Cloud Computing: October 2018

Archive for October 2018

Ciphers that perform symmetrical block encryption include which of the following?

Ciphers that perform symmetrical block encryption include which of the following? (Choose two.)

A. RC4
B. DSA
C. AES
D. RC5

Answer: RC4, RC5

What security protocol uses multiple keys in a repetitive encryption process?

A. SSL/TLS
B. 3DES
C. RC5
D. RSA

Answer: 3DES (Triple Data Encryption Standard)

Where are access control lists commonly configured? (Choose two.)

A. Storage controllers
B. Routers
C. Load balancers
D. Servers

Answer: Storage Controllers, Routers

What type of denial-of-service attack sends a large amount of Internet control packets to the target?

A. DDoS
B. Ping of death
C. Ping flood
D. Obfuscation

Answer: Ping Flood

Which two encryption protocols use a public and private key pair for encryption?

A. RC4
B. RSA
C. AES
D. DSA

Answer: RSA, AES

User access control consists of which of the following? (Choose four.)

A. Role-based administration
B. Discretionary
C. Multifactor
D. Guest accounts
E. User credentials
F. Federation

Answer: Role-Based Administration, Discretionary, Multifactor, Federation

What is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/private key encryption?

A. IPsec
B. AES
C. RSA
D. PKI

Answer: PKI (Public Key Infrastructure)

What security technique is configured on a storage controller to limit what storage volumes a server can access?

A. Access control lists
B. LUN masking
C. AES
D. Zoning

Answer: LUN Masking

Name three types of role-based access control.

A. Zone masks
B. IPsec
C. Auditor
D. Admin
E. PKI
F. Guest

Answer: Auditor, Admin, Guest

Hardening a server system can include which of the following? (Choose three.)

A. Installing security software
B. Installing service packs
C. Using federations
D. Configuring user credentials
E. Using ciphers

Answer: Installing Security Software, Installing Service Packs, Configuring User Credentials

What type of access control allows the users to assign rights to objects?

A. Mandatory
B. Multifactor
C. Discretionary
D. Federation

Answer: Discretionary

What security protocol is used on web browsers for secure connection to an ecommerce site?

A. AES
B. SSL/TLS
C. 3DES
D. DSA

Answer: SSL/TLS (Secure Socket Layer/Transport Layer Security)

Which denial-of-service attack sends malformed ICMP packets to the target server?

A. PKI
B. DDoS
C. Ping flood
D. Ping of death

Answer: Ping of Death

Network scanning will determine which of the following? (Choose three.)

A. ACLs
B. TCP ports
C. IPsec
D. Active applications
E. Server vulnerabilities

Answer: TCP Ports, Active Applications, Server Vulnerabilities

What is the name of a security site that authenticates the identity of individuals, computers, and other entities in the network?

A. Registration authority
B. Key archival repository
C. Certificate authority
D. Certificate store

Answer: Certificate Authority (CA)

What security technique is used in a storage area network to limit the storage systems a server can access?

A. Access control lists
B. LUN masking
C. AES
D. Zoning

Answer: Zoning

What is the process of complicating the ability to read stored data?

A. PKI
B. Obfuscation
C. Cipher
D. Symmetrical

Answer: Obfuscation

What uses a number of zombies or bots to create a denial-of-service attack?

A. Ping of death
B. RCMP
C. DDoS
D. Ping flood

Answer: DDoS (Distributed Denial of Service)

Which security technique uses a list of permit and deny statements in a security device?

A. Zoning
B. Masking
C. ACL
D. Authentication

Answer: ACL (Access Control List)

A _______ is any method of encrypting data by concealing its readability and meaning.

Answer: Cipher

_______ is an encryption framework that uses a pair of cryptographic keys: one public key and one private key.

Answer: Public Key Infrastructure (PKI)

_______ is the process of determining the identity of a client usually by a login process.

Answer: Authentication

LUN masking is configured on the _______ and controls access to logical storage units.

Answer: Storage Controller

Zoning is configured on the _______ network to limit storage access between the initiator and the target.

Answer: SAN

A _______ is an attack that is launched over the Internet from many end stations all attacking a target at the same time.

Answer: Distributed Denial of Service (DDoS)

A _______ is a special security zone that contains servers that need to be accessed by the outside world via the Internet and also internally; it is a special network security zone that exposes cloud computers to the Internet.

Answer: DMZ

The device that is placed inline to network traffic and provides network security is a _______.

Answer: Firewall

_______ is a system that can detect and mitigate a network attack as it is taking place.

Answer: Intrusion Prevention System (IPS)

A _______ is used to create a secure connection over an insecure network.

Answer: Virtual Private Network (VPN)

What is Path Traversal?

Answer: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

What is a Buffer Overflow?

Answer: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

What is an Open Redirect?

Answer: A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

What is Cross-Site Request Forgery (CSRF)?

Answer: The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

What is Unrestricted File Upload?

Answer: The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

What is Cross-Site Scripting (XSS)?

Answer: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

What is OS Command Injection and how can it be mitigated?

Answer: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

What is SQL Injection?

Answer: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

What are the three software categories for SANS Top 25?

Answer: Insecure Interaction between Components (6), Risky Resource Management (8), and Porous Defenses (11)

The identity management process of allowing users in different security domains to share services without having identities in each domain is called what?

A. Single-sign on
B. Federated
C. Authentication
D. Authorization

Answer: Federated

Which of the following is not a legal risk associated with cloud computing?

A. Data isolation
B. Jurisdiction
C. Cost
D. Electronic discovery

Answer: Cost

True or false? The United States and the European Union have compatible data privacy laws.

Answer: False

Authentication to multiple services in the cloud can be streamlined by adopting which of the following identity management mechanisms?

A. Kerberos
B. Integrated Windows authentication
C. Single sign-on
D. Authorization

Answer: Single Sign-On

Which of the following actions would not lead to risks related to records retention in the cloud?

A. Secure destruction of records on schedule
B. Restrictions on archived storage
C. Difficulties associating metadata with archived records
D. Unauthorized access

Answer: Unauthorized Access

True or false? Government agencies must always notify a data owner when they compel disclosure of information from a cloud service provider as part of lawful access.

Answer: False

An organization can address regulatory compliance risks in the cloud in all the following ways except which one?

A. Its own security policies
B. Periodic audits
C. Service-level agreements with cloud providers
D. Delegation of full responsibility for compliance to the cloud service provider

Answer: Delegation of full responsibility for compliance to the cloud service provider

True or false? Dynamic scaling of resources in the cloud may lead to noncompliance with software licenses.

Answer: True

Which countries could claim jurisdiction over data in the cloud?

A. The country in which physical servers storing data reside
B. The countries that data passes through between the provider's servers
C. The country in which the data owner resides
D. All of the above

Answer: All of the Above

What is the process of verifying a user's identity?

A. Authorization
B. Authentication
C. Logging In
D. Access Control

Answer: Authentication

What is the process used to relieve network operations from repetitive tasks?

A. Hypervisor management utilities
B. Automation
C. Dashboard
D. IPMI

Answer: Automation

Problems with your deployment can be determined and resolved by using which of the following?

A. Pooling
B. Affinity
C. Resource monitoring
D. Hypervisor remediation

Answer: Resource Monitoring

Which SNMP version supports secure authentication and encryption?

A. 1
B. 2
C. 2c
D. 3

Answer: 3

Which SNMP version added 64-bit counters?

A. 1
B. 2
C. 2c
D. 3

Answer: 2c

Physical resource redirection includes the mapping of what three devices?

A. Parallel port
B. Redundant power supplies
C. Serial port
D. USB port
E. HDD sector

Answer: Parallel Ports, Serial Ports, USB Ports

What is the ability to assign a processing thread to a core instead of having the hypervisor dynamically allocate it?

A. Priority threading
B. QOS services
C. CPU affinity
D. Dynamic resource sharing

Answer: CPU Affinity

What are three standards-based protocols used for remote management and configuration?

A. SNMP
B. RDP
C. SSH
D. HTTP
E. ILO

Answer: SNMP, SSH, HTTP

What interface is used as a command-line interface using a serial port?

A. Console port
B. Telnet
C. USB port
D. Serial Line Interface Protocol

Answer: Console Port

What is a proprietary protocol developed by Microsoft to allow remote access to Windows operating systems?

A. SNMP
B. RDP
C. SSH
D. IPMI

Answer: Remote Desktop Protocol (RDP)

What is the ability to assign resources from pools to VMs as demand requires known as?

A. Reservations
B. Dynamic resource allocation
C. Affinity
D. Automation

Answer: Dynamic Resource Allocation

What is a secure communications protocol used for remote command-line access to a device?

A. IPSec
B. Telnet
C. SNMP
D. SSH
E. RDP

Answer: Secure Shell (SSH)

The hypervisor will pool multicore CPUs into what to be used by the VMs?

A. CPU affinity
B. Multithreading
C. vCPU
D. Multisockets

Answer: vCPU

What is the usage fee for the right to use an application called?

A. EULA
B. Licensing
C. Pooling
D. SNMP

Answer: Licensing

Since there is a finite supply of server resources and there are many virtual machines that can consume these resources, it becomes very important that what TWO things be assigned to prevent a few VMs from monopolizing all the available resources?

A. OIDs
B. limits
C. IPMI
D. Quotas

Answer: Limits, IPMI

What four components do the physical resources on a bare-metal server contain?

A. Storage
B. Memory
C. Cooling systems
D. Load balancers
E. CPU
F. Network interfaces

Answer: Storage, Memory, CPU, Network Interfaces

What are predefined threshold values that are exceeded called?

A. Delta value
B. Trap
C. Variance
D. Deviation pool

Answer: Variance

A network management station can send alerts using which two methods?

A. SNMP
B. Trap
C. Email
D. SMS

Answer: Email, SMS

Which management protocol can be used to remotely access a server to power it on and make BIOS changes?

A. WMI
B. IPMI
C. RDP
D. SSH

Answer: Intelligent Platform Interface (IPMI)

The SNMP protocol uses which two functions as its primary method of communications with a remote managed device?

A. Get
B. Trap
C. OID
D. Set

Answer: Get, Set

What does SNMP use to send an unsolicited datagram to the management station to alert it of a critical event?

A. OID
B. Set
C. Alert
D. Trap

Answer: Trap

The _______ protocol is commonly used to connect to a management GUI to configure a remote device using a standard browser.

Answer: HTTP

A value that is considered out of range from your baseline measurements is referred to as a _______.

Answer: Variance

The _______ define what is provided from the software company and what you are allowed to do with that software.

Answer: End-User License Agreement (EULA)

Cloud _ or _ applications have highly tuned algorithms to dynamically monitor and add resources as needed to prevent resource starvation or VM performance issues.

Answer: Orchestration, Automation

A _______ is based on a pool of resources available for use by the virtual machines and defines the ceiling or the upper limit of what the cloud provider will deliver.

Answer: Quota

Various classes or tiers of service—such as basic, advanced, and premium services based on quotas and levels of compute services offered per tier by the cloud provider—are called _______.

Answer: Entitlements

Tracking CPU usage statistics over a period of time is an example of establishing a _______.

Answer: Baseline

The _______ protocol developed by Microsoft is used to query a remote Windows device to gather information and make configuration changes.

Answer: Windows Management Instrumentation

The _______ protocol is used by devices to send logging information to a remote collection server.

Answer: Syslog

The vendor of the managed device will publish a _______ that is loaded onto the network management system and defines what objects can be accessed on the monitored equipment and where they are located on the device.

Answer: MIB

A disaster recovery site that is offline except for critical data storage such as a database is a ___.

A. Hot site
B. Site mirroring
C. Warm site
D. High availability

Answer: Warm Site

Which data replication process occurs in real time?

A. Asynchronous replication
B. Archiving
C. Synchronous replication
D. Site mirroring

Answer: Synchronous Replication

What is the process of returning operations to your primary datacenter after service has been restored?

A. Multipathing
B. High availability
C. Failover
D. Replication
E. Failback

Answer: Failback

What is the transfer and synchronization of data between multiple datacenters called?

A. High availability
B. Archiving
C. Replication
D. Site mirroring

Answer: Replication

What is the expected time metric to recover from a service interruption?

A. RTO
B. SNMP
C. MTBF
D. MTTR
E. RPO

Answer: Restore Time Objective (RTO)

Which disaster recover model provides a remote facility that requires equipment to be installed and configured as part to the recovery process?

A. Hot site
B. Cold site
C. Warm site
D. Site mirroring

Answer: Cold Site

What refers to the ability of a service to remain online in the event of a failure in the system?

A. Replication
B. Load balancing
C. Fault tolerance
D. Archiving

Answer: Fault Tolerance

What are three examples of multipath technologies?

A. TRILL
B. High availability
C. SAN_A/SAN_B
D. Spanning tree
E. Link aggregation

Answer: TRILL, SAN_A/SAN_B, Link Aggregation

What is the process of keeping the backup site updated so it is ready to assume the workload in the event of a primary datacenter failure?

A. High availability
B. Archiving
C. Replication
D. Site mirroring

Answer: Site Mirroring

What is the average repair time of a component referred to?

A. RTO
B. SNMP
C. MTBF
D. MTTR
E. RPO

Answer: Mean Time to Repair (MTTR)

A group of servers interconnected and sharing processing and redundancy in a single datacenter is referred to as what?

A. Redundancy
B. Cluster
C. High availability
D. Replication

Answer: Cluster

What is it called when two devices are interconnected in an active/standby or active/active configuration that allows for very fast recovery from a failure?

A. Load balancing
B. Mirroring
C. High availability
D. Clustering

Answer: High Availability

What technology allows for horizontal scaling of computing resources?

A. Replication
B. Load balancing
C. MTTR
D. High availability

Answer: Load Balancing

Which data replication process is scheduled?

A. Asynchronous replication
B. Archiving
C. Synchronous replication
D. Site mirroring

Answer: Asynchronous Replication

A disaster recovery architecture in which a standby datacenter has current data and can take over for the primary in near real time is known as?

A. Hot site
B. Cold site
C. Warm site
D. Site mirroring

Answer: Hot Site

What is it called when you disperse the cloud deployment to multiple dispersed cloud hosting datacenters so that if one facility experiences a disruption your cloud services will remain accessible in other locations?

A. High availability
B. Archiving
C. RTO
D. Geographical diversity
E. Site mirroring

Answer: Site Mirroring

A server that has a power supply failure but remains operational has what kind of systems?

A. Failback
B. Redundant
C. High availability
D. Local clustering

Answer: Redundant

What is the data recovery point when recovering operations from an outage?

A. RTO
B. ITIL
C. MTBF
D. MTTR
E. RPO

Answer: Recovery Point Objective (RPO)

What is the expected lifetime of a component referred to as?

A. RTO
B. SNMP
C. MTBF
D. STP

Answer: Mean Time Between Failures (MTBF)

What is the process of transferring operations to a backup system in the event that the primary fails?

A. Multipathing
B. High availability
C. Failover
D. Replication

Answer: Failover

______ lowers the possibility of failures by designing backup systems into the cloud architecture.

Answer: Redundancy

The ______ is the amount of data that may be lost when restarting the operations.

Answer: Recovery Point Objective

The cloud operations can be deployed in a ______ model where two fully redundant cloud data centers are active at the same time. Each cloud datacenter will back up the other in the event of a failure.

Answer: Hot Site

With ______, the data is first written to the primary storage system in the primary storage facility or cloud location. After the data is stored, it is then copied to remote replicas on a scheduled basis or at near real time.

Answer: Asynchronous Replication

The ______ model is where the servers and infrastructure are not installed or operational until needed.

Answer: Cold Site

The ______ is the expected amount of time a device will function before it fails.

Answer: Mean Time Between Failures (MTBF)

Using ______ designs, two devices can be interconnected in an active/standby or active/active configuration that allows for very fast recovery from a failure.

Answer: High Availability

The ___ is the time it takes to get a service bank online and available after a failure.

Answer: Recovery Time Objective (RTO)

A backup cloud facility that hosts an operational database server that is in sync with the database server at the primary datacenter with the rest of the infrastructure not online is referred to as a ___

Answer: Warm Site

_-_ is content distributed around the globe for proximity and redundancy.

Answer: Geo-diversity

Which of the following risks leads to an increased cost for running a cloud-based application?

A. Security Compliance
B. IT Organizational Changes
C. DDoS Attacks
D. Cloud Service Maturity

Answer: DDoS Attacks

True or false? Big data applications are perfect candidates for cloud-based applications.

Answer: False

Which of the following is not a risk associated with cloud-based applications?

A. Vendor Lock-In
B. Reliability
C. Security
D. Lack of Development Tools

Answer: Lack of Development Tools

Which of the following is an advantage of migrating an application to an IaaS provider?

A. No operating system maintenance
B. Lower cost than PaaS
C. Minimal code change
D. Lower cost than SaaS

Answer: Minimal Code Change

What type of application design is preferable for a cloud-based application?

A. A design that uses stateful objects
B. A design that uses stateless objects
C. A design that uses in-memory state management
D. A design that uses client-based state management

Answer: A design that uses stateless objects

Which of the following is a design pattern of cloud-based applications?

A. Predictable volume
B. Constant processing
C. Unpredictable burst
D. Big data

Answer: Unpredictable Burst

What are the main advantages of using a web-based distributed application?

What are the main advantages of using a web-based distributed application? (Choose two.)

A. Availability
B. Scalability
C. Security
D. Reliability

Answer: Availability, Scalability

True or false? All distributed applications are web applications.

Answer: False

What is the main limitation of a desktop application?

A. Lack of manageability
B. Lack of reliability
C. Lack of security
D. Lack of scalability

Answer: Lack of Scalability

What are the three basic logical tiers of a distributed application?

What are the three basic logical tiers of a distributed application? (Choose three.)

A. Presentation
B. Application
C. Network
D. Data
E. Internet

Answer: Presentation, Application, Data

The concept of creating a group of storage, memory, processing, and I/O for other types of resources and sharing them in a virtualized cloud is called ___.

Answer: Resource Pooling

When migrating from your local datacenter to a cloud network, it is sometimes necessary to copy an image of the server and send it to the cloud provider in a physical media for installation. This is known as a(n) ___ migration.

Answer: Offline

To isolate storage networks over the same SAN fabric, we create ___.

Answer: Virtual Storage Area Network (VSAN)

When we perform a(n) ___, we are making complete copies of hard drive volumes.

Answer: Image Backup

Storage space that is presented to the guest virtual machine as an actual hard drive is called a(n) ___

Answer: Virtual Disk

The process of storing and backing up folders and files with backup applications for later access if needed is referred to as ___.

Answer: File-level backup

Creating a master virtual machine image to be used to create a separate and independent virtual machine is referred to as ___.

Answer: Cloning

A ___ is a file-based image of the current state of a virtual machine.

Answer: Snapshot

Hypervisors that are available for free on sites like sourceforge.net are known as ___ software.

Answer: Open Source

When we take a single server and install ____ software on the bare metal, we can run multiple operating systems on the same piece of hardware.

Answer: Hypervisor

The process of converting a server running on bare-metal server hardware in a corporate datacenter to a hypervisor in the cloud is referred to as what?

A. V2V
B. P2V
C. V2P
D. Online migration

Answer: Physical-to-Virtual

The ability to dynamically commit and reclaim resources such as storage, memory, and CPU is referred to as what?

A. Elasticity
B. Resource pooling
C. Virtualization
D. Cloud bursting

Answer: Elasticity

The process of converting a virtual machine running in a corporate datacenter to a hypervisor in the cloud is often referred to as what?

A. V2V
B. P2V
C. V2P
D. Online migration

Answer: Virtual-to-Virtual (V2V)

When you are migrating from a physical to a virtual server, what are three external parameters that may need to be changed?

A. IP addressing
B. DNS names
C. Storage VSAN
D. Automation settings

Answer: IP address, DNS Name, External Storage

The process of converting a server running on a hypervisor to bare metal is called what?

A. V2V
B. P2V
C. V2P
D. Offline migration

Answer: Virtual-to-Physical

A real-time migration from the corporate datacenter to the cloud of virtual machines is referred to as what?

A. V2V
B. Transposing
C. Online migration
D. vMotion

Answer: Online Migration

When you are performing online storage migration to the cloud, what must you take into consideration?

A. Applications to restore
B. WAN bandwidth
C. Migration type
D. Hypervisor capabilities

Answer: Network Bandwidth

What type of migration includes cloning an existing virtual machine and installing it on a cloud provider's hypervisor?

A. Type 1
B. Type 2
C. V2V
D. P2V

Answer: Virtual-to-Virtual (V2V)

When creating a server baseline when planning a migration, you should collect and analyze which three important parameters?

A. CPU utilization
B. Memory requirements
C. BIOS settings
D. Storage requirements

Answer: CPU, Memory, Storage

What LAN technology is used to logically segment an Ethernet network?

A. VSAN
B. vNIC
C. VLAN
D. Virtual switch

Answer: VLAN

A virtual machine does not have a hardware LAN card installed. What does it use instead?

A. VLAN
B. Virtual switch
C. vNIC
D. Host bus adapter

Answer: vNIC (Virtual Network Interface Card)

What type of storage is presented to the virtual machine as an actual hard drive?

A. Volume
B. File storage
C. Ghosting
D. Virtual disk

Answer: Virtual Disk

What is the name for a piece of software running in a hypervisor that acts as a network interconnection for the virtual machines to the outside network?

A. VSAN
B. VLAN
C. Virtual switch
D. Type 1 hypervisor

Answer: Virtual Switch

A virtual server image created in a certain specific moment in time is called a what?

A. Cloning
B. Virtual disk backup
C. Snapshot
D. Replica

Answer: Snapshot

When creating a virtual machine image, what are three of the common components that are included in the master image?

A. Operating system
B. Service packs
C. Security configurations
D. Hypervisor settings

Answer: Operating System, Service Packs, Security Configurations

When cloning a server to use as a reference in creating a new virtual machine, which two attributes must be changed?

A. UUID
B. BIOS
C. SAN name
D. MAC address

Answer: UUID and MAC

What are two examples of open-source hypervisors?

A. ESXi
B. VirtualBox
C. KVM
D. Hyper-V

Answer: Virtualbox and KVM

What is the type of hypervisor that runs on top of an already installed operating system is?

A. Virtualized
B. Cloud
C. Type 1
D. Type 2

Answer: Type 2

What is the type of hypervisor that runs directly on top of the bare-metal server (hardware).

A. Virtualized
B. Cloud
C. Type 1
D. Type 2

Answer: Type 1

What is the name given to the type of software that enables a server to be logically abstracted and appear to the operating system running on it as if it is running directly on the server hardware itself?

A. Virtualization
B. Abstraction
C. Hypervisor
D. Volumes

Answer: Hypervisor

Ciphers that perform symmetrical block encryption include which of the following? (Choose two.)

What security protocol uses multiple keys in a repetitive encryption process?

Where are access control lists commonly configured? (Choose two.)

What type of denial-of-service attack sends a large amount of Internet control packets to the target?

Which two encryption protocols use a public and private key pair for encryption?

User access control consists of which of the following? (Choose four.)

What is a standardized set of roles, policies, and procedures used to create, manage, distribute, use, store, and revoke digital certificates and manage public/private key encryption?

What security technique is configured on a storage controller to limit what storage volumes a server can access?

Name three types of role-based access control.

Hardening a server system can include which of the following? (Choose three.)

What type of access control allows the users to assign rights to objects?

What security protocol is used on web browsers for secure connection to an ecommerce site?

Which denial-of-service attack sends malformed ICMP packets to the target server?

Network scanning will determine which of the following? (Choose three.)

What is the name of a security site that authenticates the identity of individuals, computers, and other entities in the network?

What security technique is used in a storage area network to limit the storage systems a server can access?

What is the process of complicating the ability to read stored data?

What uses a number of zombies or bots to create a denial-of-service attack?

Which security technique uses a list of permit and deny statements in a security device?

A _______ is any method of encrypting data by concealing its readability and meaning.

_______ is an encryption framework that uses a pair of cryptographic keys: one public key and one private key.

_______ is the process of determining the identity of a client usually by a login process.

LUN masking is configured on the _______ and controls access to logical storage units.

Zoning is configured on the _______ network to limit storage access between the initiator and the target.

A _______ is an attack that is launched over the Internet from many end stations all attacking a target at the same time.

A _______ is a special security zone that contains servers that need to be accessed by the outside world via the Internet and also internally; it is a special network security zone that exposes cloud computers to the Internet.

The device that is placed inline to network traffic and provides network security is a _______.

_______ is a system that can detect and mitigate a network attack as it is taking place.

A _______ is used to create a secure connection over an insecure network.

What is Path Traversal?

What is a Buffer Overflow?

What is an Open Redirect?

What is Cross-Site Request Forgery (CSRF)?

What is Unrestricted File Upload?

What is Cross-Site Scripting (XSS)?

What is OS Command Injection and how can it be mitigated?

What is SQL Injection?

What are the three software categories for SANS Top 25?

The identity management process of allowing users in different security domains to share services without having identities in each domain is called what?

Which of the following is not a legal risk associated with cloud computing?

True or false? The United States and the European Union have compatible data privacy laws.

Authentication to multiple services in the cloud can be streamlined by adopting which of the following identity management mechanisms?

Which of the following actions would not lead to risks related to records retention in the cloud?

True or false? Government agencies must always notify a data owner when they compel disclosure of information from a cloud service provider as part of lawful access.

An organization can address regulatory compliance risks in the cloud in all the following ways except which one?

True or false? Dynamic scaling of resources in the cloud may lead to noncompliance with software licenses.

Which countries could claim jurisdiction over data in the cloud?

What is the process of verifying a user's identity?

What is the process used to relieve network operations from repetitive tasks?

Problems with your deployment can be determined and resolved by using which of the following?

Which SNMP version supports secure authentication and encryption?

Which SNMP version added 64-bit counters?

Physical resource redirection includes the mapping of what three devices?

What is the ability to assign a processing thread to a core instead of having the hypervisor dynamically allocate it?

What are three standards-based protocols used for remote management and configuration?

What interface is used as a command-line interface using a serial port?

What is a proprietary protocol developed by Microsoft to allow remote access to Windows operating systems?

What is the ability to assign resources from pools to VMs as demand requires known as?

What is a secure communications protocol used for remote command-line access to a device?

The hypervisor will pool multicore CPUs into what to be used by the VMs?

What is the usage fee for the right to use an application called?

Since there is a finite supply of server resources and there are many virtual machines that can consume these resources, it becomes very important that what TWO things be assigned to prevent a few VMs from monopolizing all the available resources?

What four components do the physical resources on a bare-metal server contain?

What are predefined threshold values that are exceeded called?

A network management station can send alerts using which two methods?

Which management protocol can be used to remotely access a server to power it on and make BIOS changes?

The SNMP protocol uses which two functions as its primary method of communications with a remote managed device?

What does SNMP use to send an unsolicited datagram to the management station to alert it of a critical event?

The _______ protocol is commonly used to connect to a management GUI to configure a remote device using a standard browser.

A value that is considered out of range from your baseline measurements is referred to as a _______.

The _______ define what is provided from the software company and what you are allowed to do with that software.

Cloud _______ or _______ applications have highly tuned algorithms to dynamically monitor and add resources as needed to prevent resource starvation or VM performance issues.

A _______ is based on a pool of resources available for use by the virtual machines and defines the ceiling or the upper limit of what the cloud provider will deliver.

Various classes or tiers of service—such as basic, advanced, and premium services based on quotas and levels of compute services offered per tier by the cloud provider—are called _______.

Cloud _ or _ applications have highly tuned algorithms to dynamically monitor and add resources as needed to prevent resource starvation or VM performance issues.