Strengthen your cloud security knowledge with this quiz featuring practical interview scenarios, key security principles, and common cloud vulnerabilities. Perfect for those preparing for cloud security job interviews and seeking to evaluate their understanding of core cloud security concepts.
In a typical shared responsibility model, which party is primarily responsible for managing the security of the operating system in an Infrastructure-as-a-Service (IaaS) environment?
Explanation: In IaaS, the customer is generally responsible for securing the operating system, including patching and configuration. The cloud provider manages the underlying infrastructure but not the guest OS. A third-party auditor might assess security but isn't directly responsible. The provider's network administrator manages networking infrastructure, not customer OS security.
Which access control method best limits excessive permissions by granting only the minimum necessary privileges required to perform a specific task?
Explanation: The principle of least privilege means users and processes get the minimum permissions needed for their tasks, reducing security risks. Single sign-on simplifies authentication but does not address permissions granularity. Role sprawl is actually a risk, not a control, where too many roles cause confusion. Multi-tenancy refers to shared resources, unrelated to permissions allocation.
A company wants to ensure that data stored in the cloud is unreadable by unauthorized users, even if the storage system is compromised. What is the most effective security technique to achieve this goal?
Explanation: Encryption at rest secures stored data by making it unreadable without proper decryption keys, protecting against unauthorized access. Load balancing and autoscaling address performance and availability—not confidentiality. URL filtering is used to restrict web access and does not protect stored data.
Which of the following practices best mitigates the risk of orphaned accounts with lingering access after an employee leaves a cloud-enabled organization?
Explanation: Regular access reviews help detect and remove accounts that should no longer have access, preventing security risks from orphaned accounts. Strong passwords and multi-factor authentication strengthen login security but do not directly address deprovisioning issues. Resource tagging is for organizing assets, not account management.
If a cloud application improperly configures its storage, accidentally exposing private files to the public internet, which cloud security issue is most likely at fault?
Explanation: Misconfiguration is a common cause of unintended data exposure in the cloud, especially when storage is mistakenly set to public. SQL injection is a code vulnerability, not a storage error. Malware infection involves malicious software, which is unrelated to storage settings. Brute-force attacks target authentication but do not expose files by misconfiguration.