Chapter 1 - Architectural Concepts Flashcards
Which of the following is not a common cloud service model?
A. Software as a Service
B. Programming as a Service
C. Infrastructure as a Service
D. Platform as a Service
B. Programming as a service is not a common offering; the other are ubiquitous throughout the industry.
All of these technologies have made cloud service viable except:
A. Virtualization
B. Widely available broadband
C. Cryptographic connectivity
D. Smart hubs
D. Virtualization allows scalable resource allocation; broadband connections allow users to have access from anywhere; cryptographic connections allow for secure remote access. Smart hubs aren’t widely used in cloud offerings.
Cloud vendors are held to contractual obligations with specified metrics by:
A. SLAs
B. Regulations
C. Law
D. Discipline
A. Service-level agreements (SLA) specify objective measures that define what the cloud provider will deliver to the customer.
_____drive security decisions.
A. Customer service responses
B. Surveys
C. Business requirements
D. Public opinion
C. Security is usually not a profit center, and is therefore beholden to business drivers; the purpose of security is to support its business.
If a cloud customer cannot get access to the cloud provider, this affect what CIA triad?
A. Integrity
B. Authentication
C. Confidentiality
D. Availability
D. Lack of access is an availability issue.
Cloud Access Security Brokers (CASBs) might offer all of the following services EXCEPT:
A. Single sign-on
B. BC/DR/COOP
C. IAM
D. Key escrow
B. CASBs don’t usually offer BC/DR/COOP services; that’s something offered by cloud providers.
Encryption can be used in various aspects of cloud computing, including all of these except:
A. Storage
B. Remote Access
C. Secure Session
D. Magnetic swipe cards
D. The data on magnetic swipe cards isn’t usually encrypted.
All of these are reasons an organization may want to consider cloud migration except:
A. Reduced Personnel Costs
B. Elimination of risks
C. Reduced Operational Expenses
D. Increased Efficiency
B. Risks, in general, can be reduced but never eliminated; cloud service, specifically, does not eliminate risk to the cloud customer, because the customer retains a great deal of risk after migration.
The generally accepted definition of cloud computing includes all of the following characteristics except:
A, On-demand services
B. Negating the needs for backups
C. Resource pooling
D. Measured of metered service
B. Backups are still just as important as ever; regardless of where your primary data and backups are stored.
All of the following can result in vendor lock-in except:
A. Unfavorable Contract
B. Statutory Compliance
C. Proprietary Data Formats
D. Insufficient Bandwidth
B. There are no written laws that require a cloud customer to remain with a certain cloud provider.
The risk that a cloud provider might go out of business and the cloud customer might not be able to recover data is known as:
A. Vendor Closure
B. Vendor Lock-Out
C. Vendor Lock-In
D. Vending Route
B. This is the definition of vendor lock-out.
All of these are features of cloud computing except:
A. Broad Network Access
B. Reversed Charging Configuration
C. Rapid Scaling
D. On-demand Self-service
B. This a nonsense term used as a red herring.
When a cloud customer uploads PII to a cloud provider, who becomes ultimately responsible for the security of that PII?
A. Cloud Provider
B. Regulators
C. Cloud Customer
D. The individuals who are the subjects of the PII
C. Under current law, the data owner is responsible for any breaches that result in unauthorized disclosure of PII; this includes breaches caused by contracted parties and outsource services. The data wonder is the cloud customer.
We use which of the following to determine the critical paths, processes, and assets of an organization?
A. Business Requirements
B. BIA
C. RMF
D. CIA Triad
B. The business impact analysis is designed to ascertain the value of the organization’s assets, and learn the critical paths and processes.
The cloud deployment model that features organizational ownership of the hardware and infrastructure, and usage only by member of that organization, is know as:
A. Private
B. Public
C. Hybrid
D. Motive
A. This the definition of a private cloud model.
