CCT 073: Mastering Cloud Computing and CISSP Exam Questions (D4.3)

Have you ever wondered what it takes to crack the CISSP exam? Dreamt of enhancing your cybersecurity expertise? Welcome to an action-packed episode that pulls back the curtain on your path to success. With a focus on CISSP questions and key testing strategies, this episode aims to make you a proficient test taker. We dig into intriguing topics like hypervisor technology, the CIA triad, encryption types, and the main role of CASBs. To spice things up, we also throw in the main security concern that plagues the utilization of cloud technology.

Now, let's journey through the vast realm of Cloud Computing. Understanding this is paramount for acing the CISSP exam, and we're here to guide you every step of the way. To make this journey exciting, we've lined up an array of CISSP questions that will help you grasp concepts like container orchestration platforms, the essence of elasticity and resource pooling, and the IAA model's intricacies. We also delve into data integrity within a SAS model, the phenomenon of cloud bursting, and the trials of managing cloud environments. So, buckle up as we navigate through this maze of knowledge, ensuring you're well-equipped to not just pass the CISSP exam but truly master it.

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

Content:

Transcript:

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Good morning. This is Sean Gerber, with CISSP Cyber Training, and I hope you all are having a wonderful day today. Today is CISSP Question Thursday, so we are going to go over a group of CISSP questions to help you pass the CISSP exam. So I was just talking to some of my folks that I work with in my membership course last night and had some really good feedback as it relates to the CISSP question, and I know you all are probably struggling with very similar topics, but I know the questions themselves can be a bit daunting, and one of the questions that came out of the conversation was around the fact of how do I know the questions that I'm studying are actually going to be on the test? And I'll just be blunt, you don't. I will tell you honestly my questions may or may not, or a version of them may or may not be on the test. The bottom line of the CISSP questions is to help you understand the overall management of the question you're asking or you're answering. I should say so. You want to look at each and every question and you want to dissect it, and you have to understand the information to be able to answer correctly. Now, one of the tips that came out of this the conversation is if you are a really good test taker and you know the information well, but you're a really good test taker, then the test may be a bit easier for you. I say that may be a bit easier for you. If you're like me, that gets test anxiety when you're taking these tests. It can be. You have to know the information solid for you to pass the test. It's just really what it comes down to. So I have no doubt in my mind that if you are going through a lot of the CISSP questions, you understand the content well not necessarily perfect because there's so much information but you know it well and you can honestly tell yourself that you know it well, then you'll do fine. You really will. You can't see there's no guarantee on any of this, but a lot of it comes out to is exposure. So this is another way that you're going to get exposure is through the CISSP exam questions that we're going on this podcast. Okay, so let's roll into question number one. Oh, by the way, you also can see all of these questions on my membership site as well. As you'll see them, eventually they'll pop up on YouTube that you can go and look at as well. Okay, question number one, and this is tied to this podcast of 073. Now, which of the following cloud service models would most likely use hypervisor technology? Okay, so we're going to get into IAS, which is your infrastructure as a service, pas, which is your platform as a service, sas, which is your software as a service, and FAS, which is I don't really know. So, when it comes right down to it, you're going to ask yourself well, if I don't know what FAS is, I'm going to get rid of it right away. But when you're dealing with hypervisor technology, which one would it most likely be tied to? And it would be tied to your infrastructure as a service. This typically involves a hypervisor and it will provide virtual machines, which is what you'll see in most of your overall aspects of the cloud. So it's usually a part that you need to understand, but when you're dealing with hypervisors, it would be your infrastructure as a service. What does C in the CIA triad stand for as it relates to cloud security? A is cryptography cryptography, sorry. B is certification, c is confidentiality or D is calculation. So what does the C in the CIA triad stand for as it relates to cloud security? And you should know this one. But this, the CIA triad, obviously deals with confidentiality, integrity and availability. It's the same whether it's with the cloud. Confidentiality is the key factor. Question three which technology ensures network traffic remains isolated in a multi-tenant cloud environment? A VPN, b VLAN or virtual LAN, c firewall or D IPS. So, if you break this down, what's going to keep your system that are going to be multi-tenant environments isolated would be B, a VLAN. A virtual area network is used often for multi-tenant environments to isolate the traffic between the clients or the groups. You can also incorporate the VLANs with your security groups, which will help out, even segregated, even more. Question four in a cloud environment, which encryption type would be used to secure data at rest? A SSL, b AES, which is your advanced encryption standard? C RSA or D SHA-256. So when you're dealing with the cloud environment, advanced encryption standards, or B, is commonly used for encryption of data at rest. Ssl is typically used to secure data, obviously in transit. Rsa is an algorithm and SHA is also a hashing algorithm. So you have the RSA is an encryption algorithm and SHA-256 is a hashing algorithm. So if you're using to store the data at rest in an encrypted state, it would be AES. Question five what is the primary purpose of a CASB, which is a Charlie Alpha, sierra Bravo CASB in cloud security and we talked about CASB as it relates to the podcast this last Monday and so it's kind of a question focused on that A threat detection, b encryption, c compliance monitoring or D traffic analysis. So the primary purpose of a CASB in cloud security is C compliance monitoring. The CASBs are primarily used for enforcing security compliance policies across various cloud services. That is the purpose of compliance monitoring or the purpose of a CASB, I should say. Question six what is the main security concern when using a public cloud service? A performance, b multi-tenancy, c flexibility or D cost. So the main concern when you're dealing with public clouds is B multi-tenancy. So when you're dealing with a multi-tenancy service, it's basically you have multiple tenants involved in the same cloud and you are worried that somebody could potentially have unauthorized access into your tenant from another tenant. So it's important that you do understand as a security professional what are the rules or what are the controls that they have in place to protect that from occurring. It should be part of your due diligence and your security assessment, training or security assessments that you do against that tenant Cloud set. Or question seven which of the following container orchestration platform often is used in cloud environments? So again, which container orchestration platform is often used in cloud environments? So if you don't know what this is, focus on the word. The word would be container. So typically the containers in this world are what we deal with when the cloud aspects are Kubernetes. So just kind of keep that in mind. Now you can get Docker, but Kubernetes is a container platform that is used highly within cloud environments. So A it's Docker, b it's Kubernetes, c it's OpenStack or D it's Azure. And the answer obviously I just alluded to was B it's Kubernetes is a popular container orchestration platform. Now Docker can do that, but the proper, the pop-up pop that I can't think of, say the word, the popular one that is out there mostly is a Kubernetes cluster, that. Do you hear them talk about that and it's a really good containerization platform. Now you just may have to decide. This is a really tough question because you may go well it could be Docker, well it could be Kubernetes. That's just an important factor that it's gonna be tough, right, you're gonna have to guess If you don't know which one it is. Question 8 in a cloud environment, what does it? Elasticity refer to a data encryption? Be resource scaling, see data replication or D threat detection, as it relates to elasticity. If you don't know, that mean, that's something that stretches. You would look at, then resource Scaling, right, if you're dealing with something that stretches, you want to be able to scale. Elasticity is, in cloud computing, refers to the ability to scale resources up or down, down, based on demand. So again, focus on the words, not on memorizing the question. Question 9 in cloud computing, what does resource pooling mean? Okay, so when you're dealing with resource pooling, what is that term? Well, if you don't know what that means, that means basically aggregating computing resources, right? So if it's a aggregating cloud resources, be caching data see De minimizing downtime, or D maximizing bandwidth. And again, if you're dealing with aggregating, which means put pooling or putting things together, you want to aggregate your cloud resources? That would be a Question 10. What is the primary responsibility of a cloud consumer in an IAA as Model for infrastructure as a service model, regarding security patches? So what is the primary responsibility of a cloud consumer in a infrastructure model regarding security patches? A Apply patches to the OS. Be apply patches to the hypervisor. C apply rely on the cloud provider for all patches. Or D apply patches to the network infrastructure. So if you're dealing with as a cloud consumer, you would apply the patches to the OS. Okay, so in that model, you would typically the consumer would apply those patches to the operating system and everything above it. Okay, this would include all those operating patch, operating system patches. If you were the hosting provider of an IAS model, then it would be your responsibility to ensure that they're patched at the hypervisor. But because it's the consumer again, keywords you want to apply the patches to the OS. In a SAS model, who is responsible for data integrity? A the cloud provider Be the cloud consumer Be or see both. Or. D neither. So, again, in a software as a service model, who is responsible for data integrity? It would be See, both the cloud provider and the cloud consumer, right. So they both have a shared responsibility in a SAS model For maintaining the infrastructure and the consumer for using the application Responsibly. So again it comes down to is, from a data integrity standpoint, again, maintaining the data. It's your responsibility as a consumer to ensure that you use it in a proper form and fashion and you control your people to use it in a proper form or fashion. Question 12 what is a cloud burst refer to? Okay, cloud burst, like popping of a balloon, that is, a an unexpected downtime, be a security incident. See a dynamic scaling to a public cloud from a private cloud or D data loss. Okay, so if you don't know this question, you'll want to go and start pulling out questions or answers that you know are for sure wrong and then try to break it down to the last two that you may have. But a cloud burst is dynamic scaling to a public cloud from a private cloud. It's basically what happens when it services into a public cloud due to increased demand, and that would be answer C. That is a cloud burst. Question 13, which cloud deployment model allows a user to employ both on premises and cloud based resources A private cloud, b a public cloud, c a hybrid cloud or D a community cloud? So which cloud deployment model allows users to employ both on-prem and cloud resources in this model? And so we know that if we're dealing with both on-prem and cloud, it is a hybrid cloud. That is the one that we deal with when it goes from both the ground, or basically your site, your location, to a public held cloud. Which of the following is a key management challenge in cloud environments? A virtualization, b containerization, c API security or D serverless computing. Okay, so which is a key management challenge in cloud environments? Now, if you were in our call this last community call this last night, one of the things that did come up was around API security. One of the big holes that are left in cloud is API security. So if you're looking for an answer, the answer is one of the biggest challenges is API security, because it can be a significant management challenge, especially when you're dealing with multiple cloud services, multiple cloud environments. It can be really quite daunting. So that's one that, if you're in the security space, you're gonna want to pay a close attention to in the future. Question 15, what do cloud providers use to segregate virtual environments for different clients? A encryption, b tokenization, c hypervisors or D firewalls, and the answer is C hypervisors. Hypervisors are used to create and manage virtual environments, effectively segregating the resources from different clients, especially in a multi-tenant configuration. Question 16, which network protocol is common is commonly used to transfer files to a cloud storage environment A FTP, b, http, c, SMTP or DSNMP? Okay, so a lot of P's in there, so is it which one? Is it FTP, http, smtp or SNMP? This is transferring clouds to cloud storage, and if you've dealt with any sort of transfers of files, ftp is commonly used to transfer files from a location to cloud storage. Now, could HTTP be it? Yes, because it's using a web protocol. However, you wouldn't be one of those that would typically be used. Now, I shouldn't say that there's many different options and people will use the HTTP to send files, but a more appropriate response would be FTP, because that is what it's designed primarily for. What does the principle of data sovereignty mean in cloud computing? A data should be encrypted. B data should be stored in judicial territories as defined by the client. C data should be replicated for high availability, or D data should be accessed only by authorized users. Data sovereignty that's the key term as we're dealing with cloud computing, and the answer is B. Data is stored only in judicial territories as defined by the client. So if you understand data sovereignty, think of it as a legal term and as it's a legal term dealing with the sovereignty of a state, you could go through it and these questions, you could throw out ones that would not be appropriate based on that and you would come down to, you would narrow it down most likely to B and D, but then, if you really understand data sovereignty, you would go it's got to be B. Question 18, which of the following is not a feature of cloud computing as defined by NIST? A rapid elasticity, b resource pooling. C on-premise management or D measured service. Okay, so if you're dealing with cloud computing, look at the key terms and then then they'll also focus on not a feature of cloud computing. So the first two are easy. We just kind of talked about rapid elasticity and we talked about resource pooling. So those are part of a cloud computing piece. If you didn't know the measured service, it might make sense. Okay, but then when you're dealing with on-premise management, that is not anything that deals with the cloud, that's dealing with managing your systems on-prem. So that is not considered as a cloud computing as defined by NIST? Question 19, which cloud service model is the consumer not concerned with underlying hardware or operating systems? So we're going to be getting into the as and paths and sas. So which cloud service model is the consumer not concerned with underlying hardware and operating system? A IaaS, b paths, c sas or D CAS? So when you're dealing with this, the answer is C a SAS environment. The consumer uses the provider's application and doesn't have to worry about the underlying hardware or the operating systems. But, like we said in a question earlier, you do need to worry about the overall data integrity of that data that you're using. Last question what is the main advantage of using a multi-cloud strategy? A cost reduction. B vendor lock-in avoidance. C increased security risks or D complexity. So what is the main advantage of multi-cloud strategies? And the answer is B vendor lock-in avoidance. If you have one cloud, then you do run in the risk of having lock-in and you're stuck with them. Aws is a good example. I've dealt with AWS for years. You get used to using AWS and then, when you use it, it's really hard for you to migrate off of them to Azure or to Google Cloud. But if you have them already scheduled or already in your in place, where you have AWS and you have Azure, then it gives you the flexibility to move from one to the other if you so deem appropriate. All right, that is all I have for today. Today was again Thursday, since there's CISSP questions. If you like what you saw, head on over to cisspcybertrainingcom and you can check out all the great stuff we have over there. Second thing is you also can go ahead and like me on Facebook or not Facebook, but on Apple iTunes yeah, that's where you want to put it or leave a review. That would be wonderful. We'd greatly appreciate it. You can also check me out on YouTube. All right, have a wonderful day and we'll catch you on the flip side, see you.