Lesson 15: Implementing Secure Cloud Solutions Flashcards
Analyze and select the accurate statements about threats associated with virtualization. (Select all that apply.)
A. Virtualizing switches and routers with hypervisors make virtualization more secure.
B. VM escaping occurs as a result of malware jumping from one guest OS to another.
C. A timing attack occurs by sending multiple usernames to an authentication server to measure the server response times.
D. VMs providing front-end, middleware, and back-end servers should remain together to reduce security implications of a VM escaping attack on a host located in the DMZ.
B,C
When provisioning application services in network architecture, an engineer uses a microservices approach as a solution. Which principle best fits the engineer’s implementation?
A. Components working together to perform a workflow
B. Being closely mapped to business workflows
C. The performing of a sequence of automated tasks
D. Each program or tool should do one thing well
D
A company has recently started using a Platform as a Service (PaaS). Compare cloud service types to determine what is being deployed.
A. The company has leased servers and a Storage Area Network (SAN).
B. The company has leased a suite of applications that were outside of the budget to purchase outright.
C. The company has outsourced the responsibility for information assurance.
D. The company has leased an instance that runs Microsoft Azure SQL Database.
D
A developer considers using an API for service integration and automation. If choosing Representational State Transfer (REST) as the API, which features can the developer expect? (Select all that apply.)
A. The ability to submit a request as an HTTP operation/verb
B. It is a looser architectural framework
C. It uses XML format messaging
D. It has built-in error handling
A,B
A systems administrator deploys a cloud access security broker (CASB) solution for user access to cloud services. Evaluate the options and determine which solution may be configured at the network edge and without modifying a user’s system.
A. Single sign-on
B. Application programming interface
C. Forward proxy
D. Reverse proxy
D
A reverse proxy (positioned at the cloud network edge) directs traffic to cloud services if the contents of that traffic comply with policy. This does not require configuration of users’ devices.
An organization plans a move of systems to the cloud. In order to identify and assign areas of risk, which solution does the organization establish to contractually specify cloud service provider responsibilities?
A. Service level agreement
B. Trust relationship
C. Responsibilities matrix
D. High availability
A
An engineer uses an abstract model that represents network functionality. Using infrastructure as code to deploy and manage a network, how does the engineer make control decisions?
A. By managing compatible physical appliances
B. By prioritizing and securing traffic
C. By monitoring traffic conditions
D. By using security access controls
B
A security team suspects the unauthorized use of an application programming interface (API) to a private web-based service. Which metrics do the team analyze and compare to a baseline for response times and usage rates, while investigating suspected DDoS attacks? (Select all that apply.)
A. Number of requests
B. Error rates
C. Latency
D. Endpoint connections
A,C
A startup designs a new online service and uses a serverless approach for some business functions. With this approach, how does the startup perform these functions? (Select all that apply.)
A. Virtual machines
B. Containers
C. Single service
D. Orchestration
B,D
A large sales organization uses a cloud solution to store large amounts of data. One afternoon, the data becomes inaccessible due to an outage at a data center. Which replication service level is currently in use?
A. Regional
B. Local
C. Geo-redundant
D. Zone
B
A systems administrator configures several subnets within a virtual private cloud (VPC). The VPC has an Internet gateway attached to it, however, the subnets remain private. What does the administrator do to make the subnets accessible by the public?
A. Configure any VPC endpoints.
B. Create a VPN between VPCs.
C. Configure a default route for each subnet.
D. Create a VPC for each subnet.
C
A security professional is looking to harden systems at an industrial facility. In particular, the security specialist needs to secure an HVAC system that is part of an IoT network. Which areas does the specialist look to secure from data exfiltration exploits? (Select all that apply.)
A. Edge devices
B. Data center
C. Fog node
D. Edge gateway
C,D
A company conducts file sharing via a hosted private cloud deployment model. Which scenario accurately depicts this type of file sharing?
A. A cloud hosted by a third party for the exclusive use of the organization.
B. A cloud hosted by a third party and shared with other subscribers.
C. A cloud that is completely private to and owned by the company that utilizes it.
D. A cloud where several organizations share the costs of a cloud in order to pool resources for a common concern.
A
What actions are typically recommended when securing virtualized and cloud-based resources? (Select all that apply.)
A. Ensure virtual machines are logging all events for auditing.
B. Enforce the principle of most privilege for access to VMs.
C. Ensure software and hosts are patched regularly.
D. Configure devices to support isolated communications.
C,D
A company has many employees that work from home. The employees obtain data and post data to a shared file they access through a link on the Internet. Consider the types of virtualization and conclude which the company is most likely utilizing.
A. Rapid elasticity
B. Measured service
C. Cloud computing
D. Resource pooling
C
