Fundamentals of Cloud Security

4.7 (3 avaliações)

• Cartões

• Aprender

• Avaliar

• Combinar

Which value can be achieved by the ability to pool resources in cloud computing?

resource aggregation
economies of scale and agility
application consolidation
elasticity

Clique no cartão para virá-lo 👆

economies of scale and agility

Clique no cartão para virá-lo 👆

1 / 77

Criada por

jmccoy85Professor

Termos nesta lista (77)

Which value can be achieved by the ability to pool resources in cloud computing?

resource aggregation
economies of scale and agility
application consolidation
elasticity

economies of scale and agility

Which cloud solution is hosted in-house and usually is supported by a third party?

distributed workforce
cloud infrastructure
on-premises
infrastructure as a service

on-premises

Which software development concept that also has been applied more generally to IT says that additional future costs for rework are anticipated due to an earlier decision or course of action that was necessary for agility but was not necessarily the most optimal or appropriate decision or course of action?

role-based access control
technical debt
software lifecycle
runtime environment

technical debt

In which cloud service model are customers responsible for securing their virtual machines and the virtual machine operating systems, and for operating system runtime environments, application software, and application data?

platform as a service (PaaS)
identity as a service (IaaS)
software as a service (SaaS)
infrastructure as a service (IaaS)

infrastructure as a service (IaaS)

Which type of hypervisor is hosted and runs within an operating system environment?

Type 1
Type 2
Type 3
Type 4

Type 2

Which cloud security best practice is deployed to ensure that every person who views or works with your data has access only to what is absolutely necessary?

set appropriate privileges
keep cloud software updated
build security policies and best practices into cloud images
review default settings

set appropriate privileges

Which security consideration is associated with inadvertently missed anti-malware and security patch updates to virtual machines?

hypervisor vulnerabilities
VM sprawl
dormant VMs
intra-VM communications

dormant VMs

Which cloud security compliance requirement uses granular policy definitions to govern access to SaaS applications and resources in the public cloud and to apply network segmentation?

access governance
compliance auditing
configuration governance
real-time discovery

access governance

Which DevOps CI/CD pipeline feature requires developers to integrate code into a repository several times per day for automated testing?

continuous delivery
continuous deployment
continuous identity
continuous integration

continuous integration

Which phased approach of hybrid cloud security requires networking and security solutions that not only can be virtualized but also are virtualization-aware and can dynamically adjust as necessary to address communication and protection requirements, respectively?

consolidation servers within trust levels
dynamic computing fabric
consolidation servers across trust levels
selective network security virtualization

dynamic computing fabric

Which SASE security-as-a-service layer capability provides visibility into SaaS application use, understands where sensitive data resides, enforces company policies for user access, and protects data from hackers?

secure web gateway (SWG)
data loss prevention (DLP)
firewall as a service (FWaaS)
cloud access security broker (CASB)

cloud access security broker (CASB)

Which security technology is designed to help organizations embrace the concepts of cloud and mobility by providing network and network security services from a common cloud-delivered architecture?

cloud native
secure access service edge (SASE)
platform as a service
distributed cloud

secure access service edge (SASE)

Which cloud native security platform function remediates vulnerabilities and misconfigurations consistently across the entire build-deploy-run lifecycle?

automation
integration
visibility
continuity

automation

Which Prisma SaaS feature connects directly to the applications themselves and provides continuous silent monitoring of the risks within sanctioned SaaS applications, with detailed luminosity that is not possible with traditional security solutions?

granular data visibility
large scale data control
data exposure visibility
contextual data exposure

data exposure visibility

Which sanctioned SaaS use control prevents known and unknown malware from residing in sanctioned SaaS applications, regardless of source?

threat prevention
data visibility control
risk prevention
data exposure control

threat prevention

Which type of algorithm does Prisma SaaS use to sort sensitive documents into top-level categories for document classification and categorization?

dynamic programming
supervised machine learning
artificial intelligence
recursive

supervised machine learning

In which cloud computing service model does a provider's applications run on a cloud infrastructure and the consumer does not manage or control the underlying infrastructure?
A. platform as a service (PaaS)
B. infrastructure as a service (IaaS)
C. software as a service (SaaS)
D. public cloud

A. platform as a service (PaaS)

Which NIST cloud service model does not require the customer organization to do any programming?
A. IaaS
B. PaaS
C. FaaS
D. SaaS

D. SaaS

Which NIST cloud service model requires the customer to keep the operating system up to date?
A. IaaS
B. PaaS
C. FaaS
D. SaaS

A. IaaS

Which NIST cloud service model limits your choice of runtime environments in which an application can be written?
A. IaaS
B. PaaS
C. FaaS
D. SaaS

B. PaaS

Which NIST cloud deployment model would you recommend for a startup that does not have much money to pay for hosting or a data center and needs a 24x7 server?
A. public
B. private
C. community
D. hybrid

A. public

A news company can serve all requests from their data center 95% of the time. However, some days there is a huge demand for news updates. Which NIST deployment model is recommended for the company?
A. public
B. private
C. community
D. hybrid

D. hybrid

You are responsible for the security of the application, the runtime, and the VM operating system. Which cloud deployment model are you using?
A. SaaS
B. FaaS
C. PaaS
D. IaaS

D. IaaS

Which component may be shared with other cloud tenants even when using IaaS?
A. application
B. runtime
C. virtual machine (guest)
D. physical machine (host)

D. physical machine (host)

Two companies use Gmail for their email (SaaS). Which two components may be transparently shared between them? (Choose two.)
A. address book
B. application code
C. messages
D. message database
E. user identities

B. application code

D. message database

Which cloud service model lets you install a firewall to protect your information?
A. SaaS
B. PaaS
C. FaaS
D. IaaS

D. IaaS

Which option is a type 2 hypervisor?
A. hosted
B. native
C. bare-metal
D. imported

A. hosted

Which cloud provider calls its IaaS service Elastic Computing Service (ECS)?
A. Alibaba
B. AWS
C. Azure
D. GCP

B. AWS

Which of the following security issues can cause a long patched vulnerability to resurface?
A. VM sprawl
B. intra-vm communications
C. hypervisor vulnerabilities
D. dormant virtual machines

D. dormant virtual machines

Which cloud use model runs just one container per virtual machine?
A. serverless
B. containers as a service (CaaS)
C. standard docker containers
D. VM-integrated containers

D. VM-integrated containers

Which cloud use model allows you to use containers without having to manage the underlying hardware and virtualization layers, but still lets you access the underlying virtualization if needed?
A. serverless
B. containers as a service (CaaS)
C. standard docker containers
D. VM-integrated containers

B. containers as a service (CaaS)

Ten containers running on five virtual machines are spread between two type 1 hypervisors. How many OS instances are you running?
A. 2
B. 5
C. 7
D. 17

B. 5

Ten containers running on five virtual machines are spread between two type 2 hypervisors. How many OS instances are you running?
A. 2
B. 5
C. 7
D. 17

C. 7

Which cloud use model restricts your choice of a runtime environment to the environments supported by the cloud provider?
A. serverless
B. on-demand containers
C. containers as a service (CaaS)
D. standard docker containers

A. serverless

Which three attributes are advantages of serverless computing, when compared with CaaS? (Choose three.)
A. reduced costs
B. increased control over the workload
C. increased ability to monitor and identify problems
D. increased agility
E. reduced operational overhead

A. reduced costs
D. increased agility
E. reduced operational overhead

Which continuous processes replaces manual checks with automated code testing and deployment?
A. integration
B. development
C. delivery
D. deployment

D. deployment

What are the two meanings of the CI/CD pipeline? (Choose two.)
A. continuous integration/continuous delivery
B. continuous implementation/continuous delivery
C. continuous integration/continuous deployment
D. continuous implementation/continuous deployment

A. continuous integration/continuous delivery
C. continuous integration/continuous deployment

Which step of the CI/CD pipeline cannot be automated?
A. Coding
B. Integration
C. Testing
D. Monitoring

A. Coding

Which step of the CI/CD pipeline is the ideal place for automated penetration testing?
A. Coding
B. Integration
C. Testing
D. Deployment

C. Testing

What is the meaning of a SaaS application that is advertised as being HIPPA compliant?
A. Regardless of how you configure the application for your enterprise, you will be HIPPA compliant.
B. If your administrator configures the security settings on the application correctly, you will be HIPPA compliant.
C. If your administrator and your users use the application correctly, you will be HIPPA compliant.
D. If your administrator and your users use the application correctly, the application will not cause you to not be HIPPA compliant.

D. If your administrator and your users use the application correctly, the application will not cause you to not be HIPPA compliant.

Which systems must you secure to ensure compliance with security standards?
A. the servers in the data center
B. the devices owned by the enterprise, whether they are servers in the data center, cloud vms you manage, or user endpoint devices
C. any system where the data for which you are responsible goes
D. every device that is either owned by the enterprise, or used by enterprise employees

C. any system where the data for which you are responsible goes

GDPR compliance is required to do business in which area?
A. United States of America
B. Canada
C. China
D. European Union

D. European Union

How would a port filter firewall classify access to the URL https://example.com:22/this/page?
A. HTTP
B. HTTPS
C. Telnet
D. SSH

D. SSH

Intra-VM traffic is also known as which type of traffic?
A. north-south
B. unknown
C. east-west
D. untrusted

C. east-west

What is the term for traffic between a web site and a local database that stores information for it?
A. north-south
B. east-west
C. unknown
D. cloud

B. east-west

What is the term for traffic between a web site and a remote user's browser?
A. north-south
B. east-west
C. unknown
D. cloud

A. north-south

Which type of traffic can stay contained in a single physical server?
A. north-south
B. east-west
C. unknown
D. trusted

B. east-west

Which type of traffic can be secured by a physical appliance?
A. north-south
B. east-west
C. unknown
D. cloud

A. north-south

What stage of an attack is typically east-west traffic?
A. reconnaissance
B. weaponization
C. lateral spread
D. actions on the objective

C. lateral spread

1. What does the first phase of implementing security in virtualized data centers consist of?
A. consolidating servers across trust levels
B. consolidating servers within trust levels
C. selectively virtualizing network security functions
D. implementing a dynamic computing fabric

B. consolidating servers within trust levels

Which action is part of the compute security pillar?
A. user and entity behavior analytics (UEBA)
B. Microservice-aware micro-segmentation
C. integration with the CI/CD workflow
D. automated asset inventory

C. integration with the CI/CD workflow

Which action is part of the compute cloud governance and compliance pillar?
A. user and entity behavior analytics (UEBA)
B. Microservice-aware micro-segmentation
C. integration with the CI/CD workflow
D. automated asset inventory

D. automated asset inventory

Which action is part of the identity security pillar?
A. user and entity behavior analytics (UEBA)
B. Microservice-aware micro-segmentation
C. integration with the CI/CD workflow
D. automated asset inventory

A. user and entity behavior analytics (UEBA)

Which action is part of the network security pillar?
A. user and entity behavior analytics (UEBA)
B. Microservice-aware micro-segmentation
C. integration with the CI/CD workflow
D. automated asset inventory

B. Microservice-aware micro-segmentation

What does SASE stand for?
A. Service Access SEcurity
B. Semi-Accessible Sensitive Environment
C. Secrets Accessible in a Secure Environment
D. Secure Access Service Edge

D. Secure Access Service Edge

Which two types of services does SASE provide? (Choose two.)
A. Storage
B. security
C. networking
D. compute

C. networking

What are the two advantages of SASE? (Choose two.)
A. a single physical point of ingress into the organization
B. a single logical point of ingress into the organization
C. a single physical point of egress out of the organization
D. a single logical point of egress from the organization

B. a single logical point of ingress into the organization
D. a single logical point of egress from the organization

True or False? Prisma SaaS is used to protect sanctioned SaaS use, as part of an integrated security solution that includes next-generation firewalls to prevent unsanctioned SaaS use. Prisma SaaS communicates directly with the SaaS applications themselves and therefore does not need to be deployed inline and does not require any software agents, proxies, additional hardware, or network configuration changes.

False

True or False? Prisma SaaS protects data in hosted files and application entries.

True

Who is responsible for the software of a sanctioned SaaS application?
A. provider
B. IT department
C. line of business that uses it
D. users

A. provider

Who is responsible for the security settings of a sanctioned SaaS application?
A. provider
B. IT department
C. line of business that uses it
D. users

B. IT department

Which SecOp function is proactive?
A. Identify
B. Investigate
C. Mitigate
D. Improve

D. Improve

Which SecOp function requires processing large amounts of information, and typically is automated?
A. Identify
B. Investigate
C. Mitigate
D. Improve

A. Identify

Which three options partially comprise the six elements of SecOps? (Choose three.)
A. People
B. Networking
C. Data storage
D. Technology
E. Processes

A. People
D. Technology
E. Processes

Which three options partially comprise the six elements of SecOps? (Choose three.)
A. Visibility
B. Disaster recovery
C. Business
D. Interfaces
E. Regular audits

A. Visibility
C. Business
D. Interfaces

What does SOAR stand for?
A. Security Operations Automation for Reaction
B. Secure Operations And Research
C. Security Operations, Analysis, and Research
D. Security Orchestration, Automation, and Response

D. Security Orchestration, Automation, and Response

What is the relationship between SIEM and SOAR?
A. SIEM products implement the SOAR business process.
B. SIEM and SOAR are different names for the same product category.
C. SIEM systems collect information to identify issues that SOAR products help mitigate.
D. SOAR systems collect information to identify issues that SIEM products help mitigate.

C. SIEM systems collect information to identify issues that SOAR products help mitigate.

What is the advantage of automated responses over manual responses?
A. speed
B. accuracy
C. flexibility
D. user friendliness

A. speed

Which environment allows you to install an appliance that sees all traffic?
A. LAN when people work from home
B. Non-virtualized data center
C. virtualized data center
D. VPC network

B. Non-virtualized data center

An analysis tool raised an alert, but the security analyst who researched it discovered it wasn't a problem. Which type of finding is this?
A. false positive
B. true positive
C. false negative
D. true negative

A. false positive

An analysis tool's machine learning identified, correctly, that the network is infected by a worm. What type of finding is this?
A. false positive
B. true positive
C. false negative
D. true negative

B. true positive

True or False? The key to Cortex XDR is blocking core exploit and malware techniques, not individual attacks.

True.

Which two advantages does endpoint protection technology have over network traffic analysis? (Choose two.)
A. ability to identify most common attacks by their symptoms
B. deployed and managed centrally
C. easier to deploy endpoint protection when people work from home
D. detects command and control channels
E. can easily identify worms

A. ability to identify most common attacks by their symptoms

C. easier to deploy endpoint protection when people work from home

What is the order in which the endpoint checks if a new program is safe?
A. behavioral threat protection, then local analysis, then WildFire query
B. local analysis, then behavioral threat protection, then WildFire query
C. WildFire query, then local analysis, then behavioral threat protection
D. local analysis, then WildFire query, then behavioral threat protection

C. WildFire query, then local analysis, then behavioral threat protection

Of the endpoint checks, what is bypassed for known programs?
A. WildFire query
B. behavioral threat protection
C. local analysis
D. Firewall analysis

C. local analysis

Which three operating systems are supported by Cortex XDR? (select three)
A. z/OS
B. Linux
C. macOS
D. Minix
E. Android

B. Linux
C. macOS
E. Android

What does Cortex XSOAR use to automate security processes?
A. bash scripts
B. Windows PowerShell
C. playbooks
D. Python scripts

C. playbooks