Cloud Security and Authentication

Questions and Answers

What is the primary function of a Database Activity Monitoring (DAM) solution?

To develop industry standards for technologies

To monitor and analyze database activity for signs of compromise or malicious activity (correct)

To implement web application security controls

To standardize system state assessment and reporting

What is a benefit of using a DAM solution?

It has a very low false positive rate (correct)

It only detects malicious activity from non-privileged users

It is only effective for detecting XSS attacks

It increases the false positive rate

What is OVAL's primary function?

To develop industry standards for technologies

To detect database compromises

To standardize system state assessment and reporting (correct)

To provide security controls for web applications

What is an advantage of using OVAL?

It enables interoperability and automation among security tools and services

What is IEEE's primary function?

To develop industry standards for technologies

What is a good source for a security architect to consult to address XSS attack concerns?

OWASP

What is a benefit of using a DAM solution in a web application?

It can send alerts on attacks from both privileged and malicious users

What is a key feature of a DAM solution?

It works at the application layer

What is the best approach to evaluate the effectiveness of anti-ransomware training?

Conducting a sanctioned vishing attack

What type of tool is likely being used by a red team to edit a registry key?

PowerShell

What is the primary goal of a compliance engineer performing an unauthenticated network vulnerability scan?

To identify vulnerabilities in the network

What type of deployment is being performed by the DevOps engineer?

IaaS deployment

What is the primary reason for removing unnecessary software during the hardening process?

To reduce the attack surface

What type of interface is being used for management in the IaaS deployment?

RDP

What is the primary purpose of applying security policies through GPOs?

To enforce security settings

What is the benefit of automated FW log collection tasks?

Improved security operations center performance

Which type of authenticator is most suitable for laptop authentication using digital certificates?

Device certificate

Why would a company's board of directors request a 3rd party management program?

To enhance risk management

What is a significant concern for an organization with an operational management vendor located in another region?

Each region has different regulatory frameworks to follow

What action should an organization take in response to a legal record hold?

Preserve all communications matching the requested search terms

What is the primary goal of a 3rd party management program?

To manage risks associated with third-party vendors

What is a potential risk of having an operational management vendor located in another region?

Different regulatory frameworks in each region

What is the primary reason for implementing optimized cloud resource utilization?

To reduce costs associated with cloud resources

What is the primary concern when a software company is no longer in business?

The maintenance of the application's code

Which technique can help mitigate the risk of a company going out of business?

Source code escrows

What is the primary concern when data is being prematurely deleted before the scheduled backup processes?

Data backup and recovery

What is the purpose of implementing soft delete for blobs?

To prevent accidental deletes or overwrites

What is the requirement for remote worker laptops before accessing the corporate network?

They must meet the security baseline

Why is it essential to scan remote worker laptops before granting access to the corporate network?

To ensure compliance with the corporate security team's mandate

What is the purpose of the dedicated internal scanner appliance in each subnet?

To scan only server and desktop computers

What is the benefit of implementing soft delete for blobs in a cloud storage environment?

It prevents accidental deletes or overwrites

What is a key consideration when selecting a cloud deployment model for a company with sensitive and proprietary data in Iceland?

Data residency

Which security principle ensures that no single entity has full access control?

Separation of duties

What type of threat actor is most likely involved in a website defacement with lateral movement and exfiltrated data?

APT/Nation state

What is the primary benefit of implementing autoscaling in a cloud-based application?

Enhanced scalability

Which of the following is a key requirement for ensuring high availability and resiliency of a web-based application?

Running at 70% capacity at all times

What is the primary purpose of implementing a Web Application Firewall (WAF)?

To protect against DoS and DDoS attacks

Which of the following is a key benefit of implementing containerization in a cloud-based application?

Faster deployment times

What is the primary purpose of implementing a Business Continuity Plan (BCP)?

To minimize the impact of disasters on business operations

Study Notes

Cloud Resource Utilization

• Optimized cloud resource utilization is crucial for efficient cloud infrastructure management.

Digital Certificates

• Digital certificates can be used for laptop authentication.
• Device certificates are a type of authenticator that can be used for laptop authentication.

Third-Party Management

• A third-party management program is necessary for risk management and supply chain visibility.

Equipment Failure Risks

• Equipment failure risks include support unavailability during business hours and shipping delays.

Legal Record Hold

• A legal record hold requires preserving all communications matching requested search terms.

OCSP Stapling

• OCSP stapling and TLS 1.3 can be used to improve security.

Ransomware Attacks

• Simulating a spam campaign can help evaluate the effectiveness of ransomware attack training.

Access Management

• Custodians are responsible for receiving input from system owners for access management activities.

Registry Key Editing

• The red team uses PowerShell to edit registry keys, such as HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.

Compliance

• Supply chain visibility and software audits can help prevent risks associated with using old applications.

Blob Storage

• Implementing soft delete for blobs can help prevent premature deletion of data before scheduled backup processes.

Security Baseline

• Endpoints must meet a security baseline before accessing the corporate network.

XSS Attacks

• The OWASP can be consulted to address XSS attack concerns.

Cloud Deployment Models

• A private cloud or community cloud deployment model can be used to meet data residency requirements in Iceland.

Security Requirements

• Separation of duties and least privilege can be used to meet security requirements such as preventing fraud and assigning permissions based on role.

Threat Actors

• An APT/Nation-state threat actor is likely involved in a website defacement and data exfiltration scenario.

High Availability

• Autoscaling, WAF, and containerization can be used to ensure high availability and resiliency of web-based applications in the cloud.

Description

Quiz about cloud resource utilization, security operations, and authentication methods using digital certificates and other authenticators.