Professional Documents
Culture Documents
PT1
PT1
PT1
Virtualization
2.What is the key difference between traditional virtualization and cloud?
Orchestration
3. Which of the following is *not* a key potential benefit of cloud computing:
-Compliance
Agility
Resiliency
Economics
4.What business benefit(s) was Amazon attempting to realize when they
created their internal cloud computing program? Select all that apply.
Beat Microsoft
-Better match real-time capacity to fluctuating demand
-Faster time to deploy developer resources
Build a world-class public cloud computing platform
5.Resource pools permanently assign resources to a user.
False
6. Cloud computing supports scaling up of required resources, but not scaling down.
False
7. Which of the following appear in both the NIST and ISO/IC cloud
computing definitions? Select all that apply.
8.
9. Services scaling out and scaling in quickly are an example of which essential characteristic of
cloud.
Resource Pooling
Measured Service
Broad Network Access
- Rapid Elasticity
On-Demand Self Service
10.
Modue2:
27.Cloud infrastructure security does not include the virtualization Components.
False
28.Which of the following resource pools is not associated with laaS:
• Network
-Compute
• Middleware
• Storage
30.Which of the following are typically in the underlying infrastructure of a cloud? (click all that
apply)
• API server
Database
© Hypervisors
Message queue
Identity service
-> All
31.Why is hardening infrastructure components so important?
O Clouds are sometimes based on common components that may contain vulnerabilities.
O All security is important
O Infrastructure components are most likely to be exposed to cloud consumers
This prevents the cloud provider from accessing cloud consumer data.
32.Which of the following physical networks is used for Internet to instance traffic?
Virtual
Service
• Storage
• Management
33. Why should cloud providers use multiple underlying physical networks?
Better isolation
Better performance
Resiliency
Cost management
34. Which virtual network technology is best suited for cloud?
v-flow
SDN
VLAN
• Token Ring
35. Virtual networks:
• Are more flexible, but more difficult to secure
Substitute for physical networks
Take fewer resources
• May include inherent security capabilities
36. Which is a defining characteristic of Software Defined Networks
O Uses OpenFlow
O Decouples the control plane from the underlying physical network
O Leverages packet tagging
• Autoscaling for resiliency
37. Which SD security capability often replaces the need for a physical or virtual appliance?
• Integrated isolation
O Lack of support for packet sniffing
• Default deny
• Security groups
38. The most effective way for an attacker to compromise a security group is to compromise
the host/virtual machine and then modify the rules. False
39. Which of the following is the most effective security barrier to contain blast radius?
© Cloud account/project/subscription
O Virtual network
• Virtual subnet (with or without ACLs)
O Security group
40. How does a virtual network affect network visibility?
O Virtual machines on the same physical host don't use the physical network
O An SD can provide more visibility than a physical network
O Virtual networks block packet capture for better isolation
O Virtual networks always encrypt traffic and break packet capturing
41.
47. Which of the following *most* impacts traditional workload security controls when applied
to cloud deployments?
Hypervisors
Serverless
© High volatility/rates of change
Low resiliency
Security groups
48. How can immutable workloads improve security?
• They eliminate error-prone manual management
• They better meet performance requirements
• They better support use of traditional security tools
• They scale for DDOS
49. Select the cloud workload security option that can most improve overall security and reduce
attack surface:
Store logs external to instances
• Use immutable as much as possible
Select cloud aware host security agents
Leverage existing/traditional vulnerability assessment tools
50. Which of the following is primarily a cloud consumer workload security responsibility?
O Volatile memory security
• Hypervisor security
• Underlying infrastructure security
• Monitoring and logging
51. Why is management plane security so critical?
• It is the best way for cloud consumers to protect themselves from hostile cloud provider
emplovees.
REST APIs are inherently insecure.
• It is the primary integration point for hybrid cloud.
Compromise of the management plane potentially compromises all cloud assets
52. Select the best option for authenticating to a cloud API
• Biometrics
O Username/password
O TLS-MA
53.
54. Multi factor authentication is the single most important management plane security
control. True
55. Identify one drawback to managing users in the management plane:
• High variability between cloud providers
O The reliance on RBAC
O Lack of SSO support
O Insufficient MFA support.
56. What is the role of a service administrator?
• To administer cloud platform/management plane users.
To isolate application security
• They are the core administrators for a cloud account.
• To administer a limited set of cloud services
57. Select the best option for management plane monitoring, when it is
available:
• Inherent cloud auditing, since it captures the most activity
• Inherent cloud auditing, since that offloads responsibility to the cloud provider
• Proxy-based auditing, since it eliminates the need to trust the cloud provider
• Proxy-based auditing, since it captures more activity.
58. What is the single most important rule for cloud BC/DR?
O Architect for failure
O Use object storage for backups
O Snapshot regularly
© Use multiple cloud providers
59. Which is not a key aspect of cloud BC/DR?
• Continuity within the provider/platform
• Hypervisor resiliency
O Preparing for provider outages
O Portability
60.