SUBJECT: CCS362 SECURITY AND PRIVACY IN CLOUD

QUESTION BANK

Unit 1

TWO MARK QUESTION WITH ANSWERS

1. What are the five security services provided by cloud computing?

Ans. : The five security services provided by cloud computing are confidentiality,
integrity, authentication, nonrepudiation and access control.
• Confidentiality ensures that data is only accessible to authorized users.
• Integrity ensures that data is not modified without authorization.
• Authentication ensures that users are who they say they are.
• Nonrepudiation ensures that users cannot deny sending or receiving data.
• Access control ensures that users only have access to the data and resources they need.

2. What are the two main types of cryptography?

Ans. : The two main types of cryptography are conventional cryptography and public -
key cryptography.
• Conventional cryptography uses a single key to encrypt and decrypt data.
• Public - key cryptography uses two keys, a public key and a private key. The public
key is used to encrypt data and the private key is used to decrypt it.

3. What are hash functions and how are they used in cloud security?
Ans. : Hash functions are used to create a unique digital fingerprint of data. This
fingerprint can be used to verify the integrity of data, to detect unauthorized
modifications and to create digital signatures.

4. What are digital signatures and how are they used in cloud security?
Ans. : Digital signatures : Digital signatures are cryptographic techniques used to ensure
the authenticity and integrity of digital documents or messages. A digital signature is
created using the sender's private key and it can be verified using the corresponding
public key. It provides a way to prove the authenticity of the sender and detect any
tampering or modifications to the signed data. Digital signatures are commonly used for
non - repudiation purposes.

5. Compare cloud security vs traditional network security.

Cloud security Tradition network security

Hosted and managed by third - party cloud On-premises infrastructure controlled by
service provider the organization
Shared responsibility model On-premises infrastructure controlled by
the organization
 Highly scalable and flexible Scalability may be limited by hardware
constraints
Limited control and visibility over the Full control and visibility over the network
underlying infrastructure infrastructure

6. Define nonrepudiation.
Ans.: Nonrepudiation is a crucial security service in cloud computing that ensures the
integrity and authenticity of digital transactions, preventing the involved parties from
denying their participation or the validity of the transaction. It provides evidence to prove
that a specific action or communication took place and that the parties involved cannot
later deny their involvement.

7. Differentiate symmetric - key cryptography and asymmetric - key cryptography

Symmetric - key cryptography Asymmetric - key cryptography

Requires a single shared secret key known Utilizes a pair of mathematically related
to both the sender and receiver. keys: a public key and a private key. The
public key is freely distributed, while the
private key is kept secret.
Same key is used for both encryption and Encryption is performed using the
decryption processes recipient's public key, while decryption is
done using the recipient's private key.
Generally faster due to simpler algorithms Generally faster due to simpler algorithms
and shorter key lengths and shorter key lengths
Requires secure and confidential Requires secure and confidential
distribution of the shared secret key. distribution of the shared secret key.

8. List the applications of cryptography.

Ans.: Applications of cryptography:
• Public keys are freely distributed, while private keys are kept secret. RSA, ECC,
Diffie- Hellman
• Cryptography is extensively used in various aspects of computer security and has
several applications. Here are some examples :
• Password security to the previously stored hash.
• Digital currencies.
• Secure web browsing.
• Electronic signatures
• Authentication
• Cryptocurrencies.
• End-to-End Encryption

9. Define MAC.
Ans. : Message Authentication Code (MAC) A Message Authentication Code (MAC) is
a cryptographic technique used to verify the integrity and authenticity of a message. It is
a short piece of information generated from the message using a secret key and a MAC
algorithm. The MAC serves as a digital signature for the message, allowing the recipient
to verify that the message has not been tampered with and that it originates from a trusted
 source

10. What is meant by access control and give its uses?

Ans. : Access control is a fundamental security service in cloud computing that governs
and manages user access to resources and data within a cloud environment. It ensures
that only authorized individuals or entities can access specific resources or perform
certain actions, while restricting access to unauthorized users. Access control is crucial
for maintaining the confidentiality, integrity and availability of data and resources in the
cloud.

Unit 2

1. What is data security in cloud computing?

Ans. : Data security in cloud computing refers to the protection of data stored, processed
and transmitted within cloud environments. It involves implementing measures and
controls to ensure the confidentiality, integrity and availability of data in the cloud.

2. What is isolation in cloud computing and why is it important?

Ans. : Isolation in cloud computing refers to the practice of separating different resources
and workloads from each other to prevent interference or unauthorized access. It is
important because it helps to ensure the security and privacy of data and applications, as
well as to prevent performance issues caused by resource contention. By isolating
resources, cloud providers can also offer better reliability and availability guarantees to
their customers

3. Why is network segmentation important for multi-tenancy and security?

Ans. : Network segmentation is important for multi-tenancy and security because it helps
to isolate and segregate network traffic between different tenants in a cloud computing
environment. By dividing the network into distinct segments, each tenant's resources and
data can be logically separated and protected from unauthorized access. This prevents the
lateral movement of threats and limits the impact of any potential security breaches.
Network segmentation enhances data privacy, reduces the attack surface and provides
better control over network traffic, improving overall security and ensuring the integrity
and confidentiality of tenant data in multi-tenant cloud environments.

4. What is cloud data retention? Give its types

. Ans.: Cloud data retention is the practice of storing, archiving, or otherwise retaining
data in cloud storage. There are three types of cloud data storage that may be used to
facilitate cloud data retention :
• Object storage - Object storage designates each piece of data as an object, adds
comprehensive metadata to every object, and eliminates the hierarchical organization of
"files and folders"
• File storage - In a file storage system, data exists in named files that are organized into
folders. Folders may be nested in other folders, forming a hierarchy of data-containing
directories and sub-directories.
• Block storage - Block storage technology separates data into blocks, breaks those
 blocks into separate pieces, assigns each piece a unique identifier code and stores the data
on a Storage Area Network (SAN).

5. What is the purpose of data redaction?

Ans.: The primary goal of data redaction is to protect sensitive data while allowing
authorized users to access and work with the remaining non-sensitive information. It
helps organizations comply with data privacy regulations and safeguard sensitive data
from unauthorized disclosure or misuse.

6. Define tokenization.
Ans. : Tokenization is a data protection technique used to replace sensitive information
with unique identification symbols, called tokens, while retaining the necessary
information required for processing without compromising security. The process involves
substituting sensitive data elements, such as credit card numbers, social security numbers,
or personal identifiers, with randomly generated characters or symbols.

7. What are the techniques used in obfuscation?

Ans. : Techniques Used : Obfuscation techniques can vary depending on the type of data
being protected. Some common obfuscation techniques include :
• Code Obfuscation: Modifying source code to make it harder to understand and reverse-
engineer, such as renaming variables, adding meaningless instructions, or using code
obfuscation tools.
• Data Obfuscation : Transforming sensitive data by applying encryption, data masking,
Shuffling, or substitution techniques, making it difficult to interpret without the proper
decryption or de-obfuscation process.
• Protocol Obfuscation: Modifying communication protocols or data formats to obscure
the underlying structure, making it challenging to analyze or intercept the data
transmission.

8. What are the key aspects of data virtualization?

Ans. : • Data abstraction: Data virtualization platforms abstract the complexity of
underlying data sources, providing a logical and unified view of the data.
• Data federation: Data virtualization enables real-time access and integration of data
from heterogeneous sources, without physically moving or copying the data.

9. List the benefits of storage virtualization.

Ans. : • Improved utilization: Storage resources can be dynamically allocated and scaled
based on demand, avoiding overprovisioning and optimizing capacity utilization.
• Simplified management: Virtualization abstracts the complexity of underlying storage
infrastructure, allowing centralized management and simplified provisioning.
• Data migration and mobility : Virtualized storage simplifies data migration between
storage systems and enables seamless movement of virtual disks or files.
• Data availability and redundancy : Virtualization technologies provide features such as
replication, snapshots and RAID to enhance data protection and availability
10. Define Certificate Authority (CA).
Ans.: The certificate authority is a trusted entity responsible for issuing and managing
digital certificates within a PKI system. It acts as a trusted third party that verifies the
identity of entities (eg., individuals, organizations) and binds their public keys to their
identities. The CA issues digital certificates that contain the entity's public key and other
relevant information, digitally signing them with the CA's private key. This allows
recipients to verify the authenticity of the certificate and the associated public key.

Unit 3

1. Define RBAC.
Ans. : • Role-Based Access Control (RBAC) is an access control model widely used in
cloud infrastructure.
• RBAC assigns roles to users based on their job responsibilities, defining their
permissions and access rights within the cloud environment.
•Roles represent various job functions, such as administrator, developer, or analyst.
• Permissions are associated with each role and define the actions or operations users can
perform.
• RBAC follows the principle of least privilege, granting users the minimum necessary
permissions required for their tasks.

2. What are the components of role-based access control?

Ans. : • Roles : A role is a collection of permissions that define what a user is allowed to
do. For example, a role might have permissions to create, delete and modify resources.
• Permissions: A permission is a right that allows a user to perform an action on a
resource. For example, a permission might allow a user to read a file or write to a
database.
• Users: A user is an individual who is granted access to a cloud resource.

3. What are the four types of role-based access control in cloud infrastructure?

Ans. : • Basic RBAC : Basic RBAC is the foundational level of RBAC implementation.
It involves assigning roles to users based on their job responsibilities or functional roles
within the organization.
• Hierarchical RBAC : Hierarchical RBAC builds upon the basic RBAC model by
introducing a hierarchical structure to roles. Roles are organized in a hierarchical manner,
where higher-level roles inherit permissions from lower-level roles.

4. Define MULTI-FACTOR AUTHENTICATION (MFA).

Ans.: Multi-Factor Authentication (MFA), also known as two-factor authentication 2FA)
of multi-step verification, is a security mechanism that requires users to provide multiple
forms of authentication to verify their identity. It adds an extra layer of protection to the
authentication process by combining two of more independent factors, typically from the
following categories : • Knowledge factor : This factor involves something the user
knows, such as a password, PIN, or answers to security questions.
• Possession factor : This factor involves something the user possesses, such as a physical
token, smart card, or mobile device. Inherence factor : This factor involves something
 inherent to the user, such as biometric traits like a fingerprint, facial recognition, or voice
recognition.

5. Why is multi-factor authentication in access control necessary?

Ans. : Multi-Factor Authentication (MFA) in access control is necessary because it
significantly strengthens security by adding an extra layer of authentication, protecting
against password compromises, meeting compliance requirements and reducing the risk
of unauthorized access to sensitive systems and data.

6. How does SSO work?

Ans. Single sign-on (SSO) works by establishing a trust relationship between an
application, known as a service provider and an identity provider, such as OneLogin.
This trust relationship is frequently based on a certificate that is exchanged between the
identity provider and the service provider. This certificate can be used to sign identity
data that is being transmitted from the identity provider to the service provider, ensuring
that the service provider knows it is coming from a trusted source.

7. List the functions of identity providers.

Ans. : IdPs typically perform the following functions
• User authentication : IdPs authenticate users by validating their credentials, such as
usernames and passwords, or by leveraging additional authentication factors like
biometrics or multi-factor authentication.
• User identity management : IdPs manage user identities, including user registration,
profile management and attribute management. They store and maintain user account
information and may enforce access control policies.
• Security assertion issuance : After successful authentication, IdPs generate security
assertions, such as tokens or assertions in standardized formats like SAML or JWT,
containing user identity information and authentication status.
• Assertion delivery : Ids securely deliver the generated security assertions to the service
consumers upon user request.

8. Differentiate OS hardening and minimization:

OS hardening OS hardening
Process of securing an operating Process of removing unnecessary
system by eliminating or components, services and
mitigating potential functionalities from an operating
vulnerabilities and reducing system to reduce its size and
attack surface potential attack vectors.
Enhance security and protect Reduce the attack surface and
against known and potential improve performance by removing
threats by implementing security unnecessary components and
measures and best practices. services that are not required for
system operation.
 Security enhancements, such as Reduction of the overall size of the
patching vulnerabilities, disabling operating system, removal of
unnecessary services, configuring unnecessary services, packages and
secure defaults and implementing functionalities.
access controls.
Increased resistance against Reduced attack surface, improved
attacks, improved system stability system performance, faster
and reduced exposure to deployment and easier maintenance
vulnerabilities.

9. How IDP is used in cloud security?

Ans.: Intruder detection and prevention (IDP) is a security measure that helps to protect
cloud-based systems from unauthorized access and malicious activity. IDP systems can
be used to detect and block a variety of threats, including:
• Malware: IDP systems can detect malware by looking for known signatures of malware
files or by analyzing network traffic for suspicious patterns.
• Denial of Service (DoS) attacks : IDP systems can help to prevent DoS attacks by
monitoring network traffic for patterns that indicate an attack is underway.
• Data breaches: IDP systems can help to detect data breaches by monitoring network
traffic for suspicious patterns, such as large amounts of data being transferred to an
unauthorized

10. List the types of intruder detection and prevention.

Ans.: In cloud security, there are primarily two types of intrusion detection and
prevention, systems (IDPS) commonly used : Network-based IDPS and host-based IDPS.

1. Network Intrusion Detection System (NIDS) :

• NIDS monitors network traffic in the cloud environment and analyzes it for premial
intrusions or malicious activities. It inspects packets flowing through the network and
compares them against known attack signatures or behavioral patterns.
• NIDS can identify network-based attacks such as port scanning, DoS attacks,
intrusion attempts and unauthorized access attempts.
• It generates alerts or takes preventive actions to block or mitigate the detected
threats.
2. Host Intrusion Detection System (HIDS) :
• HIDS operates at the individual host level within the cloud environment,
monitoring the activities and events occurring on the host system
• It analyzes log files, system calls, file integrity data and other host-specific
information to detect unauthorized access attempts, malware activity, or suspicious
behavior.
• HIDS can provide granular visibility into the host system and detect threats that
may bypass network-level defenses.
• It generates alerts or triggers actions to prevent or mitigate intrusions

Unit 4
1. Define cloud bursting.

Ans.: Cloud bursting is a cloud computing concept that refers to the ability of an
application or workload to seamlessly scale beyond the resources available in an
organization's primary cloud environment. It involves dynamically and temporarily
extending the computing capacity of an on - premises or private cloud infrastructure
by leveraging addition compute from a public cloud provider.

2. Way do organizations choose to use cloud design patterns when designing and
building cloud - based systems?

Ans. : The use of cloud design patterns provides organizations with a structured and
standardized approach to designing and implementing cloud architectures. These
patternsenable organizations to leverage the scalability, availability, cost
optimization, security, and flexibility benefits offered by cloud computing while
addressing common challenges and achieving desired system characteristics.

3. How does cloud bursting work?

Ans. : Cloud bursting is a concept in which organizations can temporarily extend

their on - premises infrastructure by utilizing additional resources from a public cloud
provider. When the demand for resources exceeds the capacity of the on-premises
infrastructure, the organization can dynamically scale up by provisioning resources
from the cloud. This allows for seamless and temporary expansion to handle spikes in
workload and when the demand decreases, the resources can be released back to the
cloud, ensuring efficient resource utilization and cost optimization.

4. Define secure external cloud.

Ans.: Secure external cloud refers to the deployment and utilization of cloud
computing resources and services from a third - party Cloud Service Provider (CSP)
that ensures the security and protection of data and applications stored and processed
in the cloud. It involves leveraging the benefits of cloud computing while
implementing security measures to safeguard sensitive information, maintain privacy
and mitigate risks associated with using external cloud services.

5. Define secure on-premise internet access.

Ans.: Secure on - premise internet access refers to the practice of establishing a

secure and controlled connection between an organization's internal network (on-
premise) and the internet. It involves implementing security measures to protect the
organization's network infrastructure, data and resources from unauthorized access,
malicious activities and potential threats originating from the internet.

6. List some of the advantages of geotags in cloud security.

Ans. : • Enhanced access control: Geotags can be used to enforce location - based
access controls, allowing organizations to restrict access to cloud resources based on the
user's geographic location.
 • Compliance with data localization regulations: Geotags can assist organizations in
complying with data localization regulations that require certain types of data to be stored or
processed within specific geographic boundaries.

• Location - based threat detection : Geotags can be utilized in security analytics and
monitoring to detect anomalies or threats originating from specific geographic regions.

• Incident response and forensics : Geotags provide valuable information during

incident response and forensic investigations.

7. Define geotagging.

Ans.: Geotagging in the context of cloud security refers to the process of associating
geographical information with data or resources stored or processed in the cloud. It
involves adding metadata or tags that indicate the geographic location or region
associated with specific data or resources.
8. What is meant by burst trigger?
Ans.: When the resource monitoring identifies a surge in demand or workload spike, a
burst trigger is initiated. This trigger can be based on predefined thresholds or rules set
by
the organization, such as CPU utilization exceeding a certain percentage or queue lengths
reaching a specific threshold.

9. Why we need geotags in cloud security?

Ans. : Geotags can provide extensions to trusted cloud resource pools, allowing pooling
of hardware at provision time in the same geolocation. Trusted cloud resource pools meet
the requirements for workloads to be handled by secure VMs, including entering or
leaving certain geographic regions .
10. Define secure cloud interfaces.
Ans.: Secure cloud interfaces refer to the mechanisms and protocols used to ensure the
secure and reliable communication between users or client applications and cloud-based
services. These interfaces enable users to interact with cloud resources, such as storage,
computing power, or applications, while maintaining data privacy, integrity and
availability.

Unit 5

1. Define monitoring. Give its uses.

Ans. : Cloud security monitoring refers to the process of continuously observing and
analyzing the security posture of cloud environments to detect and respond to
potential threats, vulnerabilities, or security incidents. It involves the monitoring of
various aspects of the cloud infrastructure, applications, data and user activities to
ensure the confidentiality, integrity and availability of cloud resources

2. How does cloud monitoring work?

Ans. : Cloud monitoring works by continuously monitoring and collecting data from
various components of a cloud environment, including infrastructure, applications,
 network and user activities. This data is then analyzed to ensure the performance,
availability and security of cloud resources.

3. State the uses of cloud monitoring.

Ans. : Cloud security monitoring empowers organizations with greater visibility,
control and responsiveness to security threats and incidents in their cloud
environments. It enhances the overall security posture, operational efficiency and
compliance adherence, ultimately contributing to the organization's resilience and
trust in the cloud.

4. What Is cloud Incident Response (IR)?

Ans. : Cloud Incident Response (IR) refers to the structured and coordinated process
of handling and mitigating security incidents that occur within a cloud computing
environment. It involves the identification, containment, eradication, recovery and
lessons learned from security incidents that affect cloud-based systems, applications,
data, or infrastructure.

5. List the cloud incident response framework.

Ans.: IT consists of five main stages :
• Scope: The initial priority is to assess the breadth, severity and nature of a security
incident.
• Investigate : A thorough investigation provides full visibility and involves the use
of advanced tools for evidence collection, detection and analysis. Through thorough
investigation, a full corpus of IoCs and TPs from the engagement is derived.
Leveraging these helps create a full understanding of the incident and associated risk.
• Remediate : This process involves ridding the environment of an identified threat
through means such as suspending, stopping or removing the associated foothold(s).
This also involves closing off or further hardening the initial security gap that was
leveraged to start the attack.

6. What are the types of monitoring for unauthorized access in cloud security?
Ans.: Types of monitoring for unauthorized access in cloud security include :
• Log Monitoring • Network Traffic Monitoring • User and Entity Behavior Analytics
(UEBA)
• Intrusion Detection and Prevention Systems (IDS/IPS) • File Integrity Monitoring
(FIM)
• Security Information and Event Management (SIEM) • Application Security
Monitoring
• Cloud Access Security Brokers (CASB) • Endpoint Security Monitoring • Cloud
Security Analytics.

7. List five strategies to prevent unauthorized access in cloud security.

Ans. : • Strong authentication: Implement robust authentication mechanisms like
Multi-Factor Authentication (MFA) to ensure only authorized users can access cloud
resources.
 • Access control : Implement granular access control policies, least privilege
principles and Role-Based Access Control (RBAC) to restrict access to sensitive data
and [Link]: Encrypt data at rest and in transit to protect it from
unauthorized access.
• Regular auditing and monitoring : Perform regular audits and monitoring of access
logs, network traffic and user activities to detect and respond to unauthorized access
attempts.
• Security awareness training: Provide ongoing training and education to users on
security best practices, password hygiene and social engineering awareness to prevent
unauthorized access through human vulnerabilities.

8. What are the ways that malicious traffic can be used to attack cloud
environments?

Ans.: Some of the most common methods include :

• DDoS attacks: DDoS attacks are designed to overwhelm a system with so much traffic that
it becomes unavailable to legitimate users. Malicious actors can use cloud computing to
launch DDoS attacks by renting large numbers of virtual machines and directing them to
attack the target system. • Data breaches : Malicious actors can use cloud computing to steal
data by exploiting vulnerabilities in cloud infrastructure or by gaining access to cloud
accounts. Once they have access to a cloud account, they can steal data stored in the account,
such as customerPIl, financial data and intellectual property.

• Malware attacks: Malicious actors can use cloud computing to distribute malware by
hosting malware on cloud servers or by sending malware-infected emails from cloud
accounts. Once malware is installed on a system, it can steal data, install other malware, or
disrupt operations.

9. How IDP is used in cloud security?

Ans.: Intruder detection and prevention (IDP) is a security measure that helps to protect
cloud-based systems from unauthorized access and malicious activity. IDP systems can be
used to detect and block a variety of threats, including:

• Malware: IDP systems can detect malware by looking for known signatures of malware
files or by analyzing network traffic for suspicious patterns.

• Denial of Service (DoS) attacks : IDP systems can help to prevent DoS attacks by
monitoring network traffic for patterns that indicate an attack is underway.

• Data breaches: IDP systems can help to detect data breaches by monitoring network traffic
for suspicious patterns, such as large amounts of data being transferred to an unauthorized

10. List the types of intruder detection and prevention.

Ans.: In cloud security, there are primarily two types of intrusion detection and
prevention, systems (IDPS) commonly used : Network-based IDPS and host-based IDPS.
1. Network Intrusion Detection System (NIDS) :
 • NIDS monitors network traffic in the cloud environment and analyzes it for premial
intrusions or malicious activities. It inspects packets flowing through the network and
compares them against known attack signatures or behavioral patterns.
• NIDS can identify network-based attacks such as port scanning, DoS attacks,
intrusion attempts and unauthorized access attempts.
• It generates alerts or takes preventive actions to block or mitigate the detected
threats.
2. Host Intrusion Detection System (HIDS) :
• HIDS operates at the individual host level within the cloud environment, monitoring
the activities and events occurring on the host system.
• It analyzes log files, system calls, file integrity data and other host-specific
information to detect unauthorized access attempts, malware activity, or suspicious
behavior.
• HIDS can provide granular visibility into the host system and detect threats that
may bypass network-level defenses.
• It generates alerts or triggers actions to prevent or mitigate intrusions

PART B

UNIT 1

1. What are the key security services provided by cloud computing environments?

2. How does confidentiality play a role in cloud security? What are some techniques used
to ensure confidentiality in the cloud?

3. Explain the concept of integrity in cloud security

4. How can data integrity be maintained in a cloud environment

5. What is authentication and why is it important in cloud security?

6. Describe different authentication methods used in cloud computing.

7. Define nonrepudiation and explain its significance in cloud security

8. How doeS access control contribute to cloud security

9. Discuss various access control mechanisms employed in cloud environments

10. What is cryptography and how does it relate to cloud security

PART C

1. Differentiate between conventional cryptography and public-key cryptography.

What are their respective advantages and use cases?

2. What are hash functions and how are they used in cloud security?

3. Explain the concepts of authentication and digital signatures. How are they

employed to ensure data integrity and nonrepudiation in cloud environments?