Jack wants to enable his team to develop cloud-native applications. Which of the
following is not a common element in a cloud-native application design?
A. Optimized assembly code
B. Automated release pipelines
C. Containers
D. Microservices
Give this one a try later!
A. Jack knows that languages that best fit cloud applications make the most
sense and that assembly language isn't likely to fit his CI/CD environment.
Use of automated release pipelines, containers, and microservices are all
common elements in the cloud application development and design.
________________ is where a malicious actor sends commands or other arbitrary data
through input and data fields with the intent of having the application or system
execute the code as part of its normal processing and queries.
,Give this one a try later!
An injection attack
A Security Assertion Markup Language (SAML) identity assertion token uses the
________________________ protocol.
A. Extensible Markup Language (XML)
B. Hypertext Transfer Protocol (HTTP)
C. Hypertext Markup Language (HTML)
D. American Standard Code for Information Exchange (ASCII)
Give this one a try later!
A. Security Assertion Markup Language (SAML) is based on XML. HTTP is
used for port 80 web traffic; HTML is used to present web pages. ASCII is
the universal alphanumeric character set.
Stacy is configuring a PaaS service for use in her organization. She would like to get
SSH access to the servers that will be executing her code and contacts the vendor to
request this access. what response should she expect?
A. Immediate approval of the request
B. Immediate denial of the request
C. The vendor will likely request more information before granting the request
D. The vendor will likely ask for executive-level approval of the request.
Give this one a try later!
B. In all likelihood, the vendor will immediately deny this request because
customers should not have access to underlying infrastructure in a PaaS
environment. If Stacy truly needs this access, she should consider an IaaS
offering instead of a PaaS offering.
,Matthew is reviewing a new cloud service offering that his organization plans to
adopt. In this offering, a cloud provider will create virtual server instances under a
multitenancy model. Each server instance will be accessible only to Mathew's
company. What cloud deployment model is being used?
A. Hybrid cloud
B. Public cloud
C. Private cloud
D. Community cloud
Give this one a try later!
B. The key to answering this question is recognizing that the multitenancy
model involves different customers accessing cloud resources hosted on
shared hardware. That makes this a public deployment regardless of the
fact that access to a particular server instance is limited to Matthew's
company.
Alaina's organization uses a secrets management service provided by their cloud
service provider. Alaina knows that the secrets are critical to the operations of the
service and wants to implement a "break-glass" emergency procedure in case the
service is unavailable. Which of the following is not a common best practice for this
type of secrets recovery capability?
A. Build an automated backup system for secrets.
B. Test the restore process for secrets regularly.
C. Use a second instance in the original provider's cloud for the backup system.
D. Encrypt backups and place them on secure storage.
Give this one a try later!
, C. OWASPs Secrets Management Cheatsheet describes three main
requirements for "break-glass" secrets backup environments: ensuring
automated backups are in place and executed regularly based on the
number of secrets and their lifecycle, frequently testing the restore
procedures, and encrypting backups and placing them on secure,
monitored storage.
Jim's organization wants to implement cryptographic erasure as their primary means
of destroying data when they are done with it. What first step is required to support
this through the data's lifecycle?
A. Hash all of the data at creation.
B. Zero-wipe drives before they are used to ensure no previous data is resident.
C. Encrypt the drive or volume at creation.
D. All of the above.
Give this one a try later!
C. Encrypting the drive or volume at creation ensures that any data written
to the drive or volume through its lifespan will be encrypted and that
destruction of the encryption key will result in secure destruction of the
data.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with
each other. They are located in different parts of the country but have exchanged
encryption keys by using digital certificates signed by a mutually trusted certificate
authority.
Which one of the following keys would Bob use to decrypt the plaintext message's
contents?
A. Alice's public key
B. Alice's private key
C. Bob's public key
D. Bob's private key
following is not a common element in a cloud-native application design?
A. Optimized assembly code
B. Automated release pipelines
C. Containers
D. Microservices
Give this one a try later!
A. Jack knows that languages that best fit cloud applications make the most
sense and that assembly language isn't likely to fit his CI/CD environment.
Use of automated release pipelines, containers, and microservices are all
common elements in the cloud application development and design.
________________ is where a malicious actor sends commands or other arbitrary data
through input and data fields with the intent of having the application or system
execute the code as part of its normal processing and queries.
,Give this one a try later!
An injection attack
A Security Assertion Markup Language (SAML) identity assertion token uses the
________________________ protocol.
A. Extensible Markup Language (XML)
B. Hypertext Transfer Protocol (HTTP)
C. Hypertext Markup Language (HTML)
D. American Standard Code for Information Exchange (ASCII)
Give this one a try later!
A. Security Assertion Markup Language (SAML) is based on XML. HTTP is
used for port 80 web traffic; HTML is used to present web pages. ASCII is
the universal alphanumeric character set.
Stacy is configuring a PaaS service for use in her organization. She would like to get
SSH access to the servers that will be executing her code and contacts the vendor to
request this access. what response should she expect?
A. Immediate approval of the request
B. Immediate denial of the request
C. The vendor will likely request more information before granting the request
D. The vendor will likely ask for executive-level approval of the request.
Give this one a try later!
B. In all likelihood, the vendor will immediately deny this request because
customers should not have access to underlying infrastructure in a PaaS
environment. If Stacy truly needs this access, she should consider an IaaS
offering instead of a PaaS offering.
,Matthew is reviewing a new cloud service offering that his organization plans to
adopt. In this offering, a cloud provider will create virtual server instances under a
multitenancy model. Each server instance will be accessible only to Mathew's
company. What cloud deployment model is being used?
A. Hybrid cloud
B. Public cloud
C. Private cloud
D. Community cloud
Give this one a try later!
B. The key to answering this question is recognizing that the multitenancy
model involves different customers accessing cloud resources hosted on
shared hardware. That makes this a public deployment regardless of the
fact that access to a particular server instance is limited to Matthew's
company.
Alaina's organization uses a secrets management service provided by their cloud
service provider. Alaina knows that the secrets are critical to the operations of the
service and wants to implement a "break-glass" emergency procedure in case the
service is unavailable. Which of the following is not a common best practice for this
type of secrets recovery capability?
A. Build an automated backup system for secrets.
B. Test the restore process for secrets regularly.
C. Use a second instance in the original provider's cloud for the backup system.
D. Encrypt backups and place them on secure storage.
Give this one a try later!
, C. OWASPs Secrets Management Cheatsheet describes three main
requirements for "break-glass" secrets backup environments: ensuring
automated backups are in place and executed regularly based on the
number of secrets and their lifecycle, frequently testing the restore
procedures, and encrypting backups and placing them on secure,
monitored storage.
Jim's organization wants to implement cryptographic erasure as their primary means
of destroying data when they are done with it. What first step is required to support
this through the data's lifecycle?
A. Hash all of the data at creation.
B. Zero-wipe drives before they are used to ensure no previous data is resident.
C. Encrypt the drive or volume at creation.
D. All of the above.
Give this one a try later!
C. Encrypting the drive or volume at creation ensures that any data written
to the drive or volume through its lifespan will be encrypted and that
destruction of the encryption key will result in secure destruction of the
data.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with
each other. They are located in different parts of the country but have exchanged
encryption keys by using digital certificates signed by a mutually trusted certificate
authority.
Which one of the following keys would Bob use to decrypt the plaintext message's
contents?
A. Alice's public key
B. Alice's private key
C. Bob's public key
D. Bob's private key
