Dark Arts
  • index
  • BUY ME A BOOK
  • 🪄Dark Magic
    • Pentesting
      • Industry Methodologies
    • Scopes of Testing
    • Reconnaissance
      • Passive
        • WHOIS
        • DNS
          • nslookup
          • dig
        • WAF
        • Subdomain
        • Google Dork
        • Misc. Techniques
        • Leaked Passwords
      • Active
        • Browser & Plugins
        • ping & traceroute
        • fping
        • telnet & netcat
        • DNS
          • Zone Transfer
          • DNS Amplification DDoS Attack Breakdown
        • Misc. Techniques
    • Vulnerability Assessment
    • Attack Types
  • 🕷️Aragoogs Nest
    • Web Application Overview & Security
      • Security Testing
      • Common Threats & Risks
    • Web Application Architecture
      • Technologies
    • HTTP/S
      • Message
      • Request
      • Response
        • Status Code
    • Crawling/Spidering
  • 🧪Potions
    • Web Browsers
    • Computer Networking
      • Network Protocol
      • Packets
      • OSI Layer
        • Layer 3: Network
        • Layer 4: Transport
      • DNS
        • Primary-Secondary
        • Local Name Resolution
        • Domain Hierarchy
        • FQDN
        • Lookups
        • DNS Resolution
        • DNS Records
        • Security: Attack-Defense (Default)
  • 🎆Spells
    • 📜Linux Scroll
    • 📜WebShell Scroll
    • git
      • Attacks + Vulnerabilities
  • 🖼️Flaws w/ Magical Frameworks
    • Windows
      • In a Nutshell
      • CVE-2019-0708: BlueKeep
      • CVE-2017-0144: EternalBlue: MS17-010
      • Attacking Services
        • MS IIS - WebDAV
        • SMB
        • HTTP File Server (HFS)
        • Apache Tomcat Web Server
        • RDP
        • WinRM
      • File System Vulnerabilities
      • Credential Dumping
        • Password Search in Windows Configuration Files
        • Mimikatz
        • Pass-the-Hash Attack
    • Linux
      • In a Nutshell
      • CVE-2014-6271: Shellshock
      • Attacking Services
        • FTP
        • SSH
        • SAMBA
        • SMTP
        • RSYNC
      • Dumping Hashes
  • 🌼Marauder's Boost
    • Privilege Escalation
    • Windows PrivEsc
      • Windows Kernel Exploit
      • Bypassing UAC
      • Access Token Impersonation
    • Linux PrivEsc
      • Linux Kernel Exploit
      • Misconfigured Cron Jobs
      • Exploiting SUID Binaries
      • shells
      • File Permissions
  • ☠️Death Eaters
    • Post Exploitation
      • Windows
      • Linux
  • 🪄OLLIVANDERS
    • nmap
      • Host Discovery
      • Port Scan
      • Service & OS
      • NSE
      • Firewall/IDS Evasion
      • Scan Optimization
      • Misc. Methods
    • ffuf
    • Hydra
    • Metasploit Framework
      • Architecture
      • Must to Know
      • msfvenom
      • Auxiliary Modules
      • Service Enumeration
      • Vulnerability Scanning
      • Imports
      • Automating
    • Vulnerability Scanners
    • Wireshark
  • 🚂Platform 9(3/4)
    • Auth-Auth
      • Authentication
        • Password-based Authentication
        • Basic Authentication
        • Multi-factor Authentication
        • Access Token
        • Token-based Authentication
          • JWT
          • OAuth 2.0
    • Secure Headers
      • Content-Security-Policy (CSP)
    • Cryptography
      • Caesar Cipher
  • ⛲Port Pensieve
    • Enumeration
      • SMB & NetBIOS
      • SNMP
    • Wordlists
  • 🔆DUELS
    • Pivoting
    • SMB Relay Attack
  • 🗺️Marauder's Map
    • Web Application Pentesting
    • API Pentesting
      • GraphQL
        • Primer
    • Mobile Application Pentesting
  • 🎧SIDE CHANNEL
    • Side Channel Analysis
    • Timing Side-Channel Attacks
      • Vulnerable Login
  • 🥃Sky
    • Cloud Basics
    • Cloud Management
      • Shared Responsibility Model
    • Using Cloud Resources
      • Monitoring & Alerts
      • Identity & Access Management
      • Scalability & Availability
      • Solution Design
    • Cloud Providers
    • Cloud Security & Regulatory Compliance
      • Resource Protection
      • ICCA: Cloud Security & Regulatory Compliance
    • ICCA Preparation
      • Knowledge Tests
      • Lab
  • 🔷Obsidian
    • Pentest Engagement
      • Scoping
    • Pentest Ethics
      • Rules of Engagement
    • Auditing Fundamentals
      • Process/Lifecycle
      • Pentest & Security Auditing
      • GRC
      • Standards, Frameworks & Guidelines
      • From Audit to Pentest
  • 💢Threat Modeling
    • Why Threat Model?
  • 📡THREAT INTEL
    • Threat Intelligence
    • Tool Dump
  • 📱Anything-Mobile-IoT
    • Firmware
    • Firmware Analysis
      • Example: CVE-2016-1555
    • Firmware Installation/Flashing
  • 🎉Mischeif
    • Social Engineering
    • Phishing
      • GoPhish
    • Pretexting
Powered by GitBook
On this page
  • Cloud Basics
  • What is the Cloud
  • Who are the Cloud Providers
  • Why Choose the Cloud
  • Cloud Management
  • Managing Cloud Resources
  • Cloud Cost Management
  • Cloud Support & SLAs
  • Using Cloud Resources
  • Cloud Infrastructure Services
  • Cloud Platform Services
  • Cloud Application Services
  • Scalability & Availability
  1. Sky
  2. ICCA Preparation

Knowledge Tests

Cloud Basics

What is the Cloud

Which of the following sets are actual Cloud services?

SaaS, IaaS, PaaS

Regarding architecture, On-Prem and Cloud are structured and operate exactly the same. True or False?

TRUE

Remarks: Though there is a management console layer; but from the top the architecture are same.

Who are the Cloud Providers

Which of the following is not a major cloud provider?

Apple

Which of the following is closest to the projected size of the cloud market in 2025?

1 trillion/1000B

Why Choose the Cloud

Which of the following statements are true? Choose two.

  1. Using Cloud Compute does not require any upfront captial cost

  2. Cloud Storage is in most cases effectively unlimited

Remarks:

  1. Cloud computing services, such as virtual machines or containers, are typically offered on a pay-as-you-go basis. This means you only pay for the compute resources you actually use, without needing to invest in expensive hardware or infrastructure upfront. This flexibility allows organizations to scale their operations efficiently without the burden of significant initial expenses.

  2. Cloud storage services are designed to be highly scalable, allowing users to store vast amounts of data without worrying about physical storage limitations. Providers often offer virtually limitless storage capacity, which means you can continuously add more data as needed without facing constraints, making it an ideal solution for growing data storage needs.

Which of the following is a reason to not choose the cloud?

Existing Data Center Investment

Cloud Management

Managing Cloud Resources

Most CLI interfaces are downloadable, but will also have a __________ available for users, as well.

Cloud Shell

The three most common types of Cloud Management tools include Web-based, Command Line, and __________.

REST API

Cloud Cost Management

What are the two most common Cloud provider pricing models?

Capacity & Consumption

Some Cloud service providers utilize 3rd party vendor support and this can lead to additional costs. This is an example of what type of billing?

Marketplace Billing

Remarks: Don't Confuse it with 3rd Party Billing

Cloud Support & SLAs

In regards to the Cloud Resource Responsibility model, which plane is the responsibility of the customer?

Data Plane

What purpose does an SLA serve?

  1. Gurantees customers a certain amount of service uptime

  2. Allows access to support services

  3. Outlines account credit process

Using Cloud Resources

Cloud Infrastructure Services

Which of the following is not associated with the size of a virtual machine (EC2) instance?

The size of the OS Disk

Remarks: The size of a virtual machine (EC2) instance is typically associated with the type of vCPU, the type of GPU (if available), and the memory available. However, the size of the OS disk is generally not considered a part of the instance size itself, as it can be adjusted independently of the instance type. Focus on Instance Size.

In regards to an Infrastructure as a Service approach, which of the following levels are covered by your IaaS provider? (Select all that apply)

Management Plane, Virtualization, Physical Infrastructure, Physical Facility

Cloud Platform Services

Which of the following is not a container service?

Lightsail

Remarks: Lightsail is a service designed for simple virtual private servers (VPS), making it easier to deploy and manage cloud resources. It is not specifically a container service. In contrast, Fargate, Cloud Run, and Kubernetes Engine are all services designed for running and managing containers.

When using a Platform as a Service approach, what level of the architecture are you (the customer) solely responsible for?

Workload

Cloud Application Services

When using a Software as a Service approach, your SaaS provider supplies every level of the architecture for you, but also gives you the ability to manage the Workload level independently?

TRUE

The statement is true because, in a Software as a Service (SaaS) model, the provider manages the entire underlying infrastructure, including servers, storage, networking, and application software. However, while users don't manage the infrastructure or the application, they often have control over certain aspects of the workload, such as configuring the software, managing user access, and inputting data specific to their needs. This allows users to manage the workload (how the software is used and what data is processed) independently, even though they don't handle the lower layers of the architecture.

Which of the following are examples of SaaS Collaboration tools? (select all that apply)

Slack, MS Team, Zoom

Scalability & Availability

Which of the following is a common feature across cloud providers that increases the availability of your applications in case of a data center outage in the cloud?

Availability Zones

Which of these features allows you to handle increased demand while also minimizing costs?

Auto-scale

PreviousICCA PreparationNextLab

Last updated 9 months ago

🥃
Reasons not to Choose Cloud