Siedel Chapter 5 Review Questions Flashcards
Charles is working with internal auditors to review his organizations cloud infrastructure. Which of the following is not a common goal of internal audits?
A. Testing operational integrity
B. Improving practices
C. Providing attestation of compliance to a standard to a third party
D. Validating practices against an industry standard
C. Providing attestation of compliance to a standard to a third party
Explanation:
Internal audits typically attempt to test operational integrity and to identify areas of improvement. They may also validate practices against an industry standard. They are not typically done to provide attestations to third parties
Maria’s organization wants to ensure that logins by most malicious actors would be prohibited if a system administrators credentials were compromised. What technology is commonly used to check for potential malicious logins from international attacks?
A. Geofencing
B. IPOrigin
C. Multifactor
D. Biometric authentication
Alaina wants to ensure that her system instances for a web application hosted in her cloud data center have proper security for data at rest. What solution should she select to help ensure this?
A. Disk or volume hashing
B. Use only ephemeral disks or volumes
C. Use read only disks or volumes
D. Disk or volume encryption
A. Geofencing
Explanation:
Geofencing is often used as part of a set of controls to prevent unauthorized logins. Auditing against logins that occur from new or unapproved locations and even preventing logins from unauthorized locations can be a useful preventative control. IPOrigin was made up and MFA and Biometric logins are used to prevent unauthorized access, not to check for potential malicious logins
Jason wants to validate that the open source software package he has downloaded matches the official release. What technique is commonly used to validate packages?
A. Encryption
B. Rainbow tables
C. Decryption
D. Hashing
D. Hashing
Explanation:
MD5 or SHA1 hashing is often used to check the hash of downloaded software against a published official hash for the package or software. Encryption and decryption are not used for validation, and rainbow tables are used for password cracking
Naomi’s organization has adopted the CIS security controls for Windows. What type of solution have they adopted?
A. A SOC template
B. An ISO Standard
C. A security baseline
D. A NIST Standard
C. A security baseline
Explanation:
The CIS security controls are a security baseline adopted by many organizations. Naomis organization should still review and modify the controls to match its need. SOC is an auditing report type and both ISO and NIST provide standards, but the CIS security controls arent ISO or NIST standards
Yarif’s organization wants to process sensitive information in a cloud environment. The organization is concerned about data throughout its lifecycle. What protection should it select for its compute elements if security is a priority and cost is less important?
A. Memory encryption
c
C. Shared hardware instances
D. Avoiding installing virtualization tools
C. A security baseline
Explanation:
Using dedicated hardware instances, while expensive, is the most secure option for protecting compute from potential side channel attacks or attacks against the underlying hypervisor layer for cloud hosted systems. Memory encryption may exist at the hypervisor level, but cloud providers do not typically makes this an accessible option, and virtualization tools are not a major security benefit or detractor in this scenario
Valerie’s organization uses a security baseline as part of its systems’ configuration process. Which of the following is not a typical part of base lining process?
A. Limiting administrator access
B. Removing antimalware agents
C. Closed unused ports
D. Removing unnecessary services and libraries
B. Removing antimalware agents
Explanation:
Removing antimalware agents is not a typical part of a baselining process. Installing one might be though. Limiting administrator access, closing unused ports and disabling unneeded services are all common baselining activities
Hrant wants to ensure that traffic inside his organization’s VNet, Azure’s basic building block for customer IaaS instances. What should he do to protect it?
A. VNet traffic is already secure; he does not need to do anything
B. Set up VPN tunnels between each system
C. Set up and use a bastion host for all secure traffic
D. Use end to end encryption for all communications
D. Use end to end encryption for all communications
Explanation:
While virtual networks in cloud environments are typically well isolated, Hrants best choice is to use end to end encryption for all communications. A VPN for each system is impractical, and bastion hosts are used to provide access from less secure to more secure zones or networks
Asha is configuring a virtualized environment and wants to back up a virtualized server, including its memory state. What type of backup should she perform?
A. A full backup
B. A snapshot
C. An incremental backup
D. A differential backup
B. A snapshot
Explanation:
Snapshots in virtual environments not only capture the current state of the machine, they also allow point in time restorations. Full, incremental, and differential backups back up the drive of a system but not the memory state
Flex is planning for his organizations third party audit process after recently switching to a cloud SaaS provider. What information will Felix most likely be unable to provide?
A. Access logs
B. Operating system logs
C. Activity logs
D. User and account privilege information
B. Operating system logs
Explanation:
SaaS environment will not be able to provide OS logs to third party auditors since the servcie provider is unlikely to provide them to customers. Access and activity logs as well as user and account privilege information are all likely to be available
Mark has set up a series of tasks that make up a workflow to ensure that his cloud hosted web application environment sclaes, updates and maintains itself. What cloud management plane feature is he leveraging?
A. Maintenance
B. Scheduling
C. Orchestration
D. Virtualization
C. Orchestration
Explanation:
Orchestration describes the broad set of capabilities that allow automated task based control of services, processes or workflows. It can handle maintenance and uses scheduling, but its uses are broader than both. Virtualization is a key component of the cloud but does not describe this specific use appropriately
Amanda downloads VeraCrypt, a free, open source disk encryption software package. When she downloads the software, she sees the following information on the downloads page:
What will she need to validate the signature and ensure that the software is legitimate?
A. VeraCrypts private key
B. Her Private Key
C. VeraCrypts public key
D. Her public key
C. VeraCrypts public key
Explanation:
To validate the software, she will need VeraCrypts public key. Fortunately, VeraCrypt provides the key and the signatures on the same page for easy access
Ting sets a system up in her Amazon VPC that exists in a low security, public internet facing zone and also has an interface connected to a high security subnet that is used to house application servers so that she can administer those systems. What type of security solution has she configured?
A. A firewall hopper
B. A bastion host
C. A bridge
D. A bailey system
B. A bastion host
Explanation:
Bastion hosts are used to connect from a lower security zone to a higher security zone. Ting has configured one to allow in bound access and will need to pay particular attention to the security and monitoring of the system
Lisa’s organization installs virtualization tools on each virtual machine it sets up. Which of the following is not a common function of virtualization tools?
A. Access to sound and video cards
B. Mapping storage
C. Improved networking
D. Control of the underlying host operating system
D. Control of the underlying host operating system
Explanation:
Common functionality of Guest OS tools include mapping storage; supporting improved networking; video output, sound or input capabilities. They do not usually allow control of the underlying host OS
Susans organization is a cloud service provider that runs its hypervisor directly on the underlying hardware for its systems. What type of hypervisor is Susan running?
A. Type 1
B. Type 2
C. Type 3
D. Type 4
A. Type 1
Explanation:
Type 1 hypervisors run directly on the underlying hardware or the bare metal, and Type 2 hypervisors run inside of another OS, like Windows or Linux.