Cloud Security Basics Coursera Quiz Answers

Get Cloud Security Basics Coursera Quiz Answers

This course introduces you to cybersecurity for the cloud. We’ll learn and apply classic security techniques to today’s cloud security problems. We start with a deceptively simple and secure web service and address the problems arising as we improve it. We’ll analyze recent cloud security vulnerabilities using standard, systematic techniques. We’ll build our own web service case studies and construct security solutions for them. Our toolkit contains classic security concepts like Least Privilege and Separation of Duty, as well as more technical cryptographic and access control techniques.

Enroll on Coursera

Week 1: Introduction

Quiz 1: Internet Service Security

Q1. The video lecture “Introducing Internet Service Security” described six steps to convert the isolated desktop system to a cloud-based solution. Given the information in the video, which of the following has the largest attack surface?

  • Separated duties hosted on a secure, trusted local network
  • Isolated desktop with improved robustness
  • Isolated server relying on remote administration over the Internet
  • Isolated desktop with separated duties

Q2. Which of the following should be inside a company’s trust boundary? The answer should rely exclusively on security measures identified in the video.

  • Commercial Internet links between company sites
  • Storage for portable backup drives of critical company systems
  • Software vendors the company uses
  • Servers that manage critical company operations

Q3. In Step 2, the company adds software update and backup operations to the simple network service. These improvements introduce the following properties to the Step 1 system. Which of these increase the attack surface? Select all that apply.

  • Backup drive might be stolen by an attacker.
  • Malicious software might be loaded onto the service host during a software update.
  • Backup drive can quickly restore the system to operation if it suffers physical or software injury.
  • A software update may close attack vectors found in the server software or operating system.

Q4. The video lecture “Introducing Internet Service Security” uses a fortress and soldiers as an analogy for trust boundaries and attack vectors in computing systems. Suggest computing and networking components that correspond to attacks, defenses, vulnerabilities, trust boundaries, and attack vectors.

Quiz 2: Step 1

Q1. The video lecture “Introducing Internet Service Security” described six steps to convert the isolated desktop system to a cloud-based solution. Given the information in the video, which of the following has the largest attack surface?

  • Third-party hosted server that does not provide cloud-related benefits like adaptability to load. The server still relies on remote administration over the Internet.
  • Separated duties hosted on a secure, trusted local network
  • Isolated desktop with separated duties
  • Isolated server relying on remote administration over the Internet.

Q2. A company detected a login by a former employee, a senior executive whose account was not disabled after employment was terminated. The executive had both read and write access to the company’s principal finance and planning spreadsheet. This critical file contained all employee salaries, product unit costs, and other details.

Select the integrity impact level of this attack vector on the company.

  • None
  • Low
  • High

Q3. A notoriously charming hacker became famous in the 1980s for collecting login credentials by asking IT support people for passwords over the phone. He would typically pose as a fellow employee desperate to meet a deadline. If the hacker logged in, he could make hard-to-trace changes to company records.

Assume that the system stores passwords in hashed form, and IT phone support can’t change passwords. Select the integrity impact of this attack vector on the system.

  • High
  • None
  • Low

Q4. Kim hosts his family web site with a third party Internet hosting service. Family members visit the site occasionally to retrieve family photos or recipes.

Kim chose the hosting service because four major Internet retailers also use that service to handle customers on a 24/7 basis. All four sites handle a continuous stream of purchase transactions.

The Internet hosting system is hit by a DDOS attack. From the point of view of the retail web sites, what is the availability impact of of this attack vector?

  • None
  • Low
  • High

Q5. Below is a statement of an attack’s CIA impact in CVSS format. Select all answers below that are consistent with that statement.

C:L/I:N/A:L
  • The attack can locate and retrieve any secret data stored on the system
  • The attack makes system access less reliable.
  • The attack might change data on the system, but such changes are hard to control or predict.
  • The attack can retrieve a limited amount of data from the system that might or might not be secret.

Q6. Below is a statement of an attack’s CIA impact in CVSS format. Select all answers below that are consistent with that statement.

C:H/I:L/A:N
  • The system continues to operate even if the attack takes place.
  • The attack can locate and retrieve secret data stored on the system
  • The attack can change any data on the system.
  • The attack prevents users from accessing the system.

Q7. Which of the following should be inside a company’s trust boundary? The answer should rely exclusively on security measures identified in this lesson’s videos.

  • Trustworthy employees
  • Commercial Internet links between company sites
  • Software vendors the company uses
  • Client computers that manage critical company operations

Q8. We can decrease the service’s attack surface by omitting services that we don’t really need. Which of the following software services may we omit and still operate our web service:

  • FTP
  • Web server
  • Network protocol stack
  • Email
  • File system

Q9. In the schedule publishing scenario, we assess the confidentiality impact as low. Which of the following statements are true, and can be used to justify that assessment?

  • The host computer stores no confidential information except passwords.
  • The host computer does not contain a file system.
  • The password file is hashed.
  • The host computer blocks injection attacks.

Q10. Which of the following justify logging and monitoring on a server?

  • Laws, regulations, and industry standards often require it.
  • It is built into computer systems and there is no way to disable it.
  • Provides a way to detect attacks.

Quiz 3: Step 2

Q1. An attack takes place against some commercial software. Which of the following might be true if it is a zero day attack? Select all that apply.

  • A patch exists to block the attack but the attacked customer didn’t install the patch.
  • The software vendor did not know about the vulnerability exploited by the attack.
  • The software vendor knew about the vulnerability exploited by the attack, but did not create a patch to block the attack.

Q2. The Step 2 system introduces software updates and backups. How does this affect the availability impact of potential attacks?

  • It reduces the impact to low.
  • It has no effect.
  • It reduces the impact to none.

Q3. Given the four steps of a cyberattack, in which step do attackers focus on locating practical attack vectors?

  • Step 1: Scan the target
  • Step 2: Penetrate the target
  • Step 3: Exploit the assets
  • Step 4: Disappear

Quiz 4: Step 3

Q1. Which of the following best summarizes separation of duty?

  • Trust, but verify.
  • An individual should only be granted access to the resources and functions specifically required for their role in the company.
  • Important activities, like spending company money, must involve two or more separate individuals.

Q2. Which of the following access permissions must a user have in order to manage a web site?

  • Write access to the web server software’s web page content files.
  • Read access to the web server software’s web page content files.
  • Read access to the web server software’s executable file.
  • Write access to the web server software’s executable file.

Q3. The so-called insider threat arises when a criminal or malicious employee takes advantage of their position of trust within a company to attack its assets. Which of the following security measures directly address that threat?

  • Periodic back-ups
  • Periodic software updates
  • The trust boundary excludes non-employees. Employees are admitted inside the boundary.
  • Least privilege and separation of duty

Quiz 5: Steps 1 through 3

Q1. An attack takes place against some commercial software. Which of the following might be true if it is a zero day attack? Select all that apply.

  • The software vendor did not know about the vulnerability exploited by the attack.
  • A patch exists to block the attack but the attacked customer didn’t install the patch.
  • The software vendor knew about the vulnerability exploited by the attack, but did not create a patch to block the attack.

Q2. The Step 2 system introduces software updates and backups. How does this affect the availability impact of potential attacks?

  • It reduces the impact to none.
  • It has no effect.
  • It reduces the impact to low.

Q3. Given the four steps of a cyberattack, in which step do attackers focus on locating practical attack vectors?

  • Step 1: Scan the target
  • Step 2: Penetrate the target
  • Step 3: Exploit the assets
  • Step 4: Disappear

Q4. Which of the following best summarizes separation of duty?

  • An individual should only be granted access to the resources and functions specifically required for their role in the company.
  • Important activities, like spending company money, must involve two or more separate individuals.
  • Trust, but verify.

Q5. Which of the following best summarizes least privilege?

  • Important activities, like spending company money, must involve two or more separate individuals.
  • An individual should only be granted access to the resources and functions specifically required for their role in the company.
  • Trust, but verify.

Q6. Which of the following access permissions must a user have in order to manage a web site?

  • Write access to the web server software’s web page content files.
  • Write access to the web server software’s executable file.
  • Read access to the web server software’s web page content files.
  • Read access to the web server software’s executable file.

Q7. The so-called insider threat arises when a criminal or malicious employee takes advantage of their position of trust within a company to attack its assets. Which of the following security measures directly address that threat?

  • Periodic software updates
  • Periodic back-ups
  • The trust boundary excludes non-employees. Employees are admitted inside the boundary.
  • Least privilege and separation of duty

Q8. Many systems rely on file access permissions to implement separation of duty and least privilege. Based on the videos, which of the following is the recommended operating system mechanism to use?

  • Create groups to correspond to roles. Assign file access rights to each user based on the user’s role.
  • Create roles to correspond to user work assignments. Assign access rights to each user based on the user’s role.
  • Create groups to correspond to roles. Assign file access rights to the groups. Assign each user to a group based on the user’s role.
  • Create groups to correspond to users. Assign file access rights to the groups. Assign each user to a group based on the user’s ID.

Q9. Jan has been assigned to manage the schedule web page. Which of the following are within Jan’s trust boundary? Select all that apply

  • Software update application
  • System back-up application
  • Web management software (i.e. start or stop the service, perform basic configuration)
  • Web page files

Week 2: A Secure Network for a Private Cloud

Quiz 1: Network Layers and Addressing

Q1. How do we reduce a server’s attack surface when connected to both a private company network that provides administration and to the public internet?

  • Use a firewall to establish a DMZ.
  • Install thicker walls in the server room.
  • Use different internet server software.
  • Use two separate internet service connections, one for the server and the other for the company’s private network.

Q2. Which of the following are part of a socket address?

  • Destination IP address
  • Destination MAC address
  • Source port number
  • Destination port number
  • Source IP address
  • Source MAC address

Q3. Which of the following are public IP addresses?

  • 192.168.22.24
  • 172.217.0.46
  • 2607:f8b0:4005:80a:0:0:0:200e
  • 10.22.33.44

Q4. Which protocol layers are considered part of the network protocol stack?

  • Layer 7
  • Layer 6
  • Layer 5
  • Layer 4
  • Layer 3
  • Layer 2
  • Layer 1

Q5. When an application passes data to the protocol stack for transmission, what happens next?

  • The protocol stack adds headers for Layers 4, then 3, and then 2.
  • The protocol stack adds headers for Layers 2, then 3, then 4.
  • The protocol stack passes the socket addresses and destination MAC address to the device driver, which constructs the headers.

Quiz 2: Network Structure

Q1. Here are the seven protocol layers defined by the Open System Interconnect model. Indicate which of these layers are present in typical internet protocol implementations.

  • Transport Layer
  • Presentation Layer
  • Network Layer
  • Physical Layer
  • Application Layer
  • Link Layer
  • Session Layer

Q2. Given the address 182.24.114.220 identify the type of network address.

  • MAC address
  • IP V4 address
  • IP V6 address

Q3. Given the address 2607:f8b0:4005:80a:0:0:0:200e identify the type of network address.

  • MAC address
  • IP V6 address
  • IP V4 address

Q4. Which of the following is an example of a network with a layered defense?

  • It blocks the attacker from connecting directly to the target. The attacker must first penetrate a host that is reachable and that connects to the target.
  • It blocks Layer 2 traffic from entering the local site. The traffic must include Layer 3 addressing.
  • It deploys Network Address Translation to block inbound internet connections.

Q5. Host 2.1 has the MAC addresses for the other four workstations, but does not have IP addresses. Given this network arrangement, to which hosts may it send packets?

  • MAC DB
  • MAC AA
  • MAC DE
  • MAC AC

Q6. Which of the following are private IP addresses?

  • 11.22.33.44
  • 192.168.0.12
  • 10.22.33.44
  • 172.168.0.46

Q7. Host 1.4 wants to send a packet to Host 2.3. When 1.4 sends the packet, what addresses appear in the MAC header?

  • Source: AA, Destination: CA
  • Source: AA, Destination: DB
  • Source: CB, Destination: DB
  • Source: AA, Destination: CB

Q8. Which of the following form part of a socket?

  • Port number
  • MAC address
  • IP address
  • Application address

Q9. What role does NAT play in IP addressing?

  • It converts between IP V4 and IP V6 addresses.
  • It converts a private IP V4 address inside a private network into a public IP V4 address that can be routed on the Internet.
  • It converts a packet’s IP address into the correct MAC address for routing it across its next network hop.
  • A NAT address is a MAC address that allows a packet to retain its IP V4 addresses while traversing a private network.

Q10. For security reasons, Amalgamated Widget has kept part of their accounting department on a private IP V4 network. A new manager has arranged for a link to the public internet. What needs to happen for this connection to work?

  • The network needs a Layer 2 switch and nothing more.
  • The network needs a Layer 3 gateway and nothing more.
  • The network needs a Layer 3 gateway with network address translation.

Quiz 3: Traffic Filtering

Q1. We want to implement packet-filtered service control to manage which application layer services are allowed through the firewall. Which protocol header does the packet filter examine?

  • Layer 2
  • Layer 3
  • Layer 7
  • Layer 4

Q2. Is packet filtering considered more efficient than circuit filtering, or vice versa?

  • Circuit filtering is more efficient because it uses Network Address Translation (NAT).
  • Packet filtering is more efficient because it only searches a list of rules to make decisions. The circult filter must search its rules plus search and maintain a list of active circuits.
  • Packet filtering is more efficient because it only looks at Layer 2 and Layer 3 headers.
  • Circuit filtering is more efficient because it decides on allowing or blocking an entire circuit when the circuit is first established. No more checking is required.

Q3. We want the packet filter to discard incoming packets that contain obvious address forgeries. For example, it should discard packets arriving from the internet that contain one of our site’s IP addresses as the source address. Which protocol header should this filter examine?

  • Layer 4
  • Layer 3
  • Layer 7
  • Layer 2

Q4. Why can’t an attacker on the internet easily send a packet to a host behind a NAT device?

  • The NAT device won’t deliver packets from the internet unless they belong to an established circuit.
  • The NAT device never delivers packets that arrive from the internet.
  • The NAT device contains a list of authorized internet servers and discards all traffic from other hosts.

Q5. Which of the following internet protocols are used by client hosts to retrieve a user’s email messages?

  • Internet Message Access Protocol (IMAP)
  • Simple Mail Transfer Protocol (SMTP)
  • Post Office Protocol 3 (POP3)
  • Internet Control Message Protocol (ICMP)
  • Message Queueing Telemetry Transport (MQTT)

Q6. At what layer do email protocols generally operate?

  • Layer 2
  • Layer 7
  • Layer 3
  • Layer 4

Q7. Tim has a small network and wants his filtering gateway to restrict access to specifically identified host computers. What protocol layer will do this most effectively?

  • Layer 2
  • Layer 3
  • Layer 4
  • Layer 7

Q8. At what protocol layer do we scan email for malware?

  • Layer 3
  • Layer 4
  • Layer 2
  • Layer 7

Week 3: Cryptography for Remote Access and Support

Quiz 1: Public Key Exchange and TLS

Q1. Why is credential sniffing such a problem on the public internet? Select all that apply.

  • Internet routing may transmit a packet containing credentials through untrustworthy hosts, networks, and routers.
  • Traditional protocols transmit credentials in plaintext.
  • Client computers don’t hash passwords before sending them across the internet.
  • Many sites use HTTPS instead of HTTP

Q2. Is it easier to protect passwords or cryptographic keys when sharing them on the internet?

  • Both are equally difficult.
  • Passwords are easier to protect because they are in text format.
  • Secret keys are easier to protect because they are in raw binary format.

Q3. Which keys are kept secret if a client and server use public-key sharing to construct a shared secret?

  • Server’s private key
  • Client’s public key
  • Client’s private key
  • Server’s public key

Q4. How do we construct a shared secret using public-private key pairs?

  • The client combines their own public key with the server’s public key, and vice versa.
  • The client combines their own private key with the server’s public key, and vice versa.
  • The client combines their own public key with the server’s private key, and vice versa.
  • The client combines their own private key with the server’s private key, and vice versa.

Q5. What type of cryptography does TLS typically use to encrypt data shared between the client and server?

  • Diffie-Hellman
  • Elliptic curve
  • RSA
  • AES

Quiz 2: Crypto Authentication

Q1. Below is a list of attack vectors against authentication. Which are blocked by password hashing?

  • Copy the password from a backed-up copy of the authentication database.
  • Read a password as it is typed: shoulder surfing.
  • Copy the password while being transmitted from client to server.
  • Copy the password from the authentication database.

Q2. In which of the following is the Authenticator Secret identical to the Credential?

  • Challenge-Response authentication
  • Reusable text password stored in a hashed Authentication Database
  • Reusable text password stored in plaintext in the Authentication Database
  • One-time password generator, like SecurID

Q3. How does TLS protect the integrity of its messages, and how does the protection work?

  • TLS uses a shared secret to encrypt the data. This protects it from change.
  • TLS uses a one-way hash. It relies on using the message as input when calculating the one-way hash. If even one bit of the message text is changed, the one-way hash result will also change.
  • TLS uses a keyed hash. It relies on a shared secret key that is combined with the message when calculating the one-way-hash.

Q4. How is the challenge-response verification procedure different from that used for one-time passwords?

  • The procedure uses the shared secret as input instead of the clock value.
  • The procedure uses the challenge as input instead of the clock value.
  • The procedure uses the clock value as input instead of the credential.

Q5. A one-way hash scrambles its input data irreversibly. Why is that useful in authentication? Select all that apply.

  • Attackers can’t invert a response to a challenge-response authentication to extract the authentication secret.
  • The server can verify a one-time password without needing a copy of the authentication secret.
  • It makes it much harder to extract plaintext passwords from hashed passwords.
  • Help desk operators can extract plaintext passwords from the password database.

Quiz 3: Server Authentication

Q1. A client uses RSA key transport to share a key with a server. How does the client encrypt the key?

  • Encrypt with client’s public key
  • Encrypt with server’s public key
  • Encrypt with client’s private key
  • Encrypt with server’s private key

Q2. A client creates a digital signature for some data by encrypting its hash using RSA. How does the client encrypt the hash?

  • Encrypt with client’s public key
  • Encrypt with client’s private key
  • Encrypt with server’s public key
  • Encrypt with server’s private key

Q3. Which of the following errors will cause a browser to reject a certificate?

  • Certificate’s name does not match the web page’s contents.
  • Certificate’s name does not match the web page title.
  • Certificate has expired.
  • Certificate’s name does not match the requested URL.

Q4. A client transmits the following URL:

https://mydomain.com/home/index.htm:8080

It receives a certificate from the server. Which parts of the URL can be verified using the certificate? Select all that apply.

  • mydomain.com
  • /home
  • /index.htm
  • :8080

Q5. The image below was clipped from a browser. Which of the following statements are true?

  • A public-key certificate has been issued for the site “google.safeid.us”
  • The client is visiting the official Google web site
  • Server authentication failed to act as designed
  • The web server contains an image of a Google logo.
  • The client used TLS to authenticate the server

Q6. Which of the following are secret key algorithms?

  • Keyed hash
  • Rivest-Shamir-Adleman (RSA)
  • Advanced Encryption Standard (AES)
  • Elliptic curve cryptography
  • Diffie-Hellman

Quiz 4: Public Key Certificates

Q1. A web site we visit uses an expired certificate. What does that really mean?

  • An attacker has compromised the site’s private key.
  • The certificate has failed its digital signature check.
  • The web site is probably bogus because the site’s administrators failed to renew their public key certificate.
  • The web site is probably authentic, but the site’s administrators failed to renew their public key certificate.

Q2. When RSA issued certificates for Netscape Navigator, how did the browser validate certificates?

  • The browser used a built-in trust anchor to validate the certificate received from the server.
  • The browser used a built-in trust anchor to validate a chain of certificates provided by the server.
  • The server provided a chain of certificates, at least one of which was issued by a root authority included in the browser’s list of authorities.
  • The browser searched a list of root certificate authorities and chose the appropriate trust anchor from that list. The chosen trust anchor validated the certificate.

Q3. Jan visited a modern, TLS-protected web site. How did Jan’s browser validate the site’s certificate?

  • The browser used a built-in trust anchor to validate the certificate received from the server.
  • The browser searched a list of root certificate authorities and chose the appropriate trust anchor from that list. The chosen trust anchor validated the certificate.
  • The browser used a single, built-in trust anchor to validate a chain of certificates provided by the server.
  • The server provided a chain of certificates, at least one of which was issued by a root authority included in the browser’s list of authorities.

Q4. Kim needs a public/private key pair. For the best security, which of the following must remain inside Kim’s personal trust boundary?

  • Kim’s public key
  • Random data used to generate Kim’s key pair
  • Kim’s private key
  • Kim’s public key certificate

Q5. The certificate chaining examples in the videos show only one intermediate authority. Is it possible for the chain to contain additional intermediate authorities? Choose the most accurate answer.

  • The chain structure allows an arbitrary number of intermediate authorities.
  • The chain structure only allows a single intermediate authority.
  • The chain structure allows between zero and four intermediate authorities.

Q6. Modern public key certificates contain numerous fields. As discussed in these videos, which three fields are fundamental to the certificate’s role?

  • The certificate’s expiration date
  • The owner’s physical address
  • The name of the public key’s owner
  • A digital signature protecting the certificate’s contents
  • The name of the certificate’s issuer
  • The public key’s digital value

Q7. The safest situation is for a private key to exist within a trust boundary controlled by the key’s owner. Which of the following fulfill this requirement?

  • Bob generates a public/private key pair on his personal computer and signs his own public-key certificate. The private key is stored in plaintext and backed up using an online service.
  • An app on Bob’s smart phone generates a public/private key pair.
  • Bob generates a public/private key pair on his personal computer and signs his own public-key certificate. Bob never exports the private key.
  • Bob contacts a trustworthy commercial certificate authority. The authority generates a public/private key pair for him, along with a certificate signed by the authority.

Quiz 5: Step 5 Services

Q1. Alice is setting up a web site to use TLS. She has chosen a service provider. Choose the most secure actions available for setting up the site.

  • Alice locates the exact server software she wants. The site uses HTTP, and it publishes a keyed hash value she can use to verify that her download worked reliably.
  • Alice locates the exact server software she wants. The site uses HTTPS, and it publishes a keyed hash value she can use to verify that her download worked reliably.
  • Alice instructs software residing at her service provider to generate a public/private key pair. The private key is generated and stored in a protected area with the rest of her server software.
  • Alice uses her client computer to generate a public/private key pair. She uploads the private key to her service provider, storing it in a protected area with her server software.

Q2. Alice has contracted with an online backup service to back up her web server. She has generated a secret key to use for encrypting the backups. Which of the following sites need a copy of that secret key? Select all that apply.

  • Alice’s headquarters computer
  • The network service provider
  • Alice’s server residing at her service provider
  • The online backup service

Q3. Alice’s server software supports automated updates. The server automatically validates software patches it uploads. Which of the following techniques ensures the software’s integrity? Select the best two.

  • Every software update is published along with a one-way hash value. The update and hash value are transmitted separately to the server during an update. The server verifies the update’s hash value.
  • Every software update contains a public key certificate. The certificate’s public key verifies a digital signature covering the text of the software update.
  • The server software contains a trust anchor that verifies a digital signature covering the text of the software update.
  • The server software contains a trust anchor. Every software update contains a public key certificate. The trust anchor verifies the certificate and the certificate’s public key verifies a digital signature covering the text of the software update.

Q4. What happens if a software update modifies the trust anchor being used to validate the software updates?

  • The operation fails. When the trust anchor changes, it damages the integrity of the software update, rendering it invalid.
  • The operation works correctly. The latest update is validated against the old trust anchor. Then the update operation changes the trust anchor to its new value.

Q5. Alice has hired Bob to help with server administration. How does she manage the user IDs?

  • Alice lets Bob use the “Admin” account
  • Alice sets up a unique login for Bob and gives it administrative privileges.
  • Alice gives her own account administrative privileges and shares the account credentials with Bob.

Week 4: Step 6 and Cloud Security

Quiz 1: Cloud Architecture

Q1. In the PaaS model, the cloud provider takes full or partial responsibility for some of the software layers listed below. Select those layers.

  • Operating system
  • Service application software
  • Middleware

Q2. Which of the following are used to implement trust boundaries in the IaaS model? Select all that apply.

  • Access controls implemented by the cloud provider
  • Data storage encryption
  • Network encryption

Q3. Which deployment models require third party hosting?

  • Community cloud deployment
  • Hybrid cloud deployment
  • Private on-premises cloud deployment
  • Public cloud deployment

Q4. In the generic 3-host cloud architecture described here, which host handles incoming service requests from the internet?

  • Back-end database server
  • Front-end server
  • Load balancer

Q5. When must administrators use the “root” cloud service account? Select all that apply.

  • To create subaccounts for administrators.
  • To configure virtual machines.
  • To set up access permissions for cloud storage and virtual servers.
  • To start and stop cloud-hosted services.

Quiz 2: Virtualization and Network Crypto

Q1. An application program runs virtual machines on a computer. The program runs on the bare hardware instead of running atop an operating system. What kind of application is this?

  • Sandbox
  • Type 1 hypervisor
  • Type 2 hypervisor
  • Processor

Q2. How does virtualization provide improved security?

  • Cloud virtualization uses load balancers to distribute the work.
  • Virtualized software systems are more portable between execution environments.
  • The virtual environment intercepts all resource accesses and can enforce its own access restrictions.
  • VMs use encryption in place to restrict access to their data.

Q3. Why does the instructor argue that IPsec protocols are safe and secure to use?

  • There are comprehensive proofs based on mathematics and computer science that conclusively validate the security of the IPsec protocol family.
  • Academic and commercial security researchers closely study the protocols and publish their findings. Many vulnerabilities have been found, reported publicly, and fixed.
  • Individuals associated with the National Security Agency were actively involved in designing the protocols.
  • The National Security Agency has taken no steps to try to attack or weaken VPN protocols.

Q4. Which of the following network security protocols provide application transparency?

  • WPA2
  • IPsec
  • SSL/TLS

Q5. Which of the following network security protocols provide network transparency?

  • WPA2
  • SSL/TLS
  • IPsec

Q6. Which of the following best capture the meaning of red versus black in cryptography?

  • We have effectively minimized threats on the black side, but threats still exist on the red side.
  • Plaintext resides on the red side, ciphertext on the black side.
  • We have effectively minimized threats on the red side, but threats still exist on the black side.
  • Plaintext resides on the black side, ciphertext on the red side.

Q7. Which of the following is a similar concept to the red/black boundary?

  • Attack surface
  • Process
  • Virtual machine
  • Trust boundary
Conclusion:

I hope this Cloud Security Basics Coursera Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.

This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.

Keep Learning!

More Coding Solutions >>

LeetCode Solutions

Hacker Rank Solutions

CodeChef Solutions

Leave a Reply

Your email address will not be published.