CIS test 4 Flashcards
(129 cards)
1
Q
IDS type that:1) Analyzes activity loges, including system calls, application logs, etc.2) Better view of the monitored system but high vulnerability for an attack on IDS itself.
A
Server based IDS
2
Q
3 type of Intrusion Detection Systems (IDSs)
A
1) Server-based IDS 2) Network-based IDS3) Integrated IDS
3
Q
Process of detecting events and/or entities that could possibly compromise the security of the system.
A
Intrusion Detection
4
Q
Key method for providing confidentiality and integrity services
A
Encryption of data in flight
5
Q
Protocol which allows client / server applications to enforce encryption service.
A
Transport Layer Security (TLS)
6
Q
Benefit of network level encryption
A
Network level encryption is independent of the underlying guest OS.
7
Q
Two general encryption methods
A
1) Application Level (where data is generated) 2) Network Level (IPSec to encrypt IP packets)
8
Q
Key measure against “sniffing” attacks
A
Encryption of data in flight
9
Q
True or False: A virtualized DMZ can fully support and enforce multiple trust zones.
A
TRUE
10
Q
Physical or logical (sub)network that limits the exposure of the nodes in the internal network from external networks.
A
Demilitarized Zone (DMZ)
11
Q
Why can sandboxing be used as a security measure against side-channel-attacks?
A
Because sandboxing disallows a malicious software from monitoring system components.
12
Q
Where guest OS sandboxing is achieved
A
On the hypervisor level or at the OS kernel level.
13
Q
Where sandboxing should be applied
A
On a vulnerable or suspected guest OS or application.
14
Q
Guest OS Hardening Measures
A
Deleting unused files and applying latest patches. Applying hardening checklists available for specific OSs. Installing the guest OS in TCB mode if the VM is to be used for critical applications.
15
Q
VM Hardening Considerations
A
Use VM templates to provision new VMs. Limit the resources that VM can consume to prevent DoS attacks. Disable unused functions and devices on VM. Use a directory service for authentication. Perform vulnerability scanning and penetration testing of the guest OS.
16
Q
Ways to protect hypervisor management systems
A
1) Configuring strong security on the firewall between the management system and the network. 2) Providing direct access to management server only to administrators. 3) Disable access to management console to prevent unauthorized access.
17
Q
Process of changing the default configuration in order to achieve greater security.
A
Hardening
18
Q
Hypervisor Security Measures
A
1) Install hypervisor updates. 2) Harden VMs to prevent attacks.
19
Q
Protection measures for physical server security
A
1) Authentication and authorization mechanisms. 2) Disabling unused hardware such as NICs, USB ports, or drives. 3) Physical premises security.
20
Q
Server security considerations
A
1) Deciding whether the server will be used for specific applications or for general purpose. 2) Identifying the network services to be provided on the server. 3) Identifying users and/or user groups who will be given access rights on the server, including specific access privileges.
21
Q
Included in securing a compute system
A
Securing physical server. Securing hypervisor. Securing VMs (VM isolation, VM hardening). Security at guest OS level (guest OS hardening). Security at application level (application hardening).
22
Q
VM protective measure against DOS attacks
A
Resource consumption of a VM needs to be restricted.
23
Q
Attempt to prevent legitimate users from accessing a resource or service.
A
Denial of Service (DOS)
24
Q
Could reveal information of a client to another malicious client that runs its VMs on the same server.
A
Cross-VM Side Channel Attack (SCA)
25
Extracts information by monitoring indirect activities (e.g., cache data).
Side Channel Attack (SCA)
26
A malicious program which is installed before a hypervisor or VMM is fully booted on a physical server, thereby running with privileged access and remains invisible to network administrators.
Rootkit
27
True or False: Regular security measures are effective against hyperjacking.
FALSE
28
A rootkit level vulnerability that enables an attacker to install a rogue hypervisor or VMM that can take complete control of the underlying physical server.
Hyperjacking
29
Measures against hyperjacking
1) Hardware-assisted secure launching of the hypervisor. 2) Scanning hardware-level details to assess the integrity of the hypervisor and locating the presence of the rogue hypervisor.
30
Enables an attacker to install a rogue hypervisor or VMM that can take control of the underlying server resources.
HyperJacking
31
Copy and move restrictions should be limited to what?
Critical / sensitive VMs only
32
Bind a VM to a specific physical machine
Copy and move restrictions
33
Essential to safeguard against VM theft
Copy and Move restrictions
34
Vulnerability that enables an attacker to copy or move a VM in an unauthorized manner.
VM Theft
35
True or False: VMs are vulnerable to attack when they are running and when they are powered-off.
TRUE
36
How are VM image files protected?
Encryption of VM image files is required as a protection measure when it is powered-off or during its migration.
37
How are VM templates protected?
VM templates must be kept encrypted.Access to VM templates should be restricted to privileged users (administrators).
38
Private data may include
Individual identity of a cloud user.Details of the services requested by a client.Proprietary data of the client.
39
Information assurance concerns for cloud users
Confidentiality, Integrity, and Availability (CIA) - - Authorized Use
40
Counter to challenge of VOA
Depth-in-Depth
41
Effects of a high velocity of attack (VOA)
Potential loss due to an attack is comparatively higher.It is comparatively difficult to mitigate the spread of the attack.
42
Velocity of Attack
Security threats amplify and spread quickly in a cloud
43
Refers to various access points / interfaces that an attacker can use to launch an attack
Attack Surface
44
Key measure against multitenancy-related security concerns
Mutual Client Isolation- Isolation of VMs- Isolation of data- Isolation of network communication
45
Why is multitenancy a key security concern for cloud service providers?
Enforcing uniform security controls and measures is difficult.
46
Why is multitenancy a key security concern for cloud clients?
Co-location of multiple VMs in a single server and sharing the same resources increases the attack surface.
47
Could occur when a malicious VM is installed on the same server and consumes all the server resources, thus preventing other VMs from functioning properly.
Denial of Service (DOS) Attack
48
Unauthorized loss or manipulation of data
Data Leakage
49
Attacker installs a rogue hypervisor or VMM that can take complete control of the underlying server.
HyperJacking
50
Guest OS or an application running on it breaks out and starts interacting directly with the hypervisor.
VM Escape
51
Involves unauthorized copying or movement of a VM.
VM Theft
52
Cloud Security Threats
VM Theft and VM Escape - HyperJacking - Data Leakage - Denial of Service (DoS) Attack
53
Cloud Security Concerns
Multitenancy - Velocity of Attack - Information Assurance - Data Privacy and Ownership
54
Type of security concerns common for all Cloud models.
Virtualization-specific security concerns
55
Type of encryption most commonly used to secure separate end points of a connection.Examples:- web browser and web server using https;- VPN client and server;- for transferring a symmetric key
Asymmetric encryption
56
Type of encryption most often used for data encryption.
Symmetric encryption
57
Key technique to provide confidentiality and integrity of data.
Encryption
58
Process of converting data to a form which cannot be used in any meaningful way without special knowledge.
Encryption
59
Set of all components that are critical to the security of the system.
Trusted Computing Base (TCB)
60
Five Levels of Security in Defense in Depth
1. Perimeter Security: Physical Security. 2. Remote Access Controls: VPN, Authentication, etc. 3. Network Security: Firewall, DMZ, etc. 4. Compute Security: Hardening, Anti-Virus, etc. 5. Storage Security: Encryption, Zoning, etc.
61
Also known as a "layered approach" to security.
Defense-in-Depth
62
A mechanism, which uses multiple security measures, to reduce the risk of security threats if one component of the protection gets compromised.
Defense-in-Depth
63
Considers multiple factors before permission to access a resource is granted to the user.
Multi-factor authentication
64
Process to evaluate the effectiveness of security enforcement mechanisms.
Auditing
65
Defines the scope of the access rights of a user on a resource.Example: read-only or read-write access.
Authorization
66
Process to give specific access rights to a user to resources.Defines the scope of the access rights of a user on a resource (e.g., read-only access or read-write access).
Authorization
67
Process to ensure that a user's credentials (e.g., identity) are genuine.Ensures that no illegitimate access is allowed.
Authentication
68
Ensures that authorized users have reliable and timely access to data.
Availability
69
Ensures that unauthorized changes to data are not allowed.
Integrity
70
Provides required secrecy of information.Ensures that only authorized users have access to data (information).
Confidentiality
71
To what is the CIA triad applied?
Physical and logical resources
72
Defines boundary between security-critical and non critical parts of an information system.
Trusted Computing Base (TCB)
73
Information Security Goals: CIA Triad
Confidentiality - Integrity - Availability
74
How is intrusion detection implemented under software-as-a-service model?a. Implemented by the Cloud Consumerb. Implemented by the Cloud Service Providerc. Implemented by the Cloud Service Provider and Consumer together
b. Implemented by the Cloud Service Provider
75
Which security mechanism provides an effective control for data confidentiality and integrity?a. Copy and move restrictionsb. Authorizationc. Trusted computing based. Encryption
d. Encryption
76
What is the primary goal of a security audit?a. Evaluate effectiveness of security enforcement.b. Evaluate effectiveness of data confidentiality.c. Evaluate effectiveness of data integrity.d. Evaluate effectiveness of data availability.
a. Evaluate effectiveness of security enforcement.
77
Which security goal is achieved by data shredding techniques?a. Preventing data lossb. Preventing data manipulationc. Ensuring data confidentialityd. Enabling data encryption
c. Ensuring data confidentiality
78
Which GRC process determines scope of adoption of Cloud services?a. Anti-virus protection measures in Cloudb. Business continuityc. Risk assessmentd. Disaster management
c. Risk assessment
79
Where a vendor lock-in concern is magnified.
Federated Cloud
80
Typically aries due to large data sets being sent to and from the CSP.
Network Latency
81
Must be allocated to the application to ensure performance.
Right amount of resources.
82
Common VM format that enables using a VM built in one Cloud to be deployed to another Cloud with minimum or no charges.
Open Virtual Machine Format (OVF)
83
Uses proven and widely accepted technologies.Prevents lock-in issues.Example is Open Virtual Machine Format (OVF)
Cloud Open Standards
84
Deterrent to moving services to the Cloud
Vendor Lock-In
85
Reasons that may cause Cloud Vendor / CSP lock-in
1. CSP may lack open standards or use proprietary software / APIs. 2. Rigid agreements with penalties. 3. Rules that prevent movement from one service to another (i.e., an app built on a PaaS from moving to an IaaS model). 4. Apps that require significant rework / redesign before deploying in a different Cloud.
86
What can impact Cloud performance?
Saturation of Cloud infrastructure
87
A must have from a CSP to ensure QoS.
Strong Service Level Agreements (SLAs)
88
True or False: QoS attributes (such as response time and throughput) are generally not part of an SLA.
False.
89
Factors included in an SLA.
Network Availability, Performance, etc.
90
Agreement between CSP and consumer that defines quality and reliability of service.Also defines penalty for not meeting the agreement.
Service Level Agreement (SLA)
91
Key Questions for a Cloud Service Provider
1. How long has provider been a CSP? 2. How well does the CSP meet the organization's current and future requirements. 3. How easy is it to relinquish resource not in use to reduce cost? 4. What tools does the CSP provide (like VM images) that would ease a move to another CSP if required? 5. How easy is it to add and remove services? 6. Does the CSP provide good customer support? 7. What happens when the CSP upgrades their software? (Is it forced on everyone? Can upgrades be scheduled per user?) 8. Does the CSP offer required security services? 9, Does the provider meet legal and privacy requirements?
92
Application type perceived as good candidate for Cloud, unless performance is sensitive.
Non-proprietary and non-mission critical applications
93
Applications that:- Are perceived as high-risk to move to Cloud;- But organization may not have adequate resources to maintain the application.
Non-proprietary but mission critical applications
94
Applications that:- Provide competitive advantage.- Perceived as high risk to move to cloud.- Typically maintained in-house.
Proprietary and Mission-Critical Applications
95
OLTP
OnLine Transaction Processing
96
What profile is used to help choose the Cloud model for an organization?
Risk vs. Convenience profile
97
Cloud infrastructure QoS components
Performance - Availability - Security
98
Key Questions for Cloud Migration
1. How does Cloud fit into the organization's requirements? (Financial advantage, convenience, etc.) 2. Which are the applications suitable for the cloud? 3. How do I choose the Cloud Vendor? 4. Is the Cloud Infrastructure capable of providing the required QoS? 5. How will I address Change Management concerns? 6. What can Cloud provide? (Application, platform, infrastructure)
99
Good candidates for the cloud
Non-proprietary and non-mission-critical applications
100
Can be moved to Cloud only if the organization lacks the skills to maintain the application or if the maintenance cost is high.
Non-proprietary but mission-critical applications
101
Should remain in-house
Proprietary and mission-critical applications
102
Some parts of application are moved into Cloud and some part remains in the data center.Good for applications that have several components, and are not tightly coupled.
Hybrid Migration Strategy
103
Entire application is migrated at once instead of in parts.Good for tightly coupled or self-contained applications.
Forklift migration strategy
104
Two application migration strategies
Forklift Migration Strategy - Hybrid Migration Strategy
105
Phase where applications are moved to the Cloud
Phase 3: Migration
106
Goal of this phase is to verify that an application runs as expected in the Cloud.
Phase 2: Proof of Concept
107
Two options available for migrating licensed software to the Cloud
1) Use the existing license. 2) Use SaaS-based Cloud service
108
Technical Assessment
Part of Phase 1 Migration, where the customer will: Identify whether Cloud provider offers required infrastructure. Identify whether an application is compatible with Cloud infrastructure. Identify dependencies of an application on other components and services. Identify latency and bandwidth requirements.
109
Security and Compliance Assessment
Part of Phase 1 Migration Assessment that: Involves security advisor early in the process. Enables organizations to identify risk tolerance and security threats for an application. Understanding regulatory / contractual obligations to store data in specific jurisdictions. Explores whether cloud vendor offers choice of selecting geographic location to store the data and guarantee that data does not move unless the organization decides to move it, options to retrieve data, download and delete options. Choice of encryption of data when in transit and at rest.
110
Part of Phase 1 Migration Assessment that:Provides cost comparison of in-house vs. service provider (TCO & ROI).Requires cost consideration of multiple elements.
Financial Assessment
111
Considerations during Phase 1: Assessment
Migration considerations Financial assessment Security and compliance assessment Technical assessment Issues with licensed products
112
Four Phases of Cloud Adoption
Phase 1: Assessment Phase 2: Proof of Concept Phase 3: Migration Phase 4: Optimization
113
Prevents vendor lock-in issues
Cloud open standards
114
Building block for multi-vendor, federated clouds and can make vendor lock-in avoidable.
Open standards
115
Example of a cloud open standard
Open Virtual Machine Format (OVF)
116
Two Key Cloud Performance Considerations
1) Infrastructure Performance 2) Network Latency
117
Agreement between the Cloud provider and the consumer that defines the quality and reliability of service.
Service Level Agreement (SLA)
118
SMB Attributes and Appropriate Cloud Model
Tier 1 Apps: Private Cloud Tier 2-4: Public cloud for backup, archive, testing non OLTP apps. Hybrid Cloud Model
119
Enterprise Profile and Appropriate Cloud Model
Tier 2-4: Private cloud Tier 1: may continue to run in a classic environment Private Cloud Model
120
Startup Profile and Appropriate Cloud Model
Convenience outweighs risk. No CAPEX and OPEX. Self-service. Back office, development, and production. Public Cloud model.
121
Cloud model where:- Convenience outweighs risk.- No CAPEX and OPEX.- Self-service.- Back office, development, and production
Public Cloud Model
122
Cloud model where:- Tier 2 - 4 apps run in a private cloud.- Tier 1 apps continue to run in a classic data center environment.
Private Cloud Model
123
Cloud model where:- Tier 1 apps run on Private Cloud.- Tier 2-4 apps use Public Cloud for backup, archive, testing & Non OLTP apps
Hybrid Cloud Model
124
Cloud model where:- convenience outweighs risk;- low cost or free;- examples include Picasa, Google Apps
Public Cloud Model
125
What factor could lead to Cloud vendor lock-in for consumers?a. Lack of open standards in Cloud operationsb. Lack of security compliancec. Mission critical nature of the applicationsd. Performance sensitivity of the business operations
a. Lack of open standards in Cloud operations
126
Which application is perceived as a good candidate for migrating to the public Cloud?a. Proprietary and mission-critical applicationb. Non-proprietary and non-mission critical applicationc. Mission critical and I/O intensive application
b. Non-proprietary and non-mission critical application
127
Which Cloud migration strategy is recommended for tightly coupled applications?a. Hybridb. Forkliftc. Privated. Public
b. Forklift
128
Which Cloud adoption phase enables the consumer to explore the geographic location to store their data?a. Assessmentb. Proof of conceptc. Migrationd. Optimization
a. Assessment
129
Which Cloud model is best suited for small and medium businesses?a. Publicb. Privatec. Hybridd. Community
c. Hybrid
