Cloud Infrastructure Assessments

Question 1

Data received by an API must pass service-side validation routines

Answer 1

Insecure Application Programming Interface (API)

Question 2

APIs should use secure authentication and authorization such as SAML or
OAuth/OIDC before accessing data

Answer 2

Improper Key Management

Question 3

Logs must be copied to non-elastic storage for long-term retention

Answer 3

Insufficient Logging and Monitoring

Question 4

Cloud storage containers are referred to as buckets or blobs

Answer 4

Unprotected Storage

Question 5

A content delivery network policy that instructs the browser to treat requests
from nominated domains as safe

Answer 5

Cross Origin Resource Sharing (CORS) Policy

Question 6

A virtual machine that is created and configured for a particular purpose and then
shut down or even left running without properly decommissioning it

Answer 6

Dormant VM

Question 7

An open-source tool written in Python that can be used to audit instances and
policies created on multicloud platforms, including Amazon Web Services,
Microsoft Azure, and Google Cloud Platform

Answer 7

ScoutSuite

Question 8

An auditing tool for AWS that is used to evaluate the cloud infrastructure against
AWS benchmarks, GDPR compliance, and HIPAA Compliance

Answer 8

Prowler

Question 9

An open-source cloud penetration testing framework to test the security
configuration of an AWS account

Answer 9

Pacu

Question 10

Attacker’s may use multicloud services to create their attack platform

Answer 10

Cloud Forensics