Cyber Security Cloud Security 3

Question 1

What is container image scanning used to detect in DevSecOps?

Accepted Answer

Known vulnerabilities in OS packages and libraries within container images

Answer

Misconfigurations in Kubernetes RBAC policies

Answer

Unauthorized network access between pods

Answer

Excessive CPU usage by containers

Question 2

What does Zero Trust Architecture assume about network traffic?

Accepted Answer

No user or system is trusted by default, regardless of network location

Answer

Internal network traffic is always trusted and requires no authentication

Answer

Cloud traffic is inherently more secure than on-premises traffic

Answer

VPN users do not need multi-factor authentication

Question 3

What is a cloud workload protection platform (CWPP) designed to secure?

Accepted Answer

Servers, containers, and serverless functions running in cloud environments

Answer

Cloud provider billing accounts

Answer

Network traffic between cloud regions

Answer

Cloud-based identity directories

Question 4

What is the key benefit of encrypting data at rest in cloud storage?

Accepted Answer

It protects data from unauthorized access if storage media is compromised or misconfigured

Answer

It speeds up data retrieval from cloud services

Answer

It reduces cloud storage costs

Answer

It prevents data loss due to hardware failure

Question 5

What does a cloud DLP (Data Loss Prevention) tool help prevent?

Accepted Answer

Unauthorized exfiltration of sensitive data from cloud environments

Answer

DDoS attacks against cloud applications

Answer

Malware infections in cloud storage buckets

Answer

Unauthorized changes to cloud infrastructure

Question 6

Which compliance framework is specifically designed for organizations handling US federal government data in the cloud?

Accepted Answer

FedRAMP

Answer

PCI DSS

Answer

HIPAA

Answer

SOC 2