Cloud Ispit

Defense in depth is a term used in literature to describe a strategy that involves implementing multiple layers of security measures to protect against potential threats. This approach recognizes that no single security measure is foolproof and that a combination of measures is necessary to provide comprehensive protection. By employing multiple layers of security, organizations can create a more robust defense system that is better equipped to detect and mitigate attacks. This term is often used interchangeably with the term "slojevita sigurnost" to describe this concept in literature.

The correct answer is RBAC. RBAC stands for Role-Based Access Control, which is a method of access control that assigns permissions to users based on their roles within an organization. This approach allows for more efficient and secure management of access rights, as permissions are granted based on predefined roles rather than individual user accounts.

DRaaS stands for Disaster Recovery as a Service. It is a cloud model that allows for real-time updating and storage of data in a dedicated location specifically designed for this purpose. It ensures low values of Recovery Point Objective (RPO) and Recovery Time Objective (RTO) indicators, indicating that it provides fast and efficient recovery of data in case of a disaster.

The correct answer is RTO, RPO. These acronyms are commonly used when discussing disaster recovery. RTO stands for Recovery Time Objective, which refers to the maximum acceptable downtime after a disaster before systems and services need to be restored. RPO stands for Recovery Point Objective, which refers to the maximum acceptable amount of data loss after a disaster. Both RTO and RPO are important metrics in disaster recovery planning and help organizations determine their recovery capabilities and goals.

Applications are most commonly executed in the context of a service order. This means that applications are typically run or performed within the framework of a service order, which includes tasks, instructions, and requirements for the application to be completed. This context provides the necessary structure and guidelines for the application to be carried out effectively and efficiently.

The correct answer is "Cilj bezbednosti se odnosi na bezbednost ljudi, imovine i opreme." This statement accurately describes the goal of security, which is to ensure the safety of people, property, and equipment.

The given answer is correct because it identifies the two main types of cipher methods mentioned in contemporary literature: stream cipher and block cipher. Stream cipher involves encrypting data one bit or one byte at a time, while block cipher encrypts data in fixed-size blocks. These two methods are commonly used in modern cryptography for securing data and communication. The other options mentioned (Steam cipher, Swarm cipher, Chain cipher, Byte cipher) are not recognized or commonly used terms in cryptography.

The correct answer is "da bi se eliminisao SPOF". This means that the mechanism for error resilience is most commonly used to eliminate Single Point of Failure (SPOF). By implementing error resilience mechanisms, any potential SPOFs in a system can be identified and mitigated, ensuring that the system remains operational even if a failure occurs in one component. This helps to enhance the overall reliability and availability of the system.

Entitet RA u PKI (Public Key Infrastructure) je odgovoran za autentifikaciju identiteta legitimnih korisnika sistema. PKI je sigurnosni okvir koji koristi javne i privatne ključeve za enkripciju i digitalno potpisivanje podataka. Entitet RA (Registration Authority) je odgovoran za provjeru identiteta korisnika prije izdavanja digitalnih certifikata. Autentifikacija identiteta je proces provjere i potvrde da je korisnik zaista onaj za koga se predstavlja. Entitet RA igra ključnu ulogu u ovom procesu, osiguravajući da samo legitimni korisnici dobiju digitalne certifikate.

The correct answer is MD5 and HMAC. MD5 is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. HMAC (Hash-based Message Authentication Code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. HMAC can be used to verify the integrity and authenticity of a message.

In DHCPv6 implementation, the client uses UDP port 546 and the server uses UDP port 547. These ports are used for communication between the client and server in order to obtain IPv6 configuration information. UDP (User Datagram Protocol) is a connectionless protocol that allows for fast and efficient communication between devices. By using different ports for the client and server, DHCPv6 ensures that the communication is properly managed and that the correct information is exchanged between the two parties.

The Koncept ID-PKC was created to overcome the problems of managing certificates and keys that occur in PKI systems. This suggests that the ID-PKC concept aims to provide a solution for the challenges faced in managing certificates and keys within a PKI system.

SSL and TLS are cryptographic protocols that provide secure communication over a network. They are commonly implemented on top of the TCP protocol, ensuring that data is encrypted and authenticated between a client and a server. In an SSL/TLS session, each packet is signed with an HMAC code to ensure integrity. However, FTPS and SFTP are different protocols that also provide secure file transfer, but they do not necessarily use SSL or TLS. Therefore, the correct answers are that SSL and TLS are executed over the TCP protocol and they provide an encrypted session between a client and a server.

The correct answer is operativne, upravljačke, tehničke. These three groups represent different types of security controls based on their implementation methods. Operativne controls are focused on day-to-day operations and procedures to ensure security. Upravljačke controls involve management and decision-making processes to establish security policies and guidelines. Tehničke controls refer to the use of technology and tools to protect and secure systems and data. These three groups cover different aspects of security implementation, combining operational, managerial, and technical approaches.

The given options are examples of preventive controls for security. "Pregledanje snimaka video nadzora" refers to reviewing surveillance footage, which helps in identifying any security breaches or suspicious activities. "Revizija sigurnosti" means security audit, which involves assessing the effectiveness of security measures and identifying any vulnerabilities or weaknesses. Both of these measures are proactive steps to prevent security incidents and ensure the safety of the system or organization.

The correct answer is "Neke aplikacije umesto hesiranja koriste MAC za omogucavanje neporicanja podataka" (Some applications use MAC instead of hashing to enable data non-repudiation). This statement explains that in certain cases, instead of using hashing algorithms, Message Authentication Codes (MAC) are employed to ensure that data cannot be denied or repudiated by the sender. MAC provides integrity and authenticity to the data, making it a suitable choice for applications where non-repudiation is crucial.

The correct answer is that only one statement is true. This means that out of the given statements, only one accurately describes a concept related to computer security. The other statements are either incorrect or do not accurately describe a concept related to access control or data confidentiality.

The first statement is correct because authentication is indeed the process of determining the identity of a user. The second statement is not correct because cookies can be used for web access to identify and authenticate users.

The correct answer is that AES (Advanced Encryption Standard) is a symmetric block cipher algorithm that supports three key lengths: 128, 192, and 256 bits. Additionally, the 3DES algorithm uses three keys, where the first key is used for encrypting the data stream, the second key is used for decrypting the data stream, and the third key is used again for encrypting.

The correct answer is that the main difference between the two basic operating modes of IPSec is the location where IPSec functions are executed. Additionally, IP Security (IPSec) is a framework or architecture that uses different protocols to ensure the integrity, privacy, and authentication of data on a TCP/IP network.

The main goal of computer security is to ensure the protection of computer systems and data from unauthorized access, damage, or disruption. This includes maintaining the confidentiality, integrity, and availability of information. Therefore, the correct answer includes "Bezbednost" (security), "Integritet" (integrity), and "Dostupnost" (availability). These objectives aim to prevent unauthorized access, maintain the accuracy and consistency of data, and ensure that the system and its resources are accessible to authorized users when needed.

The correct answers are "Autentifikacija se u vecini slucajeva izvodi procesom logovanja na sistem" (Authentication is mostly performed by logging into the system) and "Kolacici mogu da se koriste za Web pristup radi identifikacije i autentifikacije korisnika koji se povezuju na klaud preko Web interfejsa" (Cookies can be used for web access to identify and authenticate users connecting to the cloud via a web interface). These statements explain the process of authentication and how cookies can be used for identification and authentication in a cloud environment.

The correct answer is "Repozitorijum PII, PA, RS". These three options are not basic PKI components. A PKI (Public Key Infrastructure) typically consists of software, a Certification Authority (CA), a Registration Authority (RA), and a Certificate Repository. The repository stores certificates, while the CA issues and manages them. The RA assists with the verification and authentication process. PII (Personally Identifiable Information), PA (Public Authority), and RS (Registration Service) are not essential components of a PKI system.

The correct answer is "Bezbednost" (Security) and "Slojevita sigurnost" (Layered security). These two options are additional goals of computer security. While integrity, flexibility, redundancy, confidentiality, agility, robustness, and elasticity are important aspects of computer systems, they are not specifically categorized as additional goals of computer security. "Bezbednost" refers to the protection of computer systems and data from unauthorized access, while "Slojevita sigurnost" refers to the use of multiple layers of security measures to protect against various threats.

The correct answer is "RPO je indikator koji odredjuje kolicinu podataka koja moze biti izgubljena u slucaju katastrofe." This statement is correct because RPO (Recovery Point Objective) is a measure in business continuity planning that determines the maximum amount of data loss that an organization can tolerate in the event of a disaster. It helps in determining the frequency of data backups and the level of data protection required for critical systems and applications.

The first statement is incorrect because asynchronous replication is preferable in unreliable networks, not reliable networks. The second statement is incorrect because real-time replication is different from asynchronous replication. The third statement is correct, as asynchronous replication is also known as jittering replication in literature. The fourth statement is correct, as asynchronous replication does use store and forward mechanisms. The fifth statement is incorrect because in asynchronous replication, new data is first written to the primary site or location before being replicated to the secondary site or location, either according to a predefined schedule or during periods of lower cloud system load.

The statement states that one of the main mechanisms for ensuring business continuity for companies that operate in the cloud is the implementation of a system for monitoring applications, services, and users. This means that monitoring the performance and availability of these components is crucial for maintaining business operations in the cloud. By monitoring these aspects, companies can identify and address any issues or disruptions that may occur, ensuring that their services and operations continue uninterrupted.

Synchronous replication allows for efficient implementation of a warm site model.

The correct answer is "Hesiranje je jedan od nacina provere integriteta podataka, Integritet obezbedjuje garancije da podaci nisu modifikovani, pokvareni, ili korumpirani, bilo namerno, bilo slucajno." This answer states that hashing is one of the ways to verify data integrity, and that integrity ensures that data is not intentionally or accidentally modified, corrupted, or tampered with.

The correct answer is "Integriteta" and "Autentifikacije". These two concepts are important in the field of security and information technology. "Integriteta" refers to the assurance that data has not been tampered with or altered in any unauthorized way. It ensures that the information remains intact and trustworthy. "Autentifikacija" refers to the process of verifying the identity of a user or system. It ensures that only authorized individuals or systems can access the resources or information. Both of these concepts are crucial in maintaining the security and reliability of systems and data.

The correct answer states that in the case of a warm site, the RTO metric is significantly lower than in a cold site model, but it is higher than in a hot site model. It also mentions that in a cold site model, there is a backup site, but it is not functional.

The correct answer is DHCP v6 klijent koristi UDP port 546 and Sistemi za upravljanje sertifikatima automatski rotiraju kljuceve, azuriraju servere i sisteme za balansiranje opterecenja i obezbedjuju pouzdano skladistenje privatnih kljuceva. DHCPv6 client uses UDP port 546 for communication. Systems for managing certificates automatically rotate keys, update servers and load balancing systems, and provide secure storage of private keys.

The correct answer is that virtualization technology significantly facilitates the execution of disaster recovery processes. This is because virtualization allows for the creation of virtual machines that can be easily replicated and restored in the event of a disaster. Additionally, disaster recovery mechanisms in the cloud involve IT systems that support the execution of key business activities, and disaster recovery refers to a set of policies, tools, and procedures that enable the quick recovery of cloud systems and vital cloud infrastructure in the event of a natural or human-caused disaster.

The correct answers are:
1. In the process of business continuity planning, RPO plays a crucial role in the design of cloud computing architecture.
2. The goal of recovery time is the maximum time interval during which the system can be offline in the event of a disaster.

RPO (Recovery Point Objective) refers to the point in time to which data must be recovered after a disruption. It determines the maximum acceptable amount of data loss. In cloud computing, RPO is essential in designing the architecture to ensure data integrity and minimize data loss. On the other hand, Recovery Time Objective (RTO) refers to the maximum acceptable downtime for a system after a disaster. It focuses on the time it takes to recover and restore operations. Both RPO and RTO are crucial factors in business continuity planning.

The correct answers are "Nakon uspostavljanja sistema za oporavak od katastrofe, potrebno je testirati dizajn i efektivnost implementiranog resenja" (After establishing a disaster recovery system, it is necessary to test the design and effectiveness of the implemented solution) and "Kontinuiet poslovanja je sposobnost organizacije da nastavi sa svojim poslovnim operacijama i da isporucuje proizvode i usluge svojim klijentima nakon dogadjaja koji remeti normalno izvrsavanje poslovnih operacija" (Business continuity is the ability of an organization to continue its business operations and deliver products and services to its clients after an event that disrupts normal business operations). These answers accurately describe the concepts of testing the implemented solution and the ability to continue business operations after a disruptive event.

The correct answer is that RC4 uses a shared key for encryption. This means that both the sender and the receiver use the same key to encrypt and decrypt the data. This is different from asymmetric encryption algorithms like RSA, where there are separate keys for encryption and decryption. The answer also states that RSA and its derivatives have found wide application in PKI (Public Key Infrastructure) services, which is true as RSA is commonly used for secure communication and digital signatures. Additionally, the answer mentions that DSA is slower than RSA in encryption but faster in decryption, which is another characteristic of these algorithms.

The correct answer states that the 3DES algorithm uses three keys, where the first key is used for encrypting the data block, the second key is used for decrypting the data block, and the third key is used again for encrypting. Additionally, the answer mentions that the RSA algorithm and its derivatives have found wide application in PKI services.

The correct answer for this question is Poverljivost podataka, Enkripciju podataka, and Autentifikaciju podataka. These three services are provided by ESP (Enterprise Service Provider). Poverljivost podataka refers to the confidentiality of data, ensuring that only authorized individuals can access it. Enkripciju podataka means data encryption, which protects the data from unauthorized access by converting it into a code that can only be deciphered with a key. Autentifikaciju podataka ensures that the data is verified and authenticated, preventing any falsification or tampering. These three services are crucial for maintaining the security and integrity of data within an enterprise.

The correct answer is that "Kreiranjem odraza sajta kreiraju se skoro identicne kopije podataka i aplikacija glavnog sajta koje se nalaze na udaljenom sajtu koji 'ceka' u stanju pripravnosti" and "Prema modelu mlakog sajta, backup sajt je offline, osim u slucaju kada se na njemu cuva kriticno skladiste podataka, kao sto je baza podataka". This means that by creating a site reflection, almost identical copies of the main site's data and applications are created on a remote site that is "waiting" in a standby state. In the case of a warm site model, the backup site is offline, except when it holds critical data storage such as a database.

Most firewall devices can also function as VPN servers. Load balancing devices can also analyze the health status of each web server in a group.

The given correct answer states that the following statements are not true:
1. Federations are used in the cloud when multiple corporate and/or individual clients access different cloud resources.
2. SSO is used for the needs of multiple organizations.
3. Federation-based access is not used for machine-to-machine interactions, but only for interactions between user applications and application applications.
4. Directory services that use LDAP are a well-known example of federation usage.

The correct answer is "Federacije se koriste na klaudu u onim slucajevima kada vise korporativnih i/ili individualnih klijenata pristupaju razlicitim klaud resursima" and "Federacije i SSO sistemi su sinonimi". The first statement is incorrect because federations are used in cloud environments when multiple corporate and/or individual clients access different cloud resources. The second statement is incorrect because federations and SSO systems are not synonymous, as SSO systems refer to the centralized authentication across multiple systems, while federations are used to enable access for multiple organizations using the same identification data.