112-51 Exam Dumps : Network Defense Essentials (NDE) Exam

FTP traffic does not provide encryption in the data transfer process, and the data transfer between the sender and receiver is in plain text. FTP stands for File Transfer Protocol, and it is a standard network protocol for transferring files between a client and a server over a TCP/IP network. FTP uses two separate channels for communication: a control channel for sending commands and receiving responses, and a data channel for transferring files. However, FTP does not encrypt any of the data that is sent or received over these channels, which means that anyone who can intercept the network traffic can read or modify the contents of the files, as well as the usernames and passwords used for authentication. This poses a serious security risk for the confidentiality, integrity, and availability of the data and the systems involved in the file transfer. Therefore, FTP is not a secure way to transfer sensitive or confidential data over the network.References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-31 to 3-32
• What is FTP, and Why Does It Matter in 2021?, Kinsta, January 4, 2021
• FTP Security, Wikipedia, February 9, 2021

The type of attack initiated by Jacob in the above scenario is a cross-container attack. A cross-container attack is a type of attack that targets container technology and exploits the shared resources and network connections between containers. A cross-container attack can compromise the security and availability of multiple containers and the underlying host by performing actions such as stealing data, executing commands, consuming resources, or spreading malware. A cross-container attack can be launched by an external attacker who gains access to a container through a network vulnerability, or by a malicious insider who runs a rogue container on the same host or cluster.A cross-container attack can be prevented or mitigated by implementing security best practices for container technology, such as isolating containers, limiting privileges, enforcing policies, scanning images, and monitoring network traffic123.References:

• Network Defense Essentials Courseware, EC-Council, 2020, pp. 3-37 to 3-38
• 6 Common Kubernetes and Container Attack Techniques and How to Prevent Them - Palo Alto Networks, Palo Alto Networks, March 2, 2022
• The evolution of a matrix: How ATT&CK for Containers was built - Microsoft, Microsoft, July 21, 2021

ISO/IEC 27018 is the ISO standard that provides guidance to ensure that cloud service providers offer appropriate information security controls to protect the privacy of their customer’s clients by securing personally identifiable information entrusted to them. ISO/IEC 27018 is a code of practice for protecting personal information in cloud storage. The term for the personal data it covers is Personally Identifiable Information or PII. ISO/IEC 27018 is an addendum to ISO/IEC 27001, the first international code of practice for cloud privacy. It helps cloud service providers who process PII to assess riskand implement controls for protecting PII. ISO/IEC 27018 was created in 2014 and updated in 2019. It has the following objectives:

• Help the public cloud service provider to comply with applicable obligations when acting as a PII processor, whether such obligations fall on the PII processor directly or through contract.
• Enable the public cloud PII processor to be transparent in relevant matters so that cloud service customers can select well-governed cloud-based PII processing services.
• Assist the cloud service customer and the public cloud PII processor in entering into a contractual agreement.
• Provide cloud service customers with a mechanism for exercising audit and compliance rights and responsibilities in cases where individual cloud service customer audits of data hosted in a multiparty, virtualized server (cloud) environment can be impractical technically and can increase risks to those physical and logical network security controls in place123.

References:

• ISO/IEC 27018: Protecting PII in Public Clouds - ISMS.online, ISMS.online, 2019
• ISO/IEC 27018 - Wikipedia, Wikipedia, 2021
• ISO/IEC 27018:2019 - Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors, ISO, 2019