NSE NSE Cloud Security & Virtualization

Question 1

In the cloud shared responsibility model, which security tasks are ALWAYS the customer's responsibility regardless of the cloud service model (IaaS, PaaS, SaaS)?

Accepted Answer

Data classification and identity/access management

Answer

Physical data center security

Answer

Hypervisor patching

Answer

Network hardware maintenance

Question 2

What is VM escape, and why is it a critical security concern in virtualized environments?

Accepted Answer

An attacker in a guest VM exploiting hypervisor vulnerabilities to gain control of the host or other VMs

Answer

A VM migrating between hosts without authorization

Answer

A VM losing network connectivity during live migration

Answer

A backup process copying VM data to unencrypted storage

Question 3

Which cloud deployment model provides the HIGHEST level of control over security configurations for an organization?

Accepted Answer

Private cloud

Answer

Public cloud

Answer

Community cloud

Answer

SaaS-delivered cloud

Question 4

What is the primary security purpose of a Cloud Access Security Broker (CASB)?

Accepted Answer

To provide visibility and policy enforcement between users and cloud services

Answer

To replace on-premises firewalls with cloud-hosted ones

Answer

To encrypt cloud storage buckets automatically

Answer

To manage physical access to cloud data centers

Question 5

In a containerized environment, which security practice reduces the attack surface of container images?

Accepted Answer

Building minimal images with only required dependencies and running containers as non-root

Answer

Using the latest full OS base image for all containers

Answer

Sharing the host kernel with unrestricted capabilities

Answer

Disabling container image scanning to speed up deployment

Question 6

Which security risk is unique to multi-tenant cloud environments compared to traditional on-premises infrastructure?

Accepted Answer

Data leakage between tenants due to improper isolation at the hypervisor or storage layer

Answer

The need to patch operating systems

Answer

The requirement for physical access controls

Answer

The use of role-based access control