Cloud Computing and Cybersecurity Flashcards
Which authentication options are available when deploying a Linux virtual machine in the Microsoft Azure cloud? Choose more than one option.
A. Username
B. SSH public key authentication
C. Password
D. PKI
B. SSH public key authentication
C. Password
These are the primary authentication methods supported for Linux virtual machines in Azure.
SSH public key authentication is generally considered more secure as it eliminates the need to transmit passwords over the network.
Password authentication is a simpler option but less secure.
You are deploying a Microsoft Windows Server virtual machine in the Microsoft Azure cloud. All Windows virtual machines need to allow RDP and HTTPS connections from an on-premises network. Which strategy works best for setting OSI layer 4 rules to control traffic coming into the servers?
A. Create a route table and associate it with the VM subnet
B. Create a network security group and associate it with each VM network interface
C. Create a network security group and associate it with the VM Subnet
D. Create a route table and associate it with each VM network interface
C. Create a network security group and associate it with the VM subnet
Here’s why:
Network Security Groups (NSGs) are designed to filter network traffic to or from Azure resources.
Associating an NSG with a subnet ensures that all VMs within that subnet inherit the same security rules. This simplifies management and ensures consistent security policies across multiple VMs.
Allowing RDP and HTTPS traffic can be achieved by creating inbound security rules in the NSG that permit traffic on ports 3389 (RDP) and 443 (HTTPS) from the specific IP address ranges of your on-premises network.
This approach provides a granular and flexible way to control inbound traffic to your VMs while maintaining a centralized security policy.
You have deployed a database in the AWS cloud. Which type of cloud service model is this?
A. XaaS
B. PaaS
C. IaaS
D. SaaS
C. PaaS
You need to ensure that custom code running within a Microsoft Azure virtual machine has access to read blobs in an Azure storage account. What should you do FIRST?
A. Embed storage account credentials within the custom code
B. Assign storage account permissions to the virtual machine
C. Configure a managed identity for the virtual machine
D. Run the custom code in a Docker container
C. Configure a managed identity for the virtual machine
Managed identities provide a secure way for Azure resources to authenticate to other Azure services without exposing credentials.
You can assign appropriate permissions to the managed identity, allowing it to access the storage account’s blobs.
This eliminates the need to store or manage credentials within the code, improving security.
Here are the general steps involved:
Create a managed identity for the virtual machine.
Assign the necessary permissions to the managed identity, such as the “Storage Blob Data Reader” role.
Configure the custom code to use the managed identity to authenticate to the storage account. You can use libraries and SDKs provided by Azure to simplify this process.
By following this approach, you ensure that your code can securely access the storage account without compromising security.
You have created a CDN profile object in Azure but have not yet specified an origin location for content to be cached. What should you do?
A. Add an endpoint to the CDN profile
B. Create a storage account and link it to the CDN profile
C. Add an endpoint to the storage account
D. Import the .CSV CDN configuration file to the CDN profile
A. Add an endpoint to the CDN profile
An endpoint is a specific origin server that the CDN uses to fetch content. By adding an endpoint to your CDN profile, you specify the source location for the content that will be cached and delivered by the CDN.
Which CCM-related item can be used as a cloud security checklist?
A. SLO
B. CAIQ
C. ISO
D. SLA
B. CAIQ.
A Cloud Adoption Implementation Framework (CAIQ) is a comprehensive checklist designed to help organizations assess their cloud readiness, identify potential risks, and implement best practices. It covers various aspects of cloud security, including:
Security assessments: Evaluating the security posture of cloud environments.
Access controls: Implementing strong access controls to protect sensitive data.
Data protection: Ensuring data confidentiality, integrity, and availability.
Threat and vulnerability management: Identifying and mitigating potential threats.
Incident response: Developing a plan to respond to security incidents effectively.
By following the CAIQ checklist, organizations can significantly enhance their cloud security posture and reduce the risk of breaches.
What is the primary benefit of a Content Delivery Network?
A. Reduced network latency
B. Application proxy
C. Increase user sign-in security
D. Increased network latency
A. Reduced network latency.
A CDN distributes content across multiple servers located in different geographic locations. When a user requests content, the CDN delivers it from the server closest to the user, significantly reducing the time it takes for the content to load. This results in faster website and application load times, improved user experience, and increased website performance.
Your organization uses a PaaS database solution. In order to remain compliant with various security standards, the underlying server OS must be patched regularly. Who bears this responsibility?
A. Cloud tenant
B. Auditors
C. Auditors and cloud service provider
D. Cloud service provider
Cloud service provider
In a PaaS model, the cloud service provider manages the underlying infrastructure, including the operating system. This responsibility typically includes regular patching and updates to ensure the security of the platform. As a cloud tenant, you focus on managing your database and applications, while the provider handles the infrastructure-level tasks.
Which is the default DNS suffix for Microsoft Azure web apps?
A. azureedge.net
B. azurewebsites.net
C. stor.azure.net
D. onmicrosoft.com
B. azurewebsites.net
Azure web apps are typically accessed using a format like <app-name>.azurewebsites.net. This automatically includes the .azurewebsites.net suffix.
While other options like azureedge.net might be used with Azure CDN, they are not the default for web apps themselves.
Storage accounts have a different default suffix (stor.azure.net) and onmicrosoft.com is typically used with Azure Active Directory.</app-name>
Which type of cloud works best for multiple organizations with the same type of computing and security needs?
A. Community
B. Public
C. Private
D. Hybrid
A. Community Cloud.
A Community Cloud is a cloud infrastructure shared by several organizations that have similar security and compliance requirements. This makes it ideal for organizations with common needs, such as government agencies, healthcare providers, or financial institutions.
Here’s a breakdown of the other options:
Public Cloud: Suitable for a wide range of users and offers broad accessibility, but may not be ideal for organizations with stringent security requirements.
Private Cloud: Dedicated to a single organization and provides maximum control and security, but can be costly to set up and maintain.
Hybrid Cloud: Combines public and private clouds, offering flexibility but can be complex to manage.
