RISK

Question 1

RISK by Svc Models
What Risk is addressed by SaaS?

What (4) environments are affected?

Answer 1

Consumer – Multi-Tenants may share same applic stack ie: (4)
WEB, DB, APP, Ntwk

Question 2

RISK by Svc Models

What Risk is addressed by PaaS?

Answer 2

Build – Vuln in Platform stack BLEEDS sharing data BU, archives

Question 3

RISK by Svc Models

What Risk is addressed by IaaS?

Answer 3

HOST – Cross Ntwk traffic listeners find host less hardened/ptch’d other Tenants

Question 4

What are 5 characteristics of Cloud? BORRM

Answer 4

Broad Network Access – 
On Demand Svc – 
Rapid Elasticity – 
Resource Pooling – 
Measured Svc Pay-as-Go –

Question 5

As part of a cloud provider’s services, customers can provision a new virtual machine as needed without human interaction with the provider. This scenario is BEST described by which of the following cloud characteristics?

A. On-demand self-service
B. Measured service
C. Broad network access
D. Rapid elasticity

Answer 5

A. On-demand self-service

Question 6

Which of the following is the MOST important service management consequence of elastic capacity?

A. The need for better application development
B. The need for better security management
C. The need for good performance monitoring and management
D. The need to improve the fulfillment and provisioning process

Answer 6

C. The need for good performance monitoring and management

Question 7

Which of the following is the MOST important impact of cloud computing on managing service levels?

A. Capacity can be more elastic.
B. External providers can deny a capacity increase when required.
C. Providers measure their own performance.
D. Scarcity of resources can occur if not monitored

Answer 7

A. Capacity can be more elastic.

Question 8

Which of the following does IT outsourcing and cloud computing typically have in common?

A. Pay as you go agreements
B. Short-term financial commitment
C. Tailor-made applications based on client needs
D. Vendor lock-in potential

Answer 8

D. Vendor lock-in potential

Question 9

What type of attack is Heartbleed ?
How is it detected?
What does it affect?

Answer 9

RAM read attack – OPEN SSL – Detects heartbleed TLS used – network session keys

Question 10

What type of attack is Petya?
What does it target?
What does it do?

Answer 10

Ransomware - WIN MB Record - Encrypts HDD prevents WIN reboot

Encrypts Ransomware – Target WIN MB Rec. Encrypts HDD Prevents WIN Boot

Question 11

What type of attack is Wanna Cry?
What does it target?
What type of vulnerability?

Answer 11

Ransomware – Target WIN - Crypto Worm

Question 12

What type of attack is Poodle?
What does it target?
what type of weakness does it attack?

Answer 12

PAD Oracle - SSL 3.0 - MitM plain txt
PAD Oracle on Downgrade Legacy Encryption – Target browser relies on SSL 3. 0 Protocol weakness allows MiTM attack to see plain txt content

Question 13

What is Broad Netwk Access?

Answer 13

Cloud benefit: Available by phone, PC, anywhere

Question 14

What is On Demand Service?

Answer 14

Request what you need, when you need it: Server, Storage, automated

Question 15

What is Rapid Elasticity?

Answer 15

Rapid provision. Scale IN / Scale OUT

Question 16

What is Resource Pooling?

Answer 16

Resources pooled to server multiple customer, using multi-tenant model, filled from multiple locations

Question 17

What is Measured service Pay - As - You - Go?

Answer 17

Shared mechanisms, resource metering, capability, monitoring, controlled, reported