NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
$213.99$295.00
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280: Cloud Computing Security
CMIT-280 Assignment Introduce Yourself Assignment Week 1: Discussion – OWASP Top 10 CMIT-280 Web Application Security Threats Assignment
CMIT-280 Week 1: Assignment – Applying Cloud Concepts Assignment
CMIT-280 Week 2: Discussion – Threat Assignment
CMIT-280 Week 2: Assignment 1 – Lab 1 – Cloud Security Mechanisms Assignment
Description
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280: Cloud Computing Security
CMIT-280 Assignment Introduce Yourself Assignment
Week 1: Discussion – OWASP Top 10 CMIT-280 Web Application Security Threats Assignment,
CMIT-280 Week 1: Assignment – Applying Cloud Concepts Assignment,
CMIT-280 Week 2: Discussion – Threat Assignment,
CMIT-280 Week 2: Assignment 1 – Lab 1 – Cloud Security Mechanisms Assignment,
CMIT-280 Week 3: Discussion – Cloud Infrastructure Risks Assignment,
CMIT-280Week 3: Assignment – Writing Assignment – Amazon GuardDuty Assignment,
CMIT-280 Week 4: Discussion – Encryption Assignment Midpoint Course Feedback Survey,
CMIT-280 Assignment Week 4: Assignment 1 – Lab 2 – Cloud Security Mechanisms Assignment,
CMIT-280 Week 5: Discussion – Threat Source Assignment,
CMIT-280 Week 5: Assignment 1 – Lab 3 – Cloud Vulnerability Assignment,
CMIT-280 Week 6: Discussion – Privacy Laws Assignment,
CMIT-280 Week 6: Assignment – Amazon CloudWatch Writing Assignment Assignment,
CMIT-280 Week 7: Discussion – Zero Trust Model Assignment Assignment,
CMIT-280 Week 7: Assignment – Final Project,
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 1: Discussion – OWASP Top 10 Web Application Security Threats
Please choose one of the ten Web Application Security Projects 10 most critical web application security threats and perform research to find and discuss a recent security incident related to it.
- Injection
- Broken Authentication and Session Management
- Cross-Site Scripting
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards)
Please submit your initial post by Wednesday at 11:59 pm and all follow-up posts by Sunday at 11:59 pm. The discussions grading rubric is used for this assignment.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 1: Assignment – Applying Cloud Concepts
- Due Sunday by 11:59pm
- Points 100
- Submitting a file upload
Company A’s IT department has a hosting platform specifically for systems used by the company’s large marketing department. This platform provides critical, high-availability hosted IT resources and services. However, the IT department has started to receive complaints about the time it takes to start new marketing campaigns, primarily due to how long it takes to provision new servers within this platform. Also, as a result of a recent set of mergers and acquisitions, the consumers of the services hosted by this platform have become more distributed, with service consumers accessing services from a large variety of locations, and with increasingly different types of devices.
What to submit:
- Problem Statement:
- In response to these complaints, Company A is considering using a cloud-based hosting platform. Which specific characteristics of a cloud will be helpful for Company A to address its Problems? Please list at least 3.
- Submission should not exceed 2 pages.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 2: Discussion – Threat
- Please refer to the 9 threats to storage types (p90) from the text and choose one you feel would have the most detrimental impact to a business and discuss why.
- Threats: Unauthorized Usage, Unauthorized Access, Liability due to regulatory noncompliance, DOS and DDOS, Corruption, modification, and destruction of data, Data leakage and breaches, theft or loss of media, Malware attack or introduction, Improper treatment or sanitization after end of use.
Please submit your initial post by Wednesday at 11:59 pm and all follow-up posts by Sunday at 11:59 pm. The discussions grading rubric is used for this assignment.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 2: Assignment 1 – Lab 1 – Cloud Security Mechanisms
- Due Sep 12 by 11:59pm
- Points 100
- Submitting a file upload
Please review the network diagram and scenario in detail. After you have completed your review, please choose the most appropriate statement that describes a legitimate source of the malicious data.
Cloud Service Consumer A sends a message to Cloud Service X (1), but it is first intercepted by Service Agent A (2) before actually being forwarded to Cloud Service X. Cloud Service X is hosted on Virtual Server X. Whenever an IT resource on Virtual Server X is accessed, the physical server that hosts Virtual Server X writes a log entry into Database A. After processing the request, Cloud Service X replies to Service Consumer A with a response message (4). Cloud Service Consumer B sends a message to Cloud Service Y (5), which is hosted by Virtual Server Y. This virtual server is hosted by the same physical server as Virtual Server X and therefore when Cloud Service Y is accessed, a log entry is again written into Database A (6). After processing the request, Cloud Service X replies to Service Consumer A with a response message (7). After being in use for several weeks, Cloud Service Consumer B unexpectedly shuts down. An investigation reveals that a response message sent by Cloud Service Y contained malicious data that successfully attacked and disabled Cloud Service Consumer B and its underlying implementation.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Part I: SELECT ALL THAT APPLY
Which of the following statements describes a legitimate source of the malicious data?
- The source of the malicious data was Service Agent A. Upon intercepting the message from Cloud Service Consumer A, the service agent altered its contents prior to forwarding the message to Cloud Service X. Because Cloud Service X and Cloud Service Y share the same underlying physical server, this data compromised IT resources on that physical server which further compromised Virtual Server Y and Cloud Service Y.
- The source of the malicious data was Database A. This database was independently attacked and made inaccessible by the physical server. Because the physical server was unable to write its log entries, it raised errors that affected the performance and behavior of Cloud Service Y.
- The source of the malicious data was Cloud Service Consumer A. This program forwarded malicious data in the message it sent to Cloud Service X. Because Cloud Service X and Cloud Service Y share the same underlying physical server, this data compromised IT resources on that physical server that further compromised Virtual Server Y and Cloud Service Y.
- The source of the malicious data was Virtual Server Y. This virtual server was independently attacked. The attacker managed to place malicious software on the virtual server which inserted malicious data into the message sent by Cloud Service Y to Cloud Service Consumer B.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Part II: SELECT ALL THAT APPLY
Which of the following can be deployed to help ensure the confidentiality of the data in the cloud? (Choose two)
- Encryption
- SLA’s
- Masking
- Continuous Monitoring
The digital signature mechanism is a means of providing data authenticity and integrity through authentication and non-repudiation. A message is assigned a digital signature prior to transmission, which is then rendered invalid if the message experiences any subsequent, unauthorized modifications. A digital signature provides evidence that the message received is the same as the one created by its rightful sender. Would a digital signature have prevented Cloud Service Consumer B from being essentially attacked and shut down?
- Yes
- No
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 3: Discussion – Cloud Infrastructure Risks
The Gordon text (p.167) lists 6 general categories of risks related to cloud infrastructure (see below). Students should select one of the 6 categories, choose a risk under this category, and discuss why they think it is important.
- Policy and Organizational Risks
- General Risks
- Virtualization Risks
- Cloud Specific Risks
- Legal Risks
- Non-Cloud Specific Risks
Please submit your initial post by Wednesday at 11:59 pm and all follow-up posts by Sunday at 11:59 pm. The discussions grading rubric is used for this assignment.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 3: Assignment – Writing Assignment – Amazon GuardDuty
- Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time consuming for security teams to continuously analyze event log data for potential threats
- Please go to the link below and view the GuardDuty video.
https://aws.amazon.com/guardduty/?c=sc&sec=srv (Links to an external site.)
- In this assignment, students are expected to perform some research on Amazon GuardDuty. Submit a proposal to your leadership on why you think your company should start using GuardDuty. Please keep this assignment to no more than one page. Use the below headers to assist you.
- Amazon Guard Duty Description
- Pro’s
- Cons
- Potential Use Cases that would be applicable and why (see benefits on the web link above).
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 4: Discussion – Encryption
The text mentions 2 different types of encryption modes, data at rest and data in transit. Please choose one of them and discuss some of the different ways it can be utilized.
Please submit your initial post by Wednesday at 11:59 pm and all follow-up posts by Sunday at 11:59 pm. The discussions grading rubric is used for this assignment.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 4: Assignment 1 – Lab 2 – Cloud Security Mechanisms
From the readings and lectures, we have learned about cloud security mechanisms and common security threats. This lab will have students perform an exercise where they match up security threats against the cloud mechanism used to counter them.
Under each cloud security mechanism listed below, students are to list which one of the cloud security threats this mechanism can be used to counter / defend against (if any).
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Cloud Security Mechanisms:
- Encryption
- Digital Signatures
- Identity and Access Management
- Single Sign on
- Cloud Based Security Groups
- Hardened Virtual Server Images
CMIT-280 Cloud Security Threats:
- Malicious Intermediary
- Denial of Service
- Insufficient Authorization
- Virtualization Attack
- Overlapping Trust Boundary
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 5: Discussion – Threat Source
Threat sources can typically be grouped into 6 categories: Human, Natural, Technical, Physical, Environmental, and Operational. Please select and discuss which one you believe poses the biggest threat as it relates to cloud computing.
Please submit your initial post by Wednesday at 11:59 pm and all follow-up posts by Sunday at 11:59 pm. The discussions grading rubric is used for this assignment.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 5: Assignment 1 – Lab 3 – Cloud Vulnerability
In this lab, students will create a free account on the Cloud Security Alliance website and download a Top Threats study. Students will be asked to analyze a vulnerability, choose an appropriate control, and perform a little more research to back that selection up with facts.
This lab will give students exposure to the Cloud Security Alliance top threat program.
- Students should go to the CSA page / Knowledge Center / Research Library (Links to an external site.) and create a free account.
- Sign in and open the following document: Top Threats to Cloud Computing: Deep Dive
- Scroll down to the Cloudbleed vulnerability and read the one page details.
Students are to select one of these two categories – Preventative Controls or Detective Controls. Under this category, choose which control you believe to be the most effective and explain why.
CMIT-280 What to submit in your Lab Report:
- Vulnerability: Cloudbleed
- Select one – Preventative or Detective:
- Most Important Control and Why:
- Research: Do some research and try to find an example of where your chosen control could have prevented CloudBleed from being impactful.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 6: Discussion – Privacy Laws
In a proceeding in 2014 before the U.S. Court, Microsoft was ordered to turn over an email belonging to a user of its hosted mail service. That email belonged to a user outside of the United States. The email itself was located on a server in a data center in Ireland, which should be out of the reach of the U.S. authorities and subject to the requirements of the EU privacy laws. Microsoft challenged the ruling and lost.
- Students are asked to state if they agree with this decision and back it up with their reason why.
Please submit your initial post by Wednesday at 11:59 pm and all follow-up posts by Sunday at 11:59 pm. The discussions grading rubric is used for this assignment.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 6: Assignment – Amazon CloudWatch Writing Assignment
- Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers.
- The Amazon CloudWatch monitors activity in the cloud and issues notifications or alarms based on preconfigured thresholds.
- Please go to the link below and view the CloudWatch video. https://aws.amazon.com/cloudwatch/
- In this assignment, students are expected to perform some research on Amazon CloudWatch. Submit a proposal to your leadership on why you think your company should start using CloudWatch. Please keep this assignment to no more than one page. Use the below headers to assist you.
- CloudWatch Description
- Pro’s
- Cons
- Potential Use Cases that would be applicable and why (see web link above)
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 7: Discussion – Zero Trust Model
- Please read the following article: https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-for-the-cloud (Links to an external site.)
- Please state what you believe is the biggest advantage to moving to a Zero Trust Model in the cloud and why.
Please submit your initial post by Wednesday at 11:59 pm and all follow-up posts by Friday at 11:59 pm. The discussions grading rubric is used for this assignment.
NEW SOLUTION-CMIT-280: CLOUD COMPUTING SECURITY ENTIRE COURSE HELP-CHAMPLAIN COLLEGE
CMIT-280 Week 7: Assignment – Final Project
- Please review the below diagram, as well as refer to the course notes and text, and complete section 3.
- The diagram below illustrates interaction between two cloud service consumers (A and B) and two virtual servers (A and B) hosted on a cloud.
- Based on the limited information provided in the depicted scenario, list 3 types of attacks that could potentially be carried out if any of the programs outside of the cloud were malicious. Provide a brief explanation justifying the threat of each proposed attack.
Here are some choices:
- Traffic Eavesdropping
- Malicious Intermediary
- Denial of Service
- Insufficient Authorization
- Virtualization Attack
- Overlapping Trust Boundaries
**Chapter 6 of the Erl book will help you greatly in completing this assignment.