Complete Comprehensive Questions and Correct Solutions | Latest
Update -2026 [Already Graded A+]
Question 1
A company is migrating several critical applications to a public cloud
environment. During the planning phase, management asks the cloud security
team to identify which security responsibilities remain with the organization
after migration. The team understands that while the cloud provider secures
the infrastructure, customers still have important security obligations.
Which responsibility belongs to the customer under the shared responsibility
model?
A. Maintaining physical security of the cloud data center
B. Securing the operating systems, user accounts, and application
configurations
C. Replacing failed hard drives in cloud servers
D. Controlling environmental systems within the provider's facilities
Correct Answer: B. Securing the operating systems, user accounts, and
application configurations
Rationale:
The shared responsibility model divides security responsibilities between the
cloud provider and the customer. The provider secures the physical
infrastructure, networking, and hardware, while customers are responsible
for protecting operating systems, applications, identities, access controls, and
the data they place in the cloud.
Question 2
1
,A security administrator discovers that several cloud storage buckets have
accidentally been configured to allow public access. Although no evidence of
data theft has been found, the organization wants to reduce the likelihood of
future exposure while still allowing authorized employees to access the data
remotely.
Which action should the administrator perform first?
A. Enable least-privilege access using Identity and Access Management (IAM)
policies
B. Purchase additional storage capacity
C. Disable encryption
D. Remove all user accounts
Correct Answer: A. Enable least-privilege access using Identity and
Access Management (IAM) policies
Rationale:
Publicly accessible storage is one of the most common cloud security
misconfigurations. Implementing IAM policies that enforce least privilege
ensures users receive only the permissions necessary to perform their job
functions while preventing unauthorized access.
Question 3
An organization wants to ensure that sensitive customer information stored in
the cloud remains unreadable even if unauthorized individuals gain access to
the storage system. The security team recommends encrypting all stored
customer records.
Which type of encryption provides this protection?
A. Encryption at rest
B. Encryption in transit
2
,C. Tokenization only
D. Data masking only
Correct Answer: A. Encryption at rest
Rationale:
Encryption at rest protects data stored on disks, databases, and cloud storage
services. Even if storage media are compromised, encrypted information
cannot be easily read without the appropriate encryption keys.
Question 4
A company requires employees to enter a password and approve a login
request using a mobile authentication application before accessing cloud
resources.
Which security control is being implemented?
A. Multi-factor authentication (MFA)
B. Single sign-on (SSO)
C. Network segmentation
D. Full-disk encryption
Correct Answer: A. Multi-factor authentication (MFA)
Rationale:
MFA requires two or more independent authentication factors, significantly
reducing the likelihood of unauthorized access if a password is compromised.
Question 5
A cloud security analyst reviews access logs and notices that an employee
account attempted hundreds of failed logins before successfully accessing
3
, multiple virtual machines outside normal business hours. The analyst
suspects the account credentials may have been compromised.
What should be the analyst's immediate priority?
A. Disable the account and begin the incident response process
B. Increase the user's storage quota
C. Upgrade the organization's internet connection
D. Ignore the activity because access was eventually successful
Correct Answer: A. Disable the account and begin the incident response
process
Rationale:
Indicators of compromised credentials require immediate containment.
Disabling the account helps prevent additional unauthorized activity while
investigators determine the extent of the compromise.
Question 6
A security engineer recommends implementing role-based access control
(RBAC) within the organization's cloud environment.
What is the primary benefit of RBAC?
A. Permissions are assigned according to job responsibilities.
B. Every user receives administrator privileges.
C. Passwords become unnecessary.
D. Encryption keys are automatically rotated.
Correct Answer: A. Permissions are assigned according to job
responsibilities.
4