected?

A

VM templates must be kept encrypted.Access to VM templates should be restricted to privileged users (administrators).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Private data may include

A

Individual identity of a cloud user.Details of the services requested by a client.Proprietary data of the client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Information assurance concerns for cloud users

A

Confidentiality, Integrity, and Availability (CIA) - - Authorized Use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Counter to challenge of VOA

A

Depth-in-Depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Effects of a high velocity of attack (VOA)

A

Potential loss due to an attack is comparatively higher.It is comparatively difficult to mitigate the spread of the attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Velocity of Attack

A

Security threats amplify and spread quickly in a cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Refers to various access points / interfaces that an attacker can use to launch an attack

A

Attack Surface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Key measure against multitenancy-related security concerns

A

Mutual Client Isolation- Isolation of VMs- Isolation of data- Isolation of network communication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Why is multitenancy a key security concern for cloud service providers?

A

Enforcing uniform security controls and measures is difficult.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Why is multitenancy a key security concern for cloud clients?

A

Co-location of multiple VMs in a single server and sharing the same resources increases the attack surface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Could occur when a malicious VM is installed on the same server and consumes all the server resources, thus preventing other VMs from functioning properly.

A

Denial of Service (DOS) Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Unauthorized loss or manipulation of data

A

Data Leakage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Attacker installs a rogue hypervisor or VMM that can take complete control of the underlying server.

A

HyperJacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Guest OS or an application running on it breaks out and starts interacting directly with the hypervisor.

A

VM Escape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Involves unauthorized copying or movement of a VM.

A

VM Theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Cloud Security Threats

A

VM Theft and VM Escape - HyperJacking - Data Leakage - Denial of Service (DoS) Attack

53
Q

Cloud Security Concerns

A

Multitenancy - Velocity of Attack - Information Assurance - Data Privacy and Ownership

54
Q

Type of security concerns common for all Cloud models.

A

Virtualization-specific security concerns

55
Q

Type of encryption most commonly used to secure separate end points of a connection.Examples:- web browser and web server using https;- VPN client and server;- for transferring a symmetric key

A

Asymmetric encryption

56
Q

Type of encryption most often used for data encryption.

A

Symmetric encryption

57
Q

Key technique to provide confidentiality and integrity of data.

A

Encryption

58
Q

Process of converting data to a form which cannot be used in any meaningful way without special knowledge.

A

Encryption

59
Q

Set of all components that are critical to the security of the system.

A

Trusted Computing Base (TCB)

60
Q

Five Levels of Security in Defense in Depth

A
  1. Perimeter Security: Physical Security. 2. Remote Access Controls: VPN, Authentication, etc. 3. Network Security: Firewall, DMZ, etc. 4. Compute Security: Hardening, Anti-Virus, etc. 5. Storage Security: Encryption, Zoning, etc.
61
Q

Also known as a “layered approach” to security.

A

Defense-in-Depth

62
Q

A mechanism, which uses multiple security measures, to reduce the risk of security threats if one component of the protection gets compromised.

A

Defense-in-Depth

63
Q

Considers multiple factors before permission to access a resource is granted to the user.

A

Multi-factor authentication

64
Q

Process to evaluate the effectiveness of security enforcement mechanisms.

A

Auditing

65
Q

Defines the scope of the access rights of a user on a resource.Example: read-only or read-write access.

A

Authorization

66
Q

Process to give specific access rights to a user to resources.Defines the scope of the access rights of a user on a resource (e.g., read-only access or read-write access).

A

Authorization

67
Q

Process to ensure that a user’s credentials (e.g., identity) are genuine.Ensures that no illegitimate access is allowed.

A

Authentication

68
Q

Ensures that authorized users have reliable and timely access to data.

A

Availability

69
Q

Ensures that unauthorized changes to data are not allowed.

A

Integrity

70
Q

Provides required secrecy of information.Ensures that only authorized users have access to data (information).

A

Confidentiality

71
Q

To what is the CIA triad applied?

A

Physical and logical resources

72
Q

Defines boundary between security-critical and non critical parts of an information system.

A

Trusted Computing Base (TCB)

73
Q

Information Security Goals: CIA Triad

A

Confidentiality - Integrity - Availability

74
Q

How is intrusion detection implemented under software-as-a-service model?a. Implemented by the Cloud Consumerb. Implemented by the Cloud Service Providerc. Implemented by the Cloud Service Provider and Consumer together

A

b. Implemented by the Cloud Service Provider

75
Q

Which security mechanism provides an effective control for data confidentiality and integrity?a. Copy and move restrictionsb. Authorizationc. Trusted computing based. Encryption

A

d. Encryption

76
Q

What is the primary goal of a security audit?a. Evaluate effectiveness of security enforcement.b. Evaluate effectiveness of data confidentiality.c. Evaluate effectiveness of data integrity.d. Evaluate effectiveness of data availability.

A

a. Evaluate effectiveness of security enforcement.

77
Q

Which security goal is achieved by data shredding techniques?a. Preventing data lossb. Preventing data manipulationc. Ensuring data confidentialityd. Enabling data encryption

A

c. Ensuring data confidentiality

78
Q

Which GRC process determines scope of adoption of Cloud services?a. Anti-virus protection measures in Cloudb. Business continuityc. Risk assessmentd. Disaster management

A

c. Risk assessment

79
Q

Where a vendor lock-in concern is magnified.

A

Federated Cloud

80
Q

Typically aries due to large data sets being sent to and from the CSP.

A

Network Latency

81
Q

Must be allocated to the application to ensure performance.

A

Right amount of resources.

82
Q

Common VM format that enables using a VM built in one Cloud to be deployed to another Cloud with minimum or no charges.

A

Open Virtual Machine Format (OVF)

83
Q

Uses proven and widely accepted technologies.Prevents lock-in issues.Example is Open Virtual Machine Format (OVF)

A

Cloud Open Standards

84
Q

Deterrent to moving services to the Cloud

A

Vendor Lock-In

85
Q

Reasons that may cause Cloud Vendor / CSP lock-in

A
  1. CSP may lack open standards or use proprietary software / APIs. 2. Rigid agreements with penalties. 3. Rules that prevent movement from one service to another (i.e., an app built on a PaaS from moving to an IaaS model). 4. Apps that require significant rework / redesign before deploying in a different Cloud.
86
Q

What can impact Cloud performance?

A

Saturation of Cloud infrastructure

87
Q

A must have from a CSP to ensure QoS.

A

Strong Service Level Agreements (SLAs)

88
Q

True or False: QoS attributes (such as response time and throughput) are generally not part of an SLA.

A

False.

89
Q

Factors included in an SLA.

A

Network Availability, Performance, etc.

90
Q

Agreement between CSP and consumer that defines quality and reliability of service.Also defines penalty for not meeting the agreement.

A

Service Level Agreement (SLA)

91
Q

Key Questions for a Cloud Service Provider

A
  1. How long has provider been a CSP? 2. How well does the CSP meet the organization’s current and future requirements. 3. How easy is it to relinquish resource not in use to reduce cost? 4. What tools does the CSP provide (like VM images) that would ease a move to another CSP if required? 5. How easy is it to add and remove services? 6. Does the CSP provide good customer support? 7. What happens when the CSP upgrades their software? (Is it forced on everyone? Can upgrades be scheduled per user?) 8. Does the CSP offer required security services? 9, Does the provider meet legal and privacy requirements?
92
Q

Application type perceived as good candidate for Cloud, unless performance is sensitive.

A

Non-proprietary and non-mission critical applications

93
Q

Applications that:- Are perceived as high-risk to move to Cloud;- But organization may not have adequate resources to maintain the application.

A

Non-proprietary but mission critical applications

94
Q

Applications that:- Provide competitive advantage.- Perceived as high risk to move to cloud.- Typically maintained in-house.

A

Proprietary and Mission-Critical Applications

95
Q

OLTP

A

OnLine Transaction Processing

96
Q

What profile is used to help choose the Cloud model for an organization?

A

Risk vs. Convenience profile

97
Q

Cloud infrastructure QoS components

A

Performance - Availability - Security

98
Q

Key Questions for Cloud Migration

A
  1. How does Cloud fit into the organization’s requirements? (Financial advantage, convenience, etc.) 2. Which are the applications suitable for the cloud? 3. How do I choose the Cloud Vendor? 4. Is the Cloud Infrastructure capable of providing the required QoS? 5. How will I address Change Management concerns? 6. What can Cloud provide? (Application, platform, infrastructure)
99
Q

Good candidates for the cloud

A

Non-proprietary and non-mission-critical applications

100
Q

Can be moved to Cloud only if the organization lacks the skills to maintain the application or if the maintenance cost is high.

A

Non-proprietary but mission-critical applications

101
Q

Should remain in-house

A

Proprietary and mission-critical applications

102
Q

Some parts of application are moved into Cloud and some part remains in the data center.Good for applications that have several components, and are not tightly coupled.

A

Hybrid Migration Strategy

103
Q

Entire application is migrated at once instead of in parts.Good for tightly coupled or self-contained applications.

A

Forklift migration strategy

104
Q

Two application migration strategies

A

Forklift Migration Strategy - Hybrid Migration Strategy

105
Q

Phase where applications are moved to the Cloud

A

Phase 3: Migration

106
Q

Goal of this phase is to verify that an application runs as expected in the Cloud.

A

Phase 2: Proof of Concept

107
Q

Two options available for migrating licensed software to the Cloud

A

1) Use the existing license. 2) Use SaaS-based Cloud service

108
Q

Technical Assessment

A

Part of Phase 1 Migration, where the customer will: Identify whether Cloud provider offers required infrastructure. Identify whether an application is compatible with Cloud infrastructure. Identify dependencies of an application on other components and services. Identify latency and bandwidth requirements.

109
Q

Security and Compliance Assessment

A

Part of Phase 1 Migration Assessment that: Involves security advisor early in the process. Enables organizations to identify risk tolerance and security threats for an application. Understanding regulatory / contractual obligations to store data in specific jurisdictions. Explores whether cloud vendor offers choice of selecting geographic location to store the data and guarantee that data does not move unless the organization decides to move it, options to retrieve data, download and delete options. Choice of encryption of data when in transit and at rest.

110
Q

Part of Phase 1 Migration Assessment that:Provides cost comparison of in-house vs. service provider (TCO & ROI).Requires cost consideration of multiple elements.

A

Financial Assessment

111
Q

Considerations during Phase 1: Assessment

A

Migration considerations Financial assessment Security and compliance assessment Technical assessment Issues with licensed products

112
Q

Four Phases of Cloud Adoption

A

Phase 1: Assessment Phase 2: Proof of Concept Phase 3: Migration Phase 4: Optimization

113
Q

Prevents vendor lock-in issues

A

Cloud open standards

114
Q

Building block for multi-vendor, federated clouds and can make vendor lock-in avoidable.

A

Open standards

115
Q

Example of a cloud open standard

A

Open Virtual Machine Format (OVF)

116
Q

Two Key Cloud Performance Considerations

A

1) Infrastructure Performance 2) Network Latency

117
Q

Agreement between the Cloud provider and the consumer that defines the quality and reliability of service.

A

Service Level Agreement (SLA)

118
Q

SMB Attributes and Appropriate Cloud Model

A

Tier 1 Apps: Private Cloud Tier 2-4: Public cloud for backup, archive, testing non OLTP apps. Hybrid Cloud Model

119
Q

Enterprise Profile and Appropriate Cloud Model

A

Tier 2-4: Private cloud Tier 1: may continue to run in a classic environment Private Cloud Model

120
Q

Startup Profile and Appropriate Cloud Model

A

Convenience outweighs risk. No CAPEX and OPEX. Self-service. Back office, development, and production. Public Cloud model.

121
Q

Cloud model where:- Convenience outweighs risk.- No CAPEX and OPEX.- Self-service.- Back office, development, and production

A

Public Cloud Model

122
Q

Cloud model where:- Tier 2 - 4 apps run in a private cloud.- Tier 1 apps continue to run in a classic data center environment.

A

Private Cloud Model

123
Q

Cloud model where:- Tier 1 apps run on Private Cloud.- Tier 2-4 apps use Public Cloud for backup, archive, testing & Non OLTP apps

A

Hybrid Cloud Model

124
Q

Cloud model where:- convenience outweighs risk;- low cost or free;- examples include Picasa, Google Apps

A

Public Cloud Model

125
Q

What factor could lead to Cloud vendor lock-in for consumers?a. Lack of open standards in Cloud operationsb. Lack of security compliancec. Mission critical nature of the applicationsd. Performance sensitivity of the business operations

A

a. Lack of open standards in Cloud operations

126
Q

Which application is perceived as a good candidate for migrating to the public Cloud?a. Proprietary and mission-critical applicationb. Non-proprietary and non-mission critical applicationc. Mission critical and I/O intensive application

A

b. Non-proprietary and non-mission critical application

127
Q

Which Cloud migration strategy is recommended for tightly coupled applications?a. Hybridb. Forkliftc. Privated. Public

A

b. Forklift

128
Q

Which Cloud adoption phase enables the consumer to explore the geographic location to store their data?a. Assessmentb. Proof of conceptc. Migrationd. Optimization

A

a. Assessment

129
Q

Which Cloud model is best suited for small and medium businesses?a. Publicb. Privatec. Hybridd. Community

A

c. Hybrid