NSE NSE Cloud Security & Virtualization

Question 1

In the cloud shared responsibility model, which security tasks are ALWAYS the customer's responsibility regardless of the cloud service model (IaaS, PaaS, SaaS)?

Accepted Answer

Data classification and identity/access management

Answer

Regardless of cloud model, customers always retain responsibility for their data classification, protection, and identity/access management of their users.

Question 2

What is VM escape, and why is it a critical security concern in virtualized environments?

Accepted Answer

An attacker in a guest VM exploiting hypervisor vulnerabilities to gain control of the host or other VMs

Answer

VM escape exploits hypervisor flaws to break the isolation boundary, allowing a malicious guest VM to access the host OS or other tenant VMs.

Question 3

Which cloud deployment model provides the HIGHEST level of control over security configurations for an organization?

Accepted Answer

Private cloud

Answer

A private cloud gives the organization full control over infrastructure, hypervisors, and security configurations since the environment is dedicated solely to that organization.

Question 4

What is the primary security purpose of a Cloud Access Security Broker (CASB)?

Accepted Answer

To provide visibility and policy enforcement between users and cloud services

Answer

A CASB sits between cloud service consumers and cloud providers to enforce security policies, provide visibility, and detect shadow IT usage.

Question 5

In a containerized environment, which security practice reduces the attack surface of container images?

Accepted Answer

Building minimal images with only required dependencies and running containers as non-root

Answer

Minimal base images reduce the number of packages that could contain vulnerabilities, and non-root execution limits the damage if a container is compromised.

(NSE) Network Security Expert Practice Test

(NSE) Network Security Expert Practice Test

NSE NSE Cloud Security & Virtualization