Section 1 - Design Secure Cloud Solutions

Question 1

At the end of the day, cloud security enables

Answer 1

Decreases attack surface
Compliance
Standardization and Best practices

Question 2

Multi Cloud is

Answer 2

AWS and Azure and for features and pricing

Question 3

Community Cloud

Answer 3

Shared resources and typically universities and thinktanks. Also gaming communities can follow under this

Question 4

What is the core crucial security task of a CSP

Answer 4

Preserving Isolation

Question 5

What additional elements is not included in the CIA Triad

Answer 5

Privacy - a valid concern based on regulations

Auditability

Regulatory Oversignt

Question 6

What are some major concerns clients should have with moving to the Cloud

Answer 6

Reversibility - can you reverse the move

Avoid Vendor Lock In

Interoperability

Question 7

What is the technical discipline designed to apply the principles of Data Science and statistics to uncover knowledge hidden in the data we accumulate every day

Answer 7

Machine Learning

Question 8

Machine Learning is a subset of a broader field called _______ which has the following goals

Answer 8

AI

Descriptive Analytics
Predictive Analytics
Prescriptive Analytics - Optimize our behavior

Question 9

What is the technology called that is in essence a secure distributed and immutable ledger and what drove its creation and use

Answer 9

Block Chain
BitCoin

Question 10

NIST 800-53 3 Control Implementation Approaches

Answer 10

Common (inheritable)
System Specific
Hybrid

Question 11

What organization produces the STAR Report and for what purpose

Answer 11

Cloud Security Alliance (CSA)
Security, Trust, Assurance and Risk Registry

Question 12

Name some common Container Repositories

Answer 12

Docker Hub - Public
Docker Trusted Registry - Private
Azure Container Registry - Private

Question 13

Name the 3 Block Storages for each Azure, AWS, and Google

Answer 13

AWS - S3 Buckets
Azure Blob Storage

Question 14

Name some of the best practices for monitoring AWS Virtual Private Cloud (VPC)

Answer 14

Enable CloudWatch Logs
Use AWS Cloud Trail to monitor VPN Configs
Enable VPC Flow Logs

You can also use Amazon Guard Duty to detect anomalous behavior

Question 15

What is the name for AWS DNS Services and what is the Amazon service for analyzing DNS Logs

Answer 15

Amazon Route 53

Amazon Guard Duty

Question 16

Name the 3 providers CDN

Answer 16

Amazon CloudFront
Azure CDN
Google Cloud CDN

Question 17

Name the 3 providers DDoS protection services

Answer 17

AWS Shield
Azure DDoS Protection
Google Cloud Armor

Question 18

What is the equivalent of Azure ExpressRoute in AWS

Answer 18

AWS Direct Connect

Question 19

What is the NIST Security Framework for Cloud Providers

Answer 19

NIST 800-210

Question 20

What is the NIST Cloud Computing Standards Roadmap and what are the 5 major actors that should be considered when designing a secure solutions

Answer 20

NIST 500-291

Cloud Consumer
Cloud Provider
Cloud Auditor
Cloud Broker
Cloud Carrier

Question 21

What is the type of Cryptography that uses elliptical curve and what makes it appealing

Answer 21

ECC and much smaller keys

Question 22

Name the 3 Cloud Providers Long Term Storage/Archive

Answer 22

Amazon Glacier
Azure Archive Storage
Googles Coldline

Question 23

What are the hardware devices for encryption called

Answer 23

Hardware Security Module (HSM)
create, store, and manage encryption keys.