Chapter 58 Β· Quiz

Cloud Infrastructure Quiz

6 multiple-choice questions + 1 matching section. Select your answers, then click Submit.

Question 1 of 6
A company deploys a web application on IaaS virtual machines. The cloud provider's data center suffers a physical intrusion, but no customer data is accessed. Separately, the company's virtual machine is later compromised because the OS had not been patched in eight months. Which statement BEST describes the security responsibilities in these two incidents?
Question 2 of 6
An organization uses a SaaS email platform. A former employee's account is not disabled after they leave. Three months later, the account is used by an attacker to access confidential email threads and exfiltrate client data. Under the shared responsibility model, who failed, and at which layer?
Question 3 of 6
A development team uses Terraform to manage cloud infrastructure. During an incident, an engineer manually adds a security group rule in the cloud console to allow monitoring traffic. Three weeks later, a Terraform deployment overwrites the security group to match the stored template, removing the manual rule. Which IaC characteristic caused this, and why is it a security benefit even though it broke the monitoring?
Question 4 of 6
A serverless function processes incoming webhook payloads and has been granted an IAM role with AdministratorAccess. An attacker sends a malformed payload that causes the function to expose its temporary IAM credentials in an error log. The attacker uses the credentials to exfiltrate data from all S3 buckets in the account. Which TWO security failures are directly responsible?
Question 5 of 6
A company runs an on-premises Active Directory for internal authentication and uses a public cloud provider for a customer-facing application. Users must authenticate to both environments. The security team notes that when employees leave, their cloud accounts are sometimes still active weeks after their on-premises accounts are disabled. Which solution BEST addresses this gap?
Question 6 of 6
A company migrates from a monolithic application to microservices. Each service communicates with others via REST APIs over the internal network. A security review notes that the inter-service APIs have no authentication β€” the team's reasoning is that "the services are internal and cannot be reached from the internet." Why is this reasoning flawed, and what is the correct model?

Matching β€” Cloud Infrastructure Concepts

Match each term on the left to its correct description on the right.

1. IaC
2. Shared Responsibility Model
3. Serverless / FaaS
4. Microservices
A. An application architecture that decomposes a monolithic application into many small, independently deployable services that communicate via APIs β€” providing blast radius isolation but requiring authenticated, authorized API calls between all services
B. The practice of defining cloud infrastructure in version-controlled text files executed by an automation engine β€” providing consistent, reviewed deployments and preventing configuration drift by treating code as the source of truth
C. A cloud execution model where the provider manages all infrastructure including OS, runtime, and scaling, while the customer is responsible for function code security, IAM permissions (least privilege), and input validation of all event trigger payloads
D. The framework that divides security responsibilities between the cloud provider and the customer based on service model β€” with data governance and access management remaining the customer's responsibility regardless of whether the deployment is IaaS, PaaS, or SaaS