Untitled Quiz

Questions and Answers

What is a key principle that is emphasized for cloud security?

Defense in depth (correct)

Rapid deployment

High availability

Cost reduction

Which aspect of security does IAM particularly focus on in cloud environments?

Instance provisioning

Access control (correct)

Network performance

User experience management

What type of vulnerabilities are highlighted as common in multicloud or hybrid cloud architectures?

Legal compliance vulnerabilities

Physical security vulnerabilities

Network latency issues

Data handling vulnerabilities (correct)

What role does Chris Dotson hold related to cloud security?

Distinguished Engineer (C)

Which of the following tactics is crucial for managing security incidents?

Incident detection (A)

What does privileged access management aim to achieve in cloud environments?

Control sensitive access (B)

Which of the following is a method used to strengthen cloud security?

Implementing least privilege (D)

What is essential for professionals dealing with cloud security?

Cloud provider management (D)

What is a key characteristic of the Cloud Shared Responsibility Model?

Security responsibilities are typically divided between development and operations. (B)

In the context of cloud services, what does IaaS stand for?

Infrastructure as a Service (C)

What is the main concern when moving from an on-premises environment to a cloud environment?

The more complicated shared responsibility model for security. (A)

Why might the line between IaaS and PaaS be considered blurred?

They often serve the same customer needs. (A)

How is the analogy of pizza used to explain cloud services?

Making pizza at home equates to on-premises computing. (B)

What typical responsibility does IT have within an on-premises environment?

Setting up firewalls. (B)

What can be inferred about the documentation provided by cloud providers?

They typically outline the shared responsibility model. (D)

What is one significant change for business users when transitioning to a cloud environment?

They become more involved in understanding security responsibilities. (B)

Which component is essential for real-time security monitoring and alerts?

Security Information and Event Managers (A)

What is an important step in preparing for a security incident?

Developing an Incident Response Plan (B)

What is the purpose of threat hunting?

To proactively search for advanced threats (C)

Which method is used to analyze and understand the flow of a cyberattack?

OODA Loop (A)

When recovering from a security incident, what is a primary focus?

Redeploying IT Systems (B)

What role do logs play in security investigations?

Providing Evidence for Legal Proceedings (A)

What is a primary goal of automated response in security?

To reduce human intervention in alerts (C)

What are 'Cloud Service Logs' primarily used for?

Monitoring Security Incidents (B)

Which of the following represents a technique in parsing logs?

Log Visualization (D)

What does the 'Cyber Kill Chain' framework assist with?

Understanding Stages of Cyber Attacks (C)

What does the traditional on-premises model resemble in the pizza analogy?

Making a pizza at home (C)

Which service model allows for the least responsibility on the user’s part?

Software as a Service (SaaS) (D)

What is a significant responsibility of the user in a Software as a Service model?

Managing access control (D)

What significantly differentiates Infrastructure as a Service (IaaS) from traditional on-premises setups?

Pre-setup base infrastructure (A)

What does the shared responsibility model emphasize in cloud computing?

Responsibilities are divided between user and provider (C)

In the context of the shared responsibility model, what is a unique responsibility of the cloud provider?

Implementing biometric security measures (D)

What is a challenge associated with categorizing cloud services?

Services often overlap in responsibilities (C)

Which pizza analogy best represents the dining experience in a Software as a Service (SaaS) model?

Dining out where everything is prepared for you (D)

What risk is associated with a compromised private key for a TLS certificate?

It could enable someone to steal customers’ passwords. (B)

What is a major concern with keeping a list of password hashes?

They are a target for attackers, especially if reused. (A)

What type of key is needed by an application server to access its database?

Password or API key (B)

Why is it important to have a tagging policy for cloud resources?

To help in categorizing resources and decisions in access control. (A)

What could be a consequence of different tagging systems being used across an organization?

It could lead to confusion and ineffective resource management. (D)

What is a benefit of using standardized tags across multiple cloud providers?

It helps with resource categorization and management. (D)

What significant incident illustrates the danger of password hash theft?

LinkedIn's loss of 6.5 million password hashes. (A)

What is a potential impact of having a poorly defined tagging policy?

Confusion among teams regarding resource management. (D)

What is the primary purpose of a key encryption key (KEK)?

To encrypt (or wrap) data encryption keys (A)

Why is recovering overwritten data from SSDs considered slightly more practical than from hard disks?

SSDs have a secure erase feature (C)

What happens to the unwrapped data encryption keys after an encryption or decryption operation?

They are forgotten and not retained (A)

In the house analogy for data encryption, what does the realtor represent?

The key management service (KMS) (B)

What should you never do with unwrapped keys?

Write them down to disk (B)

What is the effect of deleting a key at the Key Management Service (KMS)?

It revokes access to all associated data objects (D)

What is the role of the wrapped data encryption keys in data security?

They must be sent to HSM for unwrapping when needed (A)

Which of the following is NOT a method for erasing data objects?

Overwriting the data numerous times (B)

Study Notes

Practical Cloud Security

• Book's title: Practical Cloud Security
• Book's subtitle: A Guide for Secure Design and Deployment
• Author: Chris Dotson
• Book edition: Second Edition
• Publisher: O'Reilly Media, Inc.

Key Concepts

• Least privilege: Limiting access to only necessary permissions
• Defense in depth: Creating multiple overlapping security layers
• Zero Trust: Trusting nothing implicitly
• Cloud shared responsibility model: Dividing security responsibilities between the cloud provider and the customer
• Threat actors: Categories of potential security threats (organized crime, hacktivists, inside attackers, state actors)
• Data asset management and protection:
  • Data classification levels (low, moderate, high/confidential): Assessing value
  • Relevant regulations (GDPR, PCI DSS, HIPAA): Specific needs of each
• Cloud services:
  • IaaS (infrastructure as a service)
  • PaaS (platform as a service)
  • SaaS (software as a service)
• Cloud asset management and protection:
• Types of cloud assets (compute, storage, network)
  • Individual cloud assets (e.g., VMs, containers, networks).
• Identity and access management:
  • Authentication and authorization
  • Security considerations for credentials and roles
• Vulnerability management:
  • Different types of vulnerabilities
  • Automated vulnerability scan tools
• Software Bill of Materials (SBOM)
  • The use of secure software standards
• Using tools for detecting, responding to, and recovering from security incidents
  • Data loss prevention (DLP)
  • Log aggregation and retention.
  • Log parsing.
  • Log correlation and alert actions.
  • Automated response considerations
• Security Information and Event Management (SIEM) tool
  • SIEM rules for detection