Richard Roxburgh works as a cloud security engineer in an IT company. His organization was dissatisfied with the services of its previous cloud service provider. Therefore, in January 2020, his organization adopted AWS cloud-based services and shifted all workloads and data in the AWS cloud. Richard wants to provide complete security to the hosted applications before deployment and while running in the AWS ecosystem. Which of the following automated security assessment services provided by AWS can be used by Richard to improve application security and check the application for any type of vulnerability or deviation from the best practices automatically?
You are the manager of a cloud-based security platform that offers critical services to government agencies and private companies. One morning, your team receives an alert from the platform's intrusion detection system indicating that there has been a potential breach in the system. As the manager, which tool you will use for viewing and monitoring the sensitive data by scanning storage systems and reviewing the access rights
to critical resources via a single centralized dashboard?
Global InfoSec Solution Pvt. Ltd. is an IT company that develops mobile-based software and applications. For smooth, secure, and cost-effective facilitation of business, the organization uses public cloud services. Now, Global InfoSec Solution Pvt. Ltd. is encountering a vendor lock-in issue. What is vendor lock-in in cloud computing?
Global SciTech Pvt. Ltd. is an IT company that develops healthcare-related software. Using an incident detection system (IDS) and antivirus software, the incident response team of the organization has observed that attackers are targeting the organizational network to gain access to the resources in the on-premises environment. Therefore, their team of cloud security engineers met with a cloud service provider to discuss the various security provisions offered by the cloud service provider. While discussing the security of the organization's virtual machine in the cloud environment, the cloud service provider stated that the Network Security Groups (NSGs) will secure the VM by allowing or denying network traffic to VM instances in a virtual network based on inbound and outbound security rules. Which of the following cloud service provider filters the VM network traffic in a virtual network using NSGs?
Alice, a cloud forensic investigator, has located, a relevant evidence during his investigation of a security breach in an organization's Azure environment. As an investigator, he needs to sync different types of logs generated by Azure resources with Azure services for better monitoring. Which Azure logging and auditing feature can enable Alice to record information on the Azure subscription layer and obtain the evidence (information related to the operations performed on a specific resource, timestamp, status of the operation, and the user responsible for it)?
Steven Smith has been working as a cloud security engineer in an MNC for the past 4 years. His organization uses AWS cloud-based services. Steven handles a complex application on AWS that has several resources and it is difficult for him to manage these resources. Which of the following AWS services allows Steven to make a set of related AWS resources easily and use or provision them in an orderly manner so that he can spend less time managing resources and more time on the applications that run in the AWS environment?
Brentech Services allows its clients to access (read, write, or delete) Google Cloud Storage resources for a limited time without a Google account while it controls access to Cloud Storage. How does the organization accomplish this?
Cosmic IT Services wants to migrate to cloud computing. Before migrating to the cloud, the organization must set business goals for cloud computing as per the guidelines of a standard IT governance body. Which standard IT governance body can help the organization to set business goals and objectives for cloud computing by offering the IT governance named COBIT (Control Objective for Information and Related Technology)?
Teresa Palmer has been working as a cloud security engineer in a multinational company. Her organization contains a huge amount of data; if these data are transferred to AWS S3 through the internet, it will take weeks. Teresa's organization does not want to spend money on upgrading its internet to a high-speed internet connection. Therefore, Teresa has been sending large amounts of backup data (terabytes to petabytes) to AWS from on-premises using a physical device, which was provided by Amazon. The data in the physical device are imported and exported from and to AWS S3 buckets. This method of data transfer is cost-effective, secure, and faster than the internet for her organization. Based on the given information, which of the following AWS services is being used by Teresa?
Rachel McAdams works as a senior cloud security engineer in a cloud service provider company. Owing to the robust services and security features provided by her organization, the number of cloud consumers continues to increase. To mee the increasing cloud consumer requirements, her organization decided to build more data centers. Therefore, Rachel's organization formed a new team to design and construct data centers. Rachel is also part of the team and was given the responsibility of designing the data center. How can Racheal maintain
a stable temperature in the HVAC unit?
A multinational company decided to shift its organizational infrastructure and data to the cloud. Their team finalized the service provider. Which of the following is a contract that can define the security standards agreed upon by the service provider to maintain the security of the organizational data and infrastructure and define organizational data compliance?
Falcon Computers is an IT company that runs its IT infrastructure on the cloud. The organization must implement cloud governance in its corporate cloud environment to align its business vision with the cloud vision. Which of the following cloud governance components can help the organization to align the cloud vision and business vision?
Luke Grimes has recently joined a multinational company as a cloud security engineer. The company has been using the AWS cloud. He would like to reduce the risk of man-in-the-middle attacks in all Redshift clusters.
Which of the following parameters should Grimes enable to reduce the risk of man-in-the-middle attacks in all Redshift clusters?
Rebecca Gibel has been working as a cloud security engineer in an IT company for the past 5 years. Her organization uses cloud-based services. Rebecca's organization contains personal information about its clients,which is encrypted and stored in the cloud environment. The CEO of her organization has asked Rebecca to delete the personal information of all clients who utilized their services between 2011 and 2015. Rebecca deleted the encryption keys that are used to encrypt the original data; this made the data unreadable and unrecoverable. Based on the given information, which deletion method was implemented by Rebecca?
Cindy Williams works as a cloud security engineer in an IT company located in Seattle, Washington. Owing to the cost-effective security, governance, and storage features provided by AWS, her organization adopted AWS cloud-based services. Cindy would like to detect any unusual activity in her organization's AWS account. She would like to obtain the event history of her organization's AWS account activity for security analysis and resource change tracking. Which of the following AWS service enables operational auditing, compliance, governance, and risk auditing for her organization's AWS account?
VenturiaCloud is a cloud service provider that offers robust and cost-effective cloud-based services to cloud consumers. The organization became a victim of a cybersecurity attack. An attacker performed a DDoS attack over the cloud that caused failure in the entire cloud environment. VenturiaCloud conducted a forensics investigation. Who among the following are the first line of defense against cloud security attacks with their primary role being responding against any type of security incident immediately?
The cloud administrator John was assigned a task to create a different subscription for each division of his organization. He has to ensure all the subscriptions are linked to a single Azure AD tenant and each subscription has identical role assignments. Which Azure service will he make use of?
Ewan McGregor works as a cloud security engineer in a multinational company that develops software and applications for eCommerce companies. Owing to the robust services provided by AWS for developing applications and software, his organization migrated to the AWS cloud in 2010. To test whether it is possible to escalate privileges to obtain AWS administrator account access, Ewan attempt to update the login profile with regular user accounts. Which of the following commands should Ewan try to update an existing login profile?
Aidan McGraw is a cloud security engineer in a multinational company. In 2018, his organization deployed its workloads and data in a cloud environment. Aidan was given the responsibility of securing high-valued information that needs to be shared outside the organization from unauthorized intruders and hackers. He would like to protect sensitive information about his organization, which will be shared outside the organization, from attackers by encrypting the data and including user permissions inside the file containing this information. Which technology satisfies Aidan's requirements?
SecureSoftWorld Pvt. Ltd. is an IT company that develops software solutions catering to the needs of the healthcare industry. Most of its services are hosted in Google cloud. In the cloud environment, to secure the applications and services, the organization uses Google App Engine Firewall that controls the access to the App Engine with a set of rules that denies or allows requests from a specified range of IPs. How many unique firewall rules can SecureSoftWorld Pvt. Ltd define using App Engine Firewall?
YourTrustedCloud is a cloud service provider that provides cloud-based services to several multinational companies. The organization adheres to various frameworks and standards. YourTrustedCloud stores and processes credit card and payment-related data in the cloud environment and ensures the security of transactions and the credit card processing system. Based on the given information, which of the following standards does YourTrustedCloud adhere to?
James Harden works as a cloud security engineer in an IT company. James' organization has adopted a RaaS architectural model in which the production application is placed in the cloud and the recovery or backup target is kept in the private data center. Based on the given information, which RaaS architectural model is implemented in James' organization?
An organization wants to implement a zero-trust access model for its SaaS application on the GCP as well as its on-premises applications. Which of the following GCP services can be used to eliminate the need for setting up a company-wide VPN and implement the RBAC feature to verify employee identities to access organizational applications?
SevocSoft Private Ltd. is an IT company that develops software and applications for the banking sector. The security team of the organization found a security incident caused by misconfiguration in Infrastructure-as-Code (laC) templates. Upon further investigation, the security team found that the server configuration was
built using a misconfigured laC template, which resulted in security breach and exploitation of the
organizational cloud resources. Which of the following would have prevented this security breach and exploitation?
Veronica Lauren has an experience of 4 years as a cloud security engineer. Recently, she joined an IT company as a senior cloud security engineer. In 2010, her organization became a victim of a cybersecurity attack in which the attacker breached her organization's cloud security perimeter and stole sensitive information. Since then, her organization started using Google cloud-based services and migrated the organizational workload and data in the Google cloud environment. Veronica would like to detect security breaches in her organization's cloud security perimeter. Which of the following built-in service of Google Security Command Center can help Veronica in monitoring her organization's cloud logging stream and collect logs from one or multiple projects to detect security breaches such as the presence of malware, brute force SSH attempts, and cryptomining?
A web server passes the reservation information to an application server and then the application server queries an Airline service. Which of the following AWS service allows secure hosted queue server-side encryption (SSE), or uses custom SSE keys managed in AWS Key Management Service (AWS KMS)?
Allen Smith works as a cloud security engineer in a multinational company. Using an intrusion detection system, the incident response team of this company identified that an attacker has been continuously attacking the organization's AWS services. The team leader asked Allen to track the changes made to AWS resources and perform security analysis. Which AWS service can provide the AWS API call history for AWS accounts, including calls made via the AWS Management Console or Command Line tools, AWS Software Development Kits, and other AWS services to Allen?
On database system of a hospital maintains rarely-accessed patients' data such as medical records including high-resolution images of ultrasound reports, MRI scans, and X-Ray reports for years. These records occupy a lot of space and need to be kept safe as it contains sensitive medical data. Which of the following Azure storage services best suitable for such rarely-accessed data with flexible latency requirement?
An organization uses AWS for its operations. It is observed that the organization's EC2 instance is
communicating with a suspicious port. Forensic investigators need to understand the patterns of the current security breach. Which log source on the AWS platform can provide investigators with data of evidentiary value during their investigation?
Georgia Lyman works as a cloud security engineer in a multinational company. Her organization uses cloud-based services. Its virtualized networks and associated virtualized resources encountered certain capacity limitations that affected the data transfer performance and virtual server communication. How can Georgia eliminate the data transfer capacity thresholds imposed on a virtual server by its virtualized environment?
Teresa Ruiz works as a cloud security engineer in an IT company. In January 2021, the data deployed by her in the cloud environment was corrupted, which caused a tremendous loss to her organization. Therefore, her organization changed its cloud service provider. After deploying the workload and data in the new service provider's cloud environment, Teresa backed up the entire data of her organization. A new employee, Barbara Houston, who recently joined Teresa's organization as a cloud security engineer, only backed up those files that changed since the last executed backup. Which type of backup was performed by Barbara in the cloud?
Chris Noth has been working as a senior cloud security engineer in CloudAppSec Private Ltd. His organization has selected a DRaaS (Disaster Recovery as a Service) company to provide a disaster recovery site that is fault tolerant and consists of fully redundant equipment with network connectivity and real-time data synchronization. Thus, if a disaster strikes Chris' organization, failover can be performed to the disaster recovery site with minimal downtime and zero data loss. Based on the given information, which disaster recovery site is provided by the DRaaS company to Chris' organization?
AWS runs 35+ instances that are all CentOS machines. Updating these machines manually is a time-intensive task that may lead to missed updates for some instances and create vulnerabilities. Which of the following can be used to prevent each port of each instance from being opened to access the machine and install updates?
Bruce McFee works as a cloud security engineer in an IT company. His organization uses AWS cloud-based services. Because Amazon CloudFront offers low-latency and high-speed data delivery through a user-friendly environment, Bruce's organization uses the CloudFront content delivery network (CDN) web service for the fast and secure distribution of data to various customers throughout the world. How does CloudFront accelerate content distribution?