Securing the Cloud

Question 1

According to NIST, this are the essential characteristics of cloud computing include the following:

Answer 1

• on-demand self-service
• broad network access
• resource pooling
• rapid elasticity
• measured service

Question 2

4 Types of Cloud deployment model

Answer 2

• Public Cloud (Open for public use)
• Private Cloud (used just by the client or organization)
• Community Cloud (shared between several organizations)
• Hybrid Cloud (Composed of two or mode clouds - including on-prem services)

Question 3

3 Cloud computing basic model

Answer 3

• Infrastructure as a Service (Iaas - cloud solution where you are renting infrastructure)
• Platform as a Service (Paas - Provides everything except application. Include SDLC, API,Website portals, or gateway software)
• Software as a Service (Saas - designed to provide a complete packaged solution)

Question 4

A software and hardware development project management that at least five to seven phases that follow in strict linear order.
Requirements>Design>Implementation>Verification>Maintenance

Answer 4

Waterfall Development Methodology

Question 5

A software and hardware development project management process where a project is managed by breaking it up into several stages and involving constant collaboration with stakeholders and continuos improvement and iteration at every stage

Answer 5

Agile Methodology

Question 6

Agile Methodolog 4 Main Values

Answer 6

• Individuals and interaction over processes and tools
• working software over comprehensive documentation
• customer collaboration over contract negotiation
• responding to change over following a plan

Question 7

Agile Methodology General Step

Answer 7

Plan>(test/deploy/review/design/develop)>Launch

Question 8

is the outcome of many trusted principles -from software development, manufacturing and leadership to the information technology value stream. Relies on bodies of knowledge from Lean, Theory of Constraints, resilience engineering, learning organizations, safety culture, human factors, and many others.

Answer 8

DevOps

Question 9

Technology Devops value stream includes the following

Answer 9

• Product Management
• Software (or hardware) development
• Quality Assurance (QA)
• IT Operations
• Infosec and cybersecurity practices

Question 10

Is a software development practice where programmers merge code changes in a central repository multiple times a day.

Answer 10

Continuous Integration (CI)

Question 11

This sits on top of CI and provides a way for automating entire software release process.

Answer 11

Continuos Delivery (CD)

Question 12

Is a cloud computing execution model where the cloud provide (AWS,Azure, Google Cloud and so on) dynamically manages the allocation and provisioning of servers. It also means that you will be using cloud platforms to host and or to develop your code.

Answer 12

Serverless

Question 13

One of the most popular container orchestration and management frameworks, originally developed by Google. Is a platform for creating , deploying and managing distributed applications

Answer 13

Kubernetes

Question 14

A container management and orchestration platform by HashCorp.

Answer 14

Nomad

Question 15

A distributed linux kernel that provides native support for launching containers with Docker and AppC images.

Answer 15

Apache Mesos

Question 16

A container cluster management and orchestration system integrated with the Docker Engine.

Answer 16

Docker Swarm

Question 17

A container management and orchestration platform by HashCorp.

Answer 17

Nomad

Question 18

A distributed linux kernel that provides native support for launching containers with Docker and AppC images.

Answer 18

Apache Mesos

Question 19

A container cluster management and orchestration system integrated with the Docker Engine.

Answer 19

Docker Swarm

Question 20

Is a collection of secure development practices and guidelines that any software developer should follow to build secure applications

Answer 20

OWASP Proactive protocols

Question 21

The ability to enforce network segmentation in container and VM environments

Answer 21

Micro-segmentation

Question 22

Amazon Shared Responsibility Model for SaaS

Answer 22

Customer responsibility - people,data

Cloud Service Provier Responsibility - application,runtime,middleware,operating system,virtual network,hypervisor,servers,storage,physical network

Question 23

Amazon Shared Responsibility Model for PaaS

Answer 23

Customer responsibility - people,data,application,

Cloud Service Provier Responsibility - runtime,middleware,operating system,virtual network,hypervisor,servers,storage,physical network

Question 24

Amazon Shared Responsibility Model for IaaS

Answer 24

Customer responsibility - people,data,application,runtime,middleware,operating system,virtual network,

Cloud Service Provier Responsibility - hypervisor,servers,storage,physical network

Question 25

Patch Management responsibility

Answer 25

Shared responsibility in IaaS and PaaS but not in SaaS envinroment

Question 26

Question to ask a Cloud Provider

Answer 26

• Who has access?
• What are providers regulatory requirements
• do you have the right to audit
• what type of training does the provider offer its employee
• what type of data classification system does the provider use
• how is your data seperated from users data. Is the data on a shared server or a dedicated server
• Is encryption being use
• What are the service legal agreement
• What is the long-term viability of the provider
• Will they assume liability in the case of a breach
• What is the DR/BCP

Question 27

Is a solution that evolved from the OpenDNS acquisition. This is a cloud delivered solution that blocks malicious destination using DNS

Answer 27

Cisco Umbrella

Question 28

Umbrella looks at the patterns of DNS requests from devices and uses them to detect the following:

Answer 28

• compromised systems
• command-and-control callbacks
• malware and phishing attempts
• algorithm-generated domains
• domain co-occurences
• newly registered domains
• malicious traffic and payloads that never reach the target

Question 29

Cisco Umbrella uses this routing in order to provide reliability of the recursive DNS service.

Answer 29

Anycast IP routing

Question 30

Umbrella uses authoritive DNS logs to find the following

Answer 30

• newly stage infrastructures
• malicious domains, IP addresses and ASNs,
• DNS hijacking
• Fast Flux domains
• Related domains

Question 31

Is a DNS technique used by botnets to hid phisihing and malware delivery sites behid an ever changing network of compromised hosts acting as proxies

Answer 31

Fast Flux

Question 32

Machine learning and advanced algorithms are used heavily to find and automatically block malicious domains.

Answer 32

• co-occurrence model (this model identifies domains required right before or after a given domain)
• Traffic spike model: (this model recognizes when spike in traffic to a domain match patterns seen with other attacks)
• Predictive IP space monitoring model ( this model starts with domain identified by the spike rank model and scores the steps attackers take to set up infrastructure)

Question 33

This concept of a cloud-based proxy is the basis for the ?

Answer 33

Secure Internet Gateway

Question 34

Provides organizations access to global intelligence that can be used to enrich security data and events or help with incident response. Provides complete view of attacker infrastructure. Provide access to inteliggence via web console or API

Answer 34

Cisco Umbrella Investigate

Question 35

Cisco Umbrella investigate provide this features

Answer 35

• Passive DNS database
• WHOIS record data
• Malware File analysis
• Autonomous System Number (ASN)
• IP Geolocation
• Domain and IP reputation scores
• Domain co-occurrences
• anomaly detection
• DNS request patterns and geo distribution of those request

Question 36

Cisco cloud email security supports several techniques to create the multiple layers of security needed to defend against attack types. These techniques include the following

Answer 36

• Geolocation-based filtering
• Cisco Context adapative scanning engine (CASE)
• Automated threat data drawn from Cisco TALOS
• Advanced malware protection (AMP)

Question 37

Cisoc email security feature which Is used to detect spear phishing attacks by examining one or more parts of the SMTP message for manipulation,including “envelope-from” “Reply To” and “From” Headers

Answer 37

Forged Email Detection (FED)

Question 38

Cisco email Security framework for sender authentication and oomainkeys identified mail (DKIM) and domain-based message authentication, reporting and conformance (DMARC) for domain authentication

Answer 38

Sender Policy framework

Question 39

Cisco Email security support advance encryption and _____ which is a standard-based method for sending and receiving secure,verified email address

Answer 39

S/MIME (Secure/Multipurpose Internet Mail Extensions)

Question 40

A company that was acquired by Cisco. The solution is a cloud access security broker (CASB). A CASB provide visibility and compliance checks, protect data against misuse and exfiltration, and provide threat protections against malware like ransomware.

Answer 40

Cisco Cloudlock

Question 41

A solution that uses NetFlow telemetry and contextual information from the Cisco Network infrastructure. This solution allows network administrators and cybersecurity professionals to analyze network telemetry in a timely manner and defend against cyber threats

Answer 41

Cisco Stealthwatch solution.

Question 42

Cisco Stealthwatch appliance can be deployed in two modes

Answer 42

• by processing network metadata from a SPAN or a network tap
• by processing metadata out of a netflow or ipfix flow records.

Question 43

Another company acquired by Cisco. Provides end-to-end visibility of applications and can provide insights about application performance.

Answer 43

AppDynamics(AppD)

Question 44

Is a cisco agentless technology that detect relationship and dependencies between applications and infrastructure layers.

Answer 44

Workload Optimization Manager

Question 45

Is a solution created by Cisco that utilizes rich traffic flow telemetry to address critical data centre operationally use cases. Uses both hardware and software agents as telemetry sources and performs advance analytics on the collected data

Answer 45

Cisco Tetration

Question 46

is a piece of software running within a host operation system (such as linux or windows). its core functionality is to monitor and collect network flow information.

Answer 46

Tetration software agent

Question 47

Is a functionallity inside Cisco Tetration that helps provide insight into the kind of complex applications that run in a data centre or in the cloud

Answer 47

Application Dependency Mapping (ADM)

Question 48

Is a software development methodology designed to improve quality and for teams to adapt to the changing needs of the customer

Answer 48

Extreme programming (EP)

Question 49

is a framework that help organizations work together because it encourages teams to learn through experiences

Answer 49

scrum

Question 50

CI/CD Pipeline stages

Answer 50

Source (git push)&raquo_space; Build (compile docker build)&raquo_space; Test (unit intergration&raquo_space; Deploy (Staging .. QA .. Production)

Question 51

Technique that can be used to find software errors, bugs and security vulnerabilities in application. Involve sending random data to the unit tested in order to find input validation issues, program failures, buffer overflows, and other flaws

Answer 51

fuzzing

Question 52

Cisc cloudlock provides a ________ in order to assess the relative risk of cloud connected and services according to business risk,usage risk and vendor compliance

Answer 52

Composite Risk Score (CRS)