Module Question 7
- Explain the “Shared Responsibility Model.” What is the cloud provider responsible for, and what is the business (customer) responsible for?
- What is a cloud misconfiguration, and can you provide an example (e.g., a public S3 bucket)?
- Why are Identity and Access Management (IAM) policies so critical in a cloud environment?
Status : 100%
Keterangan: saya sudah mengerjakan tugas ini dengan baik dan benar
- Social engineering is a psychological manipulation technique used by criminals to trick someone into giving up confidential information, granting access to certain systems, or performing actions that are detrimental to their own security.1. Phishing
This is the most common technique. The perpetrator sends a message (usually via email, SMS, or instant messaging app) impersonating a legitimate agency such as a bank, cloud service provider, or package courier.How it works: The message typically has an urgent tone (e.g., “Your account will be blocked”) and asks you to click on a fake link that closely resembles the legitimate website to steal your username and password.2. Baiting
As the name suggests, this technique uses “bait” to lure victims into a digital or physical trap.Digital Example: Offers of free movie downloads or popular software that turn out to be infected with malware.
Physical Example: The perpetrator leaves a USB flash drive in a public area (such as an office lobby or parking lot) with an attention-grabbing label, such as “Payroll” or “Confidential Data.” When someone picks it up and plugs it into their computer out of curiosity, malware is automatically installed on the system.
3. Pretexting (Pretexting Fraud)
In this technique, the perpetrator creates a scenario or fake identity (pretext) to manipulate the victim into divulging sensitive information.How it works: The perpetrator might call you and pretend to be a member of a company’s IT department or a bank security officer. They’ll build trust by providing a small amount of information they already know, then ask for more information such as credit card numbers, OTP codes, or other identifying details under the guise of “security verification.”
- Cloud misconfiguration is a condition where the security settings on the cloud infrastructure are not configured properly, leaving gaps for unauthorized parties to access data or systems, 1. Public Open Storage Buckets (Example: Amazon S3),Impact: Anyone on the internet who knows the URL of the bucket can view, download, or even delete sensitive files (such as customer data or financial reports) without needing a password.
- enforcement of the principle of least access rights, managing scale and complexity, preventing misconfigurations and inconsistencies
