Module 19 - Cloud Computing ( EC Mode Part 02 ) Flashcards
Which of the following practices allows administrators to secure a container environment from various cloud-based attacks?
A. Harden the host environment by removing non-critical native services.
B. Write sensitive information to code and configuration files.
C. Change the users’ default privileges from non-root to root.
D. Implement immutable containers that allow container modification after deployment.
Answer: A. Harden the host environment by removing non-critical native services.
Explanation:
Securing container environments requires a set of best practices to ensure the protection and confidentiality of data stored in the cloud. Here are some recommended best practices for securing container environments:
Implement Immutable Containers: Implement immutable containers that disallow modification after deployment. Immutable containers can help to prevent unauthorized access, modification, or deletion of container content.
Configure Role-Based Access Control (RBAC): Change the users’ default privileges from root to non-root and configure permissions using role-based access control (RBAC). This will help to reduce the risk of privilege escalation attacks and ensure that containers are accessed by authorized personnel only.
Avoid Writing Sensitive Information to Code and Configuration Files: Avoid writing sensitive information such as passwords, access keys, or other credentials to code and configuration files. This will help to reduce the risk of exposure of sensitive data.
Harden the Host Environment: Harden the host environment by removing non-critical native services. Also, harden the entire stack to ensure that vulnerabilities are minimized.
Keep Containers Lightweight: Always keep containers lightweight by reducing the number of components. This will help to minimize the attack surface and reduce the risk of exploitation.
Use Infrastructure-as-Code (IaC): Leverage Infrastructure-as-Code (IaC) to manage the cloud resources and verify the configuration before deployment. IaC helps to automate the deployment process, ensures consistency across different environments, and reduces the risk of human error.
By following these best practices, organizations can significantly improve the security posture of their container environments and mitigate the risk of security breaches.
Which of the following is a secure and independent private cloud environment that resides within the public cloud and allows clients to execute programs, host applications, save data, and perform any action on a private network using their accounts?
A. SAML
B. Container
C. VPC
D. Kubernetes
Answer: C. VPC
Explanation:
Cloud computing is a vast and complex field with many different technologies and concepts. Here are some important terms that you should know:
Virtual Private Cloud (VPC): VPC is a secure and independent private cloud environment that resides within the public cloud. VPC clients can execute programs, host applications, save data, and perform anything they wish on a private network using their individual accounts, but the private cloud is hosted by the public cloud provider. A VPC is generally independent from other VPCs running with the same account; hence, one VPC client cannot view the traffic directed to another client’s VPCs.
Security Assertion Markup Language (SAML): SAML is a popular open-standard protocol used for authentication and authorization between two communicating entities. It provides a single sign-on (SSO) facility for users to interact with multiple applications or services with one set of common credentials.
Container: A container is a package of an application/software including all its dependencies, such as library and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. Containers are portable, scalable, and can be deployed across different environments.
Kubernetes: Kubernetes, also known as K8s, is an open-source, portable, extensible, orchestration platform developed by Google for managing containerized applications and microservices. Kubernetes simplifies the deployment, scaling, and management of containerized applications by providing a set of powerful tools and APIs.
By understanding these important terms, you can better understand the various components and technologies that make up cloud computing, and how they work together to provide scalable, secure, and flexible cloud solutions.
Which of the following is a network routing solution that establishes and manages communication between an on-premises consumer network and VPCs via a centralized unit?
A. Transit gateways
B. Public and private subnets
C. VPC endpoint
D. Interface endpoint
Answer: A. Transit gateways
Explanation:
Virtual Private Cloud (VPC) is a fundamental service provided by cloud providers that allow customers to create a virtual network isolated from other customers in the cloud. Here are some important VPC-related terms that you should know:
Interface Endpoint: An interface endpoint is an elastic network interface (ENI) that has a private IP address within the limit of a defined subnet. It operates as an initial point of source for traffic towards a VPC or supported cloud services.
Public and Private Subnets: The subnets in VPC can be public or private. The virtual machines residing in the public subnet can transmit data packets directly over the web, while the VMs in a private subnet cannot.
Transit Gateways: A transit gateway is a network routing solution that establishes and manages communication between an on-premises consumer network and VPCs via a centralized unit. This approach simplifies the network topology and eliminates complicated peering connections.
VPC Endpoint: A VPC endpoint establishes a private connection between a VPC and another cloud service without access to the Internet, external gateways, NAT solutions, VPN connections, or public addresses. Therefore, the traffic between endpoints does not leave the organization’s network.
By understanding these VPC-related terms, you can better understand how to design and deploy a secure and scalable VPC architecture that meets your organization’s requirements.
George, a security engineer, was tasked with implementing security controls to prevent attacks such as XSS, CSRF, and session hijacking on the organization’s cloud environment. For this purpose, George selected a cloud security control that contains a set of rules, processes, policies, controls, and techniques that administer all the data exchange between collaborative cloud platforms such as Box, Google G Suite, Slack, and Microsoft Office 365.
Identify the security control implemented by George in the above scenario.
A. Cloud application security
B. High availability across zones
C. Cloud integration and auditing
D. Instance awareness
Answer: A. Cloud application security
Explanation:
Cloud computing is a complex field with many different concepts and technologies. Here are some important terms related to cloud security:
Cloud Application Security: Cloud application security is a set of rules, processes, policies, controls, and techniques that administer all the data exchange between collaborative cloud platforms such as Box, Google G Suite, Slack, and Microsoft Office 365. Implementing cloud application security prevents exploits such as cross-site scripting (XSS), cross-site request forgery (CSRF), session hijacking, SQL injection, and weak authentication.
High Availability Across Zones: A cloud environment for an application has high availability if the application’s services continue during intentional or unintentional network downtimes. High availability can be achieved by dividing servers into zones and maintaining network consistency across them.
Cloud Integration and Auditing: Cloud integration is the process of grouping multiple cloud environments together in the form of a public or hybrid cloud that enables administrators to continuously access and handle systems, services, data, and applications.
Instance Awareness: The cloud-based kill chain model describes the possibilities of using fake cloud instances for command and control to exfiltrate data from a cloud environment. Many security solutions such as firewalls, gateways, and other cloud security tools are incapable of fighting these threats because they cannot trace the differences between instances of cloud applications.
By understanding these important cloud security terms, you can better understand the different security challenges that arise in the cloud, and how to implement appropriate security controls and best practices to mitigate these challenges.
Which of the following is an app discovery tool that provides full visibility and risk information to manage cloud applications in a secure and organized manner?
A. Cisco Umbrella
B. OllyDbg
C. Stream Armor
D. BeRoot
Answer: A. Cisco Umbrella
Explanation:
Cybersecurity is a constantly evolving field, and staying up-to-date with the latest tools and technologies is crucial to maintaining effective security controls. Here are some important cybersecurity tools that you should know:
Cisco Umbrella: Cisco Umbrella is an app discovery tool that provides full visibility and risk information to manage cloud applications in a secure and organized manner. The dashboard displays the risk level of shadow cloud services and provides a summary based on app categories, which are sorted by their risk levels.
OllyDbg: OllyDbg is a 32-bit assembler-level analyzing debugger for Microsoft Windows. Its emphasis on binary code analysis makes it particularly useful when the source is unavailable.
BeRoot: BeRoot is a post-exploitation tool used to check common misconfigurations to find a way to escalate privilege.
Stream Armor: Stream Armor is a tool used to discover hidden Alternate Data Streams (ADS) and clean them completely from your system. Its advanced auto analysis, coupled with an online threat verification mechanism, helps you eradicate any ADSs that may be present.
By understanding these important cybersecurity tools, you can better understand the different types of tools and techniques available to secure your organization’s systems and networks.
Which of the following security controls involves keeping a warning sign on a fence or property that informs potential attackers of adverse consequences if they proceed to attack?
A. Deterrent controls
B. Corrective controls
C. Detective controls
D. Preventive controls
Answer: A. Deterrent controls
Explanation:
When it comes to cloud security, there are four main types of controls that organizations can implement to protect their cloud environments:
Deterrent controls: These controls are designed to discourage potential attackers from targeting the cloud system. Examples of deterrent controls include warning signs, security cameras, and security patrols.
Preventive controls: These controls are implemented to strengthen the cloud system against incidents by minimizing or eliminating vulnerabilities. Examples of preventive controls include access controls, firewalls, and encryption.
Detective controls: These controls are implemented to detect and respond to incidents as they occur. Examples of detective controls include intrusion detection systems (IDS), security information and event management (SIEM) systems, and log analysis.
Corrective controls: These controls are designed to minimize the damage caused by an incident by limiting the spread of the attack and restoring systems to their previous state. Examples of corrective controls include system backups, disaster recovery plans, and incident response teams.
By implementing a combination of these controls, organizations can improve their cloud security posture and better protect their sensitive data and critical systems from cyber threats.
Which of the following best practices helps security professionals in securing a serverless computing environment?
A. Disable signed requests for cloud vendors
B. Maximize serverless permissions in the development phase
C. Deploy functions in minimal granularity
D. Never use secret storage for sensitive information
Answer: C. Deploy functions in minimal granularity
Explanation:
Serverless computing has become increasingly popular for developing and deploying applications, but it also presents unique security challenges that need to be addressed. Here are some best practices for securing the serverless computing environment:
Minimize serverless permissions: In the development phase, it is essential to minimize the permissions granted to serverless functions to reduce the attack surface area. This helps to limit the potential damage an attacker can do if they compromise the function.
Regularly update dependencies: As with any application, it is important to regularly patch and update function dependencies and applications to ensure that known vulnerabilities are addressed.
Enable signed requests: To protect data in transit and prevent HTTP replay attacks, enable signed requests for cloud vendors.
Deploy functions in minimal granularity: It is best to deploy functions in minimal granularity to minimize the level of detail and prevent implicit global roles. This ensures that functions only have the permissions necessary to perform their specific tasks.
Monitor function layers: Regularly monitoring function layers can help identify any attempts at malicious code injection and other web server attacks.
Use third-party security tools: Third-party security tools can provide additional layers of visibility and control for securing serverless environments.
Use secret storage: Use secret storage for sensitive information that provides both runtime access and key rotation for protection.
By implementing these best practices, organizations can improve their security posture and better protect their serverless computing environments from cyber threats.
The components such as DLP, CMF, database activity monitoring, and encryption are included in which of the following cloud security control layers?
A. Applications layer
B. Computer and storage
C. Information layer
D. Management layer
Answer: C. Information layer
Cloud Security Control Layers:
Application Layer:
Establish policies that match industry security standards (e.g. OWASP).
Comply with regulatory and business requirements.
Implement controls such as SDLC, binary analysis, scanners, web app firewalls, and transactional security.
Management Layer:
Perform administrative tasks to facilitate uninterrupted cloud services.
Look for policies such as GRC, IAM, VA/VM, patch management, configuration management, and monitoring.
Information Layer:
Develop and document an information security management program (ISMP).
Include administrative, technical, and physical safeguards to protect against unauthorized access, modification, or deletion.
Implement controls such as DLP, CMF, database activity monitoring, and encryption.
Computation and Storage:
Establish policies and procedures for data storage and retention.
Implement appropriate backup mechanisms to ensure availability and compliance.
Implement controls such as host-based firewalls, HIDS/HIPS, integrity and file/log management, encryption, and masking.
Which of the following categories of security controls strengthens the system against incidents by minimizing or eliminating vulnerabilities?
A. Deterrent controls
B. Corrective controls
C. Preventive controls
D. Detective controls
Answer: C. Preventive controls
These are various types of cloud security controls that can be implemented in a cloud environment to enhance its security posture.
Deterrent Controls: These controls are used to discourage potential attackers from launching an attack on the cloud system. An example of a deterrent control is a warning sign on the fence or property to inform potential attackers of adverse consequences if they proceed to attack.
Preventive Controls: These controls are used to strengthen the cloud system against incidents by minimizing or eliminating vulnerabilities. An example of a preventive control is a strong authentication mechanism to prevent unauthorized use of cloud systems.
Detective Controls: These controls are used to detect and react appropriately to incidents that happen in the cloud environment. An example of a detective control is employing IDSs, IPSs, etc. to help detect attacks on cloud systems.
Corrective Controls: These controls are used to minimize the consequences of an incident by limiting the damage. An example of a corrective control is restoring system backups.
Detective security controls detect and react appropriately to the incidents that happen on the cloud system. Which of the following is an example of detective security controls?
A. Employing IDSs and IPSs
B. Restoring system backups
C. Identifying warning sign on the fence
D. Implementing strong authentication mechanism
Answer: A. Employing IDSs and IPSs
Explanation:
Detective controls: These controls detect and react appropriately to the incidents that happen. For Example, employing IDSs, IPSs, and so on helps to detect attacks on cloud systems.
Which of the following categories of security controls minimizes the consequences of an incident by limiting the damage?
A. Preventive controls
B. Detective controls
C. Corrective controls
D. Deterrent controls
Answer: C. Corrective controls
These are various types of cloud security controls that can be implemented in a cloud environment to enhance its security posture.
Deterrent Controls: These controls are used to discourage potential attackers from launching an attack on the cloud system. An example of a deterrent control is a warning sign on the fence or property to inform potential attackers of adverse consequences if they proceed to attack.
Preventive Controls: These controls are used to strengthen the cloud system against incidents by minimizing or eliminating vulnerabilities. An example of a preventive control is a strong authentication mechanism to prevent unauthorized use of cloud systems.
Detective Controls: These controls are used to detect and react appropriately to incidents that happen in the cloud environment. An example of a detective control is employing IDSs, IPSs, etc. to help detect attacks on cloud systems.
Corrective Controls: These controls are used to minimize the consequences of an incident by limiting the damage. An example of a corrective control is restoring system backups.
Which of the following practices assists cloud administrators in securing a Docker environment from various cyberattacks?
A. Limit SSH login connections to the admin for processing the log files of containers.
B. Enable the inter-container communication feature when running the Docker daemon by using –icc=false.
C. Secure the API endpoints with HTTP when exposing the RESTful API.
D. Disable the read-only mode on filesystems and volumes by unsetting the –read-only flag.
Answer: A. Limit SSH login connections to the admin for processing the log files of containers.
Best Practices for Securing Docker Environment:
Secure the API endpoints with HTTPS when exposing the RESTful API.
Limit SSH login connections to the admin for processing log files of containers while performing administrative operations such as testing and troubleshooting.
Disable the inter-container communication feature when running Docker demon by using –icc=false. To communicate with other containers, you can use –link=CONTAINER_NAME_or_ID:ALIAS option
Enable read-only mode on filesystems and volumes by setting the –read-only flag.
Which of the following practices helps security professionals in protecting a serverless computing environment from various cyberattacks?
A. Use timeouts to limit how longer serverless functions can execute.
B. Maximize serverless permissions in the development phase to reduce the attack surface area.
C. Never use third-party security tools.
D. Disable signed requests for cloud vendors to protect the data in transit and to prevent HTTP replay attacks.
Answer: A. Use timeouts to limit how longer serverless functions can execute.
Best practices for securing serverless computing environments:
Use third-party security tools because they provide additional layers of visibility and control.
Minimize serverless permissions in the development phase to reduce the attack surface area.
Enable signed requests for cloud vendors to protect the data in transit and to prevent HTTP replay attacks.
Use timeouts to limit how long serverless functions can execute.