Siedel Chapter 5 Review Questions Flashcards

1
Q

Charles is working with internal auditors to review his organizations cloud infrastructure. Which of the following is not a common goal of internal audits?

A. Testing operational integrity
B. Improving practices
C. Providing attestation of compliance to a standard to a third party
D. Validating practices against an industry standard

A

C. Providing attestation of compliance to a standard to a third party

Explanation:
Internal audits typically attempt to test operational integrity and to identify areas of improvement. They may also validate practices against an industry standard. They are not typically done to provide attestations to third parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Maria’s organization wants to ensure that logins by most malicious actors would be prohibited if a system administrators credentials were compromised. What technology is commonly used to check for potential malicious logins from international attacks?

A. Geofencing
B. IPOrigin
C. Multifactor
D. Biometric authentication

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Alaina wants to ensure that her system instances for a web application hosted in her cloud data center have proper security for data at rest. What solution should she select to help ensure this?

A. Disk or volume hashing
B. Use only ephemeral disks or volumes
C. Use read only disks or volumes
D. Disk or volume encryption

A

A. Geofencing

Explanation:
Geofencing is often used as part of a set of controls to prevent unauthorized logins. Auditing against logins that occur from new or unapproved locations and even preventing logins from unauthorized locations can be a useful preventative control. IPOrigin was made up and MFA and Biometric logins are used to prevent unauthorized access, not to check for potential malicious logins

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Jason wants to validate that the open source software package he has downloaded matches the official release. What technique is commonly used to validate packages?

A. Encryption
B. Rainbow tables
C. Decryption
D. Hashing

A

D. Hashing

Explanation:
MD5 or SHA1 hashing is often used to check the hash of downloaded software against a published official hash for the package or software. Encryption and decryption are not used for validation, and rainbow tables are used for password cracking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Naomi’s organization has adopted the CIS security controls for Windows. What type of solution have they adopted?

A. A SOC template
B. An ISO Standard
C. A security baseline
D. A NIST Standard

A

C. A security baseline

Explanation:
The CIS security controls are a security baseline adopted by many organizations. Naomis organization should still review and modify the controls to match its need. SOC is an auditing report type and both ISO and NIST provide standards, but the CIS security controls arent ISO or NIST standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Yarif’s organization wants to process sensitive information in a cloud environment. The organization is concerned about data throughout its lifecycle. What protection should it select for its compute elements if security is a priority and cost is less important?

A. Memory encryption
c
C. Shared hardware instances
D. Avoiding installing virtualization tools

A

C. A security baseline

Explanation:
Using dedicated hardware instances, while expensive, is the most secure option for protecting compute from potential side channel attacks or attacks against the underlying hypervisor layer for cloud hosted systems. Memory encryption may exist at the hypervisor level, but cloud providers do not typically makes this an accessible option, and virtualization tools are not a major security benefit or detractor in this scenario

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Valerie’s organization uses a security baseline as part of its systems’ configuration process. Which of the following is not a typical part of base lining process?

A. Limiting administrator access
B. Removing antimalware agents
C. Closed unused ports
D. Removing unnecessary services and libraries

A

B. Removing antimalware agents

Explanation:
Removing antimalware agents is not a typical part of a baselining process. Installing one might be though. Limiting administrator access, closing unused ports and disabling unneeded services are all common baselining activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Hrant wants to ensure that traffic inside his organization’s VNet, Azure’s basic building block for customer IaaS instances. What should he do to protect it?

A. VNet traffic is already secure; he does not need to do anything
B. Set up VPN tunnels between each system
C. Set up and use a bastion host for all secure traffic
D. Use end to end encryption for all communications

A

D. Use end to end encryption for all communications

Explanation:
While virtual networks in cloud environments are typically well isolated, Hrants best choice is to use end to end encryption for all communications. A VPN for each system is impractical, and bastion hosts are used to provide access from less secure to more secure zones or networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Asha is configuring a virtualized environment and wants to back up a virtualized server, including its memory state. What type of backup should she perform?

A. A full backup
B. A snapshot
C. An incremental backup
D. A differential backup

A

B. A snapshot

Explanation:
Snapshots in virtual environments not only capture the current state of the machine, they also allow point in time restorations. Full, incremental, and differential backups back up the drive of a system but not the memory state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Flex is planning for his organizations third party audit process after recently switching to a cloud SaaS provider. What information will Felix most likely be unable to provide?

A. Access logs
B. Operating system logs
C. Activity logs
D. User and account privilege information

A

B. Operating system logs

Explanation:
SaaS environment will not be able to provide OS logs to third party auditors since the servcie provider is unlikely to provide them to customers. Access and activity logs as well as user and account privilege information are all likely to be available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Mark has set up a series of tasks that make up a workflow to ensure that his cloud hosted web application environment sclaes, updates and maintains itself. What cloud management plane feature is he leveraging?

A. Maintenance
B. Scheduling
C. Orchestration
D. Virtualization

A

C. Orchestration

Explanation:
Orchestration describes the broad set of capabilities that allow automated task based control of services, processes or workflows. It can handle maintenance and uses scheduling, but its uses are broader than both. Virtualization is a key component of the cloud but does not describe this specific use appropriately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Amanda downloads VeraCrypt, a free, open source disk encryption software package. When she downloads the software, she sees the following information on the downloads page:

What will she need to validate the signature and ensure that the software is legitimate?

A. VeraCrypts private key
B. Her Private Key
C. VeraCrypts public key
D. Her public key

A

C. VeraCrypts public key

Explanation:
To validate the software, she will need VeraCrypts public key. Fortunately, VeraCrypt provides the key and the signatures on the same page for easy access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Ting sets a system up in her Amazon VPC that exists in a low security, public internet facing zone and also has an interface connected to a high security subnet that is used to house application servers so that she can administer those systems. What type of security solution has she configured?

A. A firewall hopper
B. A bastion host
C. A bridge
D. A bailey system

A

B. A bastion host

Explanation:
Bastion hosts are used to connect from a lower security zone to a higher security zone. Ting has configured one to allow in bound access and will need to pay particular attention to the security and monitoring of the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Lisa’s organization installs virtualization tools on each virtual machine it sets up. Which of the following is not a common function of virtualization tools?

A. Access to sound and video cards
B. Mapping storage
C. Improved networking
D. Control of the underlying host operating system

A

D. Control of the underlying host operating system

Explanation:
Common functionality of Guest OS tools include mapping storage; supporting improved networking; video output, sound or input capabilities. They do not usually allow control of the underlying host OS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Susans organization is a cloud service provider that runs its hypervisor directly on the underlying hardware for its systems. What type of hypervisor is Susan running?

A. Type 1
B. Type 2
C. Type 3
D. Type 4

A

A. Type 1

Explanation:
Type 1 hypervisors run directly on the underlying hardware or the bare metal, and Type 2 hypervisors run inside of another OS, like Windows or Linux.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The CIO of Gurcinders company wants him to have its audit company perform an audit of its cloud infrastructure provider. Why are cloud infrastructure vendors unlikely to allow audits of their system and infrastructure by customer sponsored third parties?

A. They do not want to have problems with their service identified.
B. Audits may disrupt their other customers or lead to risks of data exposure for those customers
C. It is required for compliance with industry standard best practices
D. It would have to be reported as a potential data breach

A

B. Audits may disrupt their other customers or lead to risks of data exposure for those customers

Explanation:
Allowing access to their environments for auditors has the potential to lead to disruption of service for the wide range of customers they support. If they allowed audits for their multitude of customers, theyd be in a perpetual audit process, which is constly and time consuming. Organizations typically do want to identify problems with their service. Not allowing auditors access is not required by best practices and would not be reported as a data breach

14
Q

Michelle wants to securely store her organizations secrets using a cloud service. What tool should she select?

A. TPM as a service
B. GPG as a service
C. HSM as a service
D. SSD as a service

A

C. HSM as a service

Explanation:
A HSM service will provide the functionality Michelle is looking for. A TPM, or trusted platform module, is associated with local system security rather than for organization wide secrets storage and management. GPG is an encryption package and wont do what she needs, and SSDs are storage devices, not encryption management tools

15
Q

Helen wants to apply rules to traffic in her cloud hosted environment. What cloud tool allows rules permitting traffic to pass or be blocked to be set based on information like the destination or source hsot or IP address, port, and protocol?

A. Security groups
B. Stateless IDS
C. VPC boundaries
D. Stateful IPS

A

A. Security groups

Explanation:
Security groups act like firewalls in cloud environments, allowing rules that control traffic by host, port and protocol to be set to allow or disallow traffic. Stateless and stateful IDSs and IPs were made up for this question and VPC boundaries are not a technical solution or tool

16
Q

Jaime wants to set up a tool that will allow him tp capture and analyze attacker behavior, including command line activity and uploaded toolkits targeted at systems in his environment. What type of tool should he deploy?\

A. A dark web
B. A honeypot
C. A network IPS
D. A network IDS

A

B. A honeypot

Explanation
Honeypots are intentionally vulnerable systems set up to capture attacker behavior and include tools to allow analysis.

17
Q

Chris is using a third party vulnerability scanning application in his cloud hosted environment. Which of the following issues is he unlikely to be able to detect with a vulnerability scanner?

A. Malware
B. Defined vulnerabilities
C. Zero day exploits
D. Programming flaws

A

C. Zero day exploits

Explanation:
Vulnerability scanners cant detect zero day exploits because they wont have detection rules or definitions for them. Zero day exploits havent been announced or detected and thus wont be part of their library. Malware, known vulnerabilities, and programing flaws may all be detected by vulnerability scanners