Scribd
Upload
25 views

Assignment 6

Uploaded by

spoojasri062006
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views

Assignment 6

Uploaded by

spoojasri062006
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

NPTEL Online Certification Courses

Indian Institute of Technology Kharagpur

Cloud Computing
Assignment- Week 6
TYPE OF QUESTION: MCQ/MSQ
Number of questions: 10 Total mark: 10 X 1 = 10
_________________________________________________________________________________________________________

QUESTION 1:
Interception is considered as an attack on

a) Confidentiality
b) Availability

L
c) Integrity
d) Authenticity

E
Correct Answer: a

PT
Solution: Interception security attack is attack on confidentiality

N
____________________________________________________________________________________________________

QUESTION 2:
Find the correct statement(s):
a) Different types of cloud computing service models provide different levels of security
services
b) Adapting your on-premises systems to a cloud model requires that you determine
what security mechanisms are required and mapping those to controls that exist in
your chosen cloud service provider
c) Data should be transferred and stored in an encrypted format for security purpose
d) All are incorrect statements

Correct Answer: a, b, c

Solution: Cloud computing security or, more simply, cloud security refers to a broad set
of policies, technologies, and controls deployed to protect data, applications, and the
associated infrastructure of cloud computing

____________________________________________________________________________________________________
NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

QUESTION 3:
Which of the following is/are example(s) of passive attack?

a) Replay
b) Denial of service
c) Traffic analysis
d) Masquerade

Correct Answer: c

Solution: Traffic analysis is an example of passive attack. Others are active attacks.

L
____________________________________________________________________________________________________

E
QUESTION 4:

T
Modification is considered as an attack on

P
(a) Confidentiality
(b) Availability

N
(c) Integrity
(d) Authenticity

Correct Answer: c

Solution: Modification security attack is attack on integrity

____________________________________________________________________________________________________

QUESTION 5:
Spoofing is not an example of

(a) Deception
(b) Disclosure
(c) Usurpation
(d) Disruption

Correct Answer: b, d

Solution: In the context of network security, a spoofing attack is a situation in which a


person or program successfully masquerades as another by falsifying data, to gain an
illegitimate advantage.

____________________________________________________________________________________________________
NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

QUESTION 6:

Consider the following statements:


Statement I: Authorization is the identification of legitimate users.
Statement II: Integrity is the protection against data alteration/corruption.

Identify the correct options:


a) Statement I is TRUE and statement II is FALSE.
b) Statement I is FALSE and statement II is TRUE.
c) Both statements are TRUE.
d) Both statements are FALSE.

L
Correct Option: b

E
Solution: Refer slide no. 18 of Cloud-Security I. Authorization is the determination of
whether or not an operation is allowed by a certain user. Integrity is the protection against

T
data alteration/corruption. So the first statement is false and the second statement is true.

P
____________________________________________________________________________________________________

N
QUESTION 7:
Access policy control refers to

a) Cyclic Inheritance Control


b) Virus Attack
c) Violation of SoD (separation of duties) Constraint
d) Man in the middle attack

Correct Answer: a, c

Solution: Access control policies are enforced through a mechanism that translates a
user's access request, often in terms of a structure that a system provides. Virus attack and
man in the middle attack are not related to access control policy.

____________________________________________________________________________________________________
QUESTION 8:
Which of the options is/are considered as the basic components of security?

a) Confidentiality
b) Integrity
c) Reliability
d) Efficiency
Correct Answer: a, b
NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

Solution: Confidentiality (keeping data and resources hidden), Integrity and Availability
(enabling access to data and resources) are the major components of security.

____________________________________________________________________________________________________

QUESTION 9:
Which of the following is/are not a type of passive attack?

a) Traffic Analysis
b) Release of message contents
c) Denial of service

L
d) Replay

E
Correct Answer: c, d

T
Solution: Passive attack (Traffic analysis, release of message contents) and Active attack

P
(Denial of service, Modification, Masquerade and Replay)

N
____________________________________________________________________________________________________

QUESTION 10:
Side channel exploitation has the potential to extract RSA & AES secret keys
a) True
b) False

Correct Answer: a

Solution: Cross-VM information leakage due to sharing of physical resource (CPU’s data
caches).

____________________________________________________________________________________________________

You might also like