Sample Questions and Answers
What does Immutable Infrastructure refer to in a cloud environment?
A) Infrastructure components that are never changed after deployment; instead, they are replaced with new versions
B) Infrastructure that can be modified on-the-fly
C) Infrastructure that never fails
D) Infrastructure stored on physical servers only
Answer: A
Explanation: Immutable infrastructure enhances stability and security by avoiding in-place changes.
What is a Cloud Service Level Agreement (SLA) primarily used for?
A) Defining the expected level of service, performance, and responsibilities between cloud providers and customers
B) Describing pricing only
C) Managing encryption keys
D) Deploying virtual machines
Answer: A
Explanation: SLAs clarify availability, support, and security commitments.
In cloud security, what is Data Sovereignty?
A) The legal requirement that data is subject to the laws and governance of the country where it is stored
B) Data encryption method
C) Backup frequency
D) Network latency
Answer: A
Explanation: Data sovereignty impacts compliance with regional laws like GDPR.
What type of attack exploits vulnerabilities in cloud service APIs?
A) API abuse attacks
B) Phishing attacks
C) Denial-of-service attacks
D) Social engineering attacks
Answer: A
Explanation: Malicious actors exploit APIs to gain unauthorized access or disrupt services.
Which cloud deployment model provides resources exclusively for one organization?
A) Private cloud
B) Public cloud
C) Hybrid cloud
D) Community cloud
Answer: A
Explanation: Private clouds offer dedicated infrastructure to a single organization.
What does DevSecOps emphasize?
A) Integrating security practices into DevOps workflows throughout the software development lifecycle
B) Only development practices
C) Only operations management
D) Outsourcing security
Answer: A
Explanation: DevSecOps promotes proactive security automation and collaboration.
Which of the following describes cloud elasticity?
A) The ability to dynamically increase or decrease resources as needed
B) Fixed resource allocation
C) Data backup process
D) Network firewall capability
Answer: A
Explanation: Elasticity supports cost optimization and scalability.
What is the primary purpose of a cloud encryption gateway?
A) To encrypt data before it is sent to the cloud and decrypt it upon retrieval
B) To provide cloud storage
C) To manage user accounts
D) To balance network traffic
Answer: A
Explanation: Encryption gateways protect data confidentiality beyond cloud provider controls.
What is the main security risk when using Shadow IT in organizations?
A) Unmanaged cloud services that bypass official IT controls, increasing risk of data exposure
B) Improved collaboration
C) Lower IT costs
D) Faster service deployment
Answer: A
Explanation: Shadow IT leads to lack of visibility and governance.
What is micro-segmentation in cloud security?
A) Dividing the cloud network into very small zones to enforce granular security policies
B) Increasing bandwidth
C) Backing up data frequently
D) Merging cloud networks
Answer: A
Explanation: Micro-segmentation reduces attack surfaces by isolating workloads.
Which compliance framework is specifically designed for cloud security?
A) Cloud Security Alliance’s Cloud Controls Matrix (CCM)
B) PCI DSS only
C) HIPAA only
D) ISO 27001 only
Answer: A
Explanation: CCM provides a controls framework tailored for cloud providers and consumers.
What is the function of a Key Management System (KMS) in the cloud?
A) Securely generating, storing, and managing cryptographic keys
B) Backing up data
C) Managing user passwords
D) Monitoring network traffic
Answer: A
Explanation: KMS ensures keys remain protected and controlled.
What does Zero Trust Security in the cloud imply?
A) No user or device is trusted by default, and continuous verification is required
B) Trusting all users inside the network
C) Disabling firewalls
D) Open network access
Answer: A
Explanation: Zero Trust improves security by verifying every access request.
Which cloud service model provides only the application software over the internet?
A) Software as a Service (SaaS)
B) Infrastructure as a Service (IaaS)
C) Platform as a Service (PaaS)
D) Network as a Service (NaaS)
Answer: A
Explanation: SaaS delivers ready-to-use software without managing underlying infrastructure.
What is the best practice for cloud data backup?
A) Regularly backing up data to a different geographic location and verifying restoration capability
B) Never backing up data
C) Backing up to the same data center only
D) Using only local backups
Answer: A
Explanation: Geographic backups protect against regional failures or disasters.
What is a cloud penetration test?
A) An authorized simulated cyberattack to identify vulnerabilities in cloud environments
B) An attack by malicious hackers
C) Data backup process
D) Cloud migration process
Answer: A
Explanation: Penetration tests evaluate security postures proactively.
Which of the following is a major concern in multi-cloud environments?
A) Consistent security and compliance management across multiple providers
B) Increased single point of failure
C) Lack of scalability
D) Reduced service options
Answer: A
Explanation: Multi-cloud increases complexity requiring unified security policies.
What cloud technology enables rapid provisioning and management of virtual machines?
A) Virtualization
B) Containers
C) Blockchain
D) Encryption
Answer: A
Explanation: Virtualization abstracts physical hardware to run multiple virtual machines.
What is a cloud-native application?
A) An application designed to fully leverage cloud computing models like scalability and elasticity
B) A traditional on-premises application
C) A desktop software
D) A mobile application only
Answer: A
Explanation: Cloud-native apps are built to be scalable, resilient, and manageable in cloud environments.
Which of the following is an identity and access management (IAM) best practice in the cloud?
A) Enforce multi-factor authentication and use role-based access controls
B) Share user accounts
C) Use weak passwords
D) Disable logging
Answer: A
Explanation: Strong IAM reduces risk of unauthorized access.
What does Cloud Workload Protection Platform (CWPP) focus on?
A) Securing workloads across cloud and hybrid environments with threat detection and prevention
B) Monitoring cloud costs
C) Encrypting emails
D) Managing databases
Answer: A
Explanation: CWPPs protect VMs, containers, and serverless workloads.
Which of these is an example of physical security control for cloud data centers?
A) Biometric access controls and surveillance cameras
B) Encryption keys
C) Firewall rules
D) Data masking
Answer: A
Explanation: Physical controls prevent unauthorized physical access to cloud infrastructure.
What is the purpose of cloud workload isolation?
A) Separating different workloads to limit the spread of attacks or faults
B) Merging workloads for efficiency
C) Backing up workloads
D) Encrypting workloads
Answer: A
Explanation: Isolation enhances security and stability.
What kind of cloud service model is Amazon S3 considered?
A) Object storage service (part of IaaS)
B) SaaS
C) PaaS
D) Network as a Service
Answer: A
Explanation: Amazon S3 provides scalable object storage as part of IaaS offerings.
Which of the following is NOT a characteristic of public cloud?
A) Dedicated hardware for a single customer only
B) Shared infrastructure among multiple tenants
C) Elastic scalability
D) Managed by cloud providers
Answer: A
Explanation: Public cloud resources are shared, unlike private clouds which are dedicated.
Reviews
There are no reviews yet.