Unit 6 - Practice Quiz

INT363 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 What is the primary objective of the 'Shared Responsibility Model' in cloud security?

A. To share security passwords between the provider and the customer
B. To assign all security liabilities to the Cloud Service Provider
C. To define which security tasks belong to the provider and which belong to the customer
D. To assign all security liabilities to the Cloud Customer

2 In an IaaS (Infrastructure as a Service) model, which of the following is strictly the customer's responsibility?

A. Guest operating system updates and application security
B. Disposal of physical disk drives
C. Patching the hypervisor
D. Physical security of data centers

3 Which principle of 'Security by Design' advocates granting users only the permissions necessary to perform their work?

A. Security through Obscurity
B. Principle of Least Privilege
C. Defense in Depth
D. Open Design

4 Which component is considered the 'perimeter' in modern cloud-native security architectures?

A. The physical firewall
B. Identity
C. The DMZ
D. The router

5 What is the main function of IAM (Identity and Access Management)?

A. To authenticate users and authorize access to resources
B. To encrypt data at rest
C. To manage network traffic routing
D. To monitor physical server performance

6 Which attack vector involves an attacker overwhelming a cloud service to make it unavailable to legitimate users?

A. Distributed Denial of Service (DDoS)
B. Cross-Site Scripting (XSS)
C. Man-in-the-Middle (MitM)
D. SQL Injection

7 In the context of Cloud Security Layers, where does 'Physical Security' fall?

A. It is the foundational layer managed primarily by the Cloud Service Provider
B. It is the data layer managed by database administrators
C. It is the top layer managed by the customer
D. It is the application layer managed by developers

8 What is a 'Security Group' in the context of cloud networking?

A. A team of security guards at the data center
B. A group of users with admin privileges
C. A compliance certification
D. A virtual firewall that controls inbound and outbound traffic for instances

9 Which concept ensures that data is unreadable to unauthorized users while it is being transmitted over a network?

A. Encryption at Rest
B. Data Deduplication
C. Encryption in Transit
D. Data Sovereignty

10 What is 'Host Hardening'?

A. Overclocking the CPU for better encryption speed
B. Adding more physical RAM to a server
C. Physically reinforcing the server rack
D. The process of securing a system by reducing its surface of vulnerability

11 Which tool is commonly used by Cloud Service Providers to manage cryptographic keys?

A. Load Balancer
B. Virtual Private Cloud (VPC)
C. Content Delivery Network (CDN)
D. Key Management Service (KMS)

12 What does GDPR stand for in the context of security compliance?

A. General Digital Privacy Rule
B. Global Data Protection Regulation
C. General Data Protection Regulation
D. Global Digital Policy Requirement

13 Which compliance standard is specifically designed to handle credit card information?

A. HIPAA
B. ISO 27001
C. PCI DSS
D. SOC 2

14 What is a major interoperability challenge in cloud security?

A. Cheaper storage costs
B. Too much bandwidth availability
C. Lack of internet connection
D. Vendor Lock-in and inconsistent security APIs across providers

15 What is the purpose of a SIEM (Security Information and Event Management) system in cloud operations?

A. To backup database files
B. To aggregate logs and analyze security alerts in real-time
C. To design user interfaces
D. To manage payroll

16 How does 'Edge Computing' impact cloud security architectures?

A. It removes the need for Identity Management
B. It eliminates the need for encryption
C. It centralizes all data in one location
D. It expands the attack surface by distributing processing to decentralized locations

17 Which AI application is most beneficial for Cloud Security Operations?

A. Generating marketing emails
B. Automated anomaly detection and threat response
C. Creating 3D graphics
D. Project management scheduling

18 In the context of Cloud Microservices, what is 'Service Mesh' primarily used for regarding security?

A. Physical server cooling
B. User password resets
C. Managing service-to-service communication with mTLS (mutual TLS)
D. Database partitioning

19 What is 'Data Sovereignty'?

A. A backup strategy for cloud data
B. The idea that data owns itself
C. The speed at which data travels
D. The concept that data is subject to the laws of the country in which it is physically located

20 Which of the following is a 'Security by Design' strategy for APIs?

A. Using hardcoded credentials
B. Implementing rate limiting and throttling
C. Disabling logging to save space
D. Making all endpoints public for ease of use

21 What is the risk of 'Insider Threats' in cloud computing?

A. Software bugs in open source libraries
B. Hardware failure due to overheating
C. Authorized users misusing their access privileges
D. External hackers breaching the firewall

22 What does Multi-Factor Authentication (MFA) add to security?

A. It speeds up the login process
B. It requires multiple users to log in at once
C. It removes the need for passwords
D. It adds layers of verification beyond just a password (e.g., something you have or are)

23 In cloud monitoring, what is the difference between 'Logs' and 'Metrics'?

A. There is no difference
B. Logs are numerical data; Metrics are text records
C. Logs record discrete events; Metrics measure numerical data over time
D. Metrics are only for billing; Logs are only for security

24 What is 'Federated Identity'?

A. Linking a user's identity across multiple distinct security domains
B. A government-issued ID
C. An anonymous login method
D. Using the same password for all websites

25 Which cloud security tool is primarily used for identifying vulnerabilities in container images?

A. Load Balancer
B. Container Registry Scanning
C. Network Firewall
D. VPN

26 What is the purpose of a 'Bastion Host' or 'Jump Box'?

A. To serve as a secure gateway for administrators to access private resources
B. To store backup files
C. To host the main database
D. To run the web application frontend

27 Which regulation governs the protection of personal health information in the US?

A. HIPAA
B. SOX
C. GDPR
D. FERPA

28 What is 'Defense in Depth'?

A. Using multiple layered security controls to protect data
B. A military strategy not applicable to cloud
C. Using a very thick firewall
D. Relying solely on encryption

29 What is a 'Zero Trust' architecture?

A. Operating without any security software
B. Never trust, always verify, regardless of network location
C. Not trusting the cloud provider
D. Trusting everyone inside the network but no one outside

30 Which interoperability standard allows the exchange of authentication and authorization data between security domains?

A. SQL
B. SAML (Security Assertion Markup Language)
C. TCP/IP
D. HTML

31 What is the primary security concern regarding 'Shadow IT' in cloud environments?

A. It requires dark mode interfaces
B. It costs too much money
C. It slows down the internet speed
D. Unsanctioned use of cloud services leads to lack of visibility and control

32 In the Shared Responsibility Model for SaaS (Software as a Service), what is the customer responsible for?

A. Physical security
B. Network controls
C. Application code
D. Data and Identity Management

33 What is 'Cloud Security Posture Management' (CSPM)?

A. Training employees on posture ergonomics
B. Writing code for cloud applications
C. Automated tools that identify misconfigurations and compliance risks in cloud environments
D. Managing physical security guards

34 How does 'Casus belli' relate to Cyberwarfare in future cloud trends? (Note: Contextual interpretation)

A. It is a new coding language
B. It refers to AI-generated code
C. It refers to acts that justify war, now potentially including severe state-sponsored cyberattacks
D. It is a cloud monitoring tool

35 What is a 'Man-in-the-Middle' (MitM) attack?

A. A virus that deletes data
B. An attack on the central server
C. An attack where the attacker secretly relays and possibly alters communications between two parties
D. A physical theft of a server

36 Why is 'Observability' important for security performance management?

A. It allows you to see the physical servers
B. It reduces the cost of storage
C. It enables understanding the internal state of a system based on external outputs (logs, metrics, traces) to diagnose security incidents
D. It is required by law

37 Which of the following is a challenge of AI in cloud security?

A. Adversarial attacks where attackers manipulate input data to fool AI models
B. AI works too slowly
C. AI cannot process data
D. AI requires manual operation

38 What role does 'DevSecOps' play in security?

A. It slows down deployment
B. It is a specific software tool
C. It integrates security practices into the DevOps software delivery lifecycle
D. It separates developers from security teams

39 What is 'Data Loss Prevention' (DLP)?

A. Software that detects and prevents potential data breaches by blocking sensitive data from leaving the network
B. A database optimization technique
C. A backup system
D. A method to delete data permanently

40 Which encryption type protects data stored on a hard drive or database?

A. Encryption in Transit
B. Encryption at Rest
C. Symmetric Encryption only
D. End-to-End Encryption

41 What is the primary function of a Web Application Firewall (WAF)?

A. To block all internet access
B. To scan for viruses on user desktops
C. To protect web applications by filtering and monitoring HTTP traffic
D. To filter email spam

42 What is a 'Hypervisor' security risk?

A. The hypervisor is too slow
B. It uses too much electricity
C. VM Escape, where an attacker breaks out of a virtual machine to access the host
D. It cannot run Windows

43 In the context of Interoperability, what is 'Portability'?

A. The ability to move applications and data from one cloud provider to another
B. The speed of the network
C. Using mobile phones for access
D. The weight of the server

44 What is SOC 2 (Service Organization Control 2)?

A. A networking protocol
B. A programming language
C. A compliance standard for service organizations, focusing on security, availability, processing integrity, confidentiality, and privacy
D. A type of computer chip

45 Which future trend involves processing data on local devices (like IoT) rather than sending it to a centralized cloud?

A. Centralized Computing
B. Edge Computing
C. Mainframe Computing
D. Monolithic Computing

46 What is 'Configuration Drift'?

A. Moving servers to a new location
B. Slow internet speeds
C. When ad-hoc changes cause environments to diverge from their known secure state
D. A racing game

47 What is the benefit of 'Immutable Infrastructure' for security?

A. It is cheaper
B. It allows manual patching
C. Servers are never replaced
D. Servers are never modified after deployment; they are replaced with new instances

48 Which tool is an example of 'Infrastructure as Code' (IaC) that helps standardize security configurations?

A. Skype
B. Microsoft Word
C. Terraform
D. Photoshop

49 What is the primary goal of a 'Penetration Test'?

A. To simulate a cyberattack against your computer system to check for exploitable vulnerabilities
B. To train users on phishing
C. To repair broken hardware
D. To install antivirus software

50 How does 'Fog Computing' relate to Cloud Security?

A. It deletes old data
B. It is a weather monitoring system
C. It is an intermediate layer between the Edge and the Cloud, requiring security protocols for data aggregation
D. It clouds the vision of attackers