Chapter 1 - Architectural Concepts

Question 1

BIA (Business Impact Analysis)

Answer 1

an assessment of the priorities given to each asset and process within the organization; analysis considers the effect (impact) any hard or loss might mean to the organization overall; identify critical paths and single points of failure; determine costs of compliance (legislative and contractual requirements mandated)

Question 2

Metered service

Answer 2

the organization only pays for what it uses

Question 3

Rapid Elasticity

Answer 3

excess capacity available to be apportioned to cloud customers

Question 4

Cloud bursting

Answer 4

organizations to use hosted cloud service to augment internal, private data center capabilities with managed services during times of increase demand; an org can rent the additional capacity as needed from an external cloud provider (crisis situation, heavy holiday shopping periods); rapid scalability allows customer to dictate the volume of resource

Question 5

Cloud service benefits

Answer 5

reduction in personnel cost (data management); reduction in capital expenditure (metered service, rapid elasticity, cloud bursting); reduction in operational costs; transferring some regulatory costs; reduction in costs for data archival/backup services

Question 6

ROI (Return on Investment)

Answer 6

term related to cost-benefit measures; used to describe a profitability ratio; calculated by dividing net profits by net assets

Question 7

Elasticity

Answer 7

customers can contract cloud providers to use virtualization to flexibly allocate only the needed usage of each resource to the organization, while holding costs while maintaining profitability; allow users to access their data from diverse platforms and locations, increasing portability, accessibility, and availability

Question 8

Simplicity

Answer 8

allow a user to seamlessly use the service without frequently interacting with the cloud service provider

Question 9

Scalability

Answer 9

Increasing/reducing services can be easily, quickly, and cost-effectively accomplished

Question 10

IaaS (Infrastructure as a Service)

Answer 10

most basic service; allows customer to install all software and OSs on hardware housed and connected by the cloud vendor; can be considered a warm site for BC/DR purposes; optimal for orgs wanting control over the security of their data and limited cloud vendor assistance (BC/DR or archiving); least expensive option; customer retain IT staffing

When to use: website or application hosting; virtual data centers; data analysis

Question 11

PaaS (Platform as a Service)

Answer 11

includes services from IaaS and OSs (offers a selection for customers to use, Windows, Linux, Mac, etc.); vendor is responsible for patching, administering, and updating the OS; customer can install any software; useful for customers involved in software development (they can test on multiple OS platforms); includes cloud-based database engines and services “big data” style services (data warehousing and datamining); provider offers access to back-end engine/functionality, while customer can create/install apps/APIs to access the backend

When to use: reduce development time; support for different programming languages; easy collaboration for remote/distributed teams; high development capabilities w/o additional staff

Question 12

Unstructured Data Types

Answer 12

qualitative data; natural-language text; incorporate media (audio, video, images); contains JSON, XML, binary objects (images encoded as text strings); important for data analytic strategies; noSQL

Question 13

Structured Data Types

Answer 13

quantitative data; organized and decipherable by machine learning algorithms; SQL (relational) can be used to quickly input, search, and manipulate data; used by machine learning algorithms

Question 14

SaaS (Software as a Service)

Answer 14

includes everything from IaaS and PaaS with the addition of software programs; vendor is responsible for administering, patching, and updating everything, also takes care of all infrastructure, compute, and storage needs as well as providing OSs and application; customer is only involved in uploading and processing data on a full production environment; application is a shared responsibility of all parties

When to use: (Personal) email services (gmail), cloud storage services (Dropbox), cloud-based file management (Google Docs); (Business) gmail, collaboration tools (Trello), CRM (Salfesforce), ERP

Question 15

Public Cloud

Answer 15

resources are owned and operated by a vendor and sold, leased, or rented to anyone; multitenant environments; multiple customers will share resources; EX: customer might be using a AM that resides on the same hardware that hosts another VM as their competitor, but they do not know the entities using the same resources; Rackspace, Microsoft’s Azure, and AWS (Amazon Web Services)

Question 16

Private Cloud

Answer 16

resources dedicated to a single customer; might be owned and maintained by the entity that is the sole customer (org might own and operate a data center that serves as the cloud environment for the org’s users); might be a set of resources (racks, blades, software packages) owned by the single customer but located and maintained at provider’s data center; provider might offer physical security, admin services, and utilities (power, Internet) for customers (referred to as co-lo (co-located) environment)

Question 17

Community Cloud

Answer 17

features infrastructure and processing owned and operated by/for an affinity group; orgs come together to perform joint tasks and functions; gaming communities, ownership is spread throughout the various members of the community; can be provisioned by a third party (FedRAMP service – only used by US federal gov)

Question 18

Hybrid Cloud

Answer 18

contains elements of other models; org might want to retain some private cloud resources (remote user access) but lease some public cloud space (PaaS function for software development/testing)

Question 19

Cloud Broker

Answer 19

company that purchases hosting services from a provider and resells them to its own customers

Question 20

CASB (Cloud Access Security Broker)

Answer 20

third-party entity offering independent IAM (identity and access management) services to CSPs and cloud customers; can be SSO, certificate management, and cryptographic key escrow

Question 21

Regulators

Answer 21

ensure orgs are incompliance with regulatory framework for which they are responsible for; HIPAA, GLBA, PCI DSS, ISO, SOX, etc.; regulators include FTC, SEC, and auditors

Question 22

Cost-Benefit Analysis

Answer 22

comparing potential positive impact (profit, efficiency, market share) of a business decision to potential negative impact (expense, detriment to production, risk) and weighing the two as equivalent or not (potential positive/negative)

Question 23

FIPS 140-2

Answer 23

NIST document that describes the process for accrediting and cryptosystems for use by the federal government; lists only approved cryptographic tools

Question 24

NIST 800-53

Answer 24

guidance document with primary goal of ensuring appropriate security requirements and controls are applied to all US federal government information in management systems

Question 25

TCI (Trusted Cloud Initiative) Reference Model

Answer 25

guide for cloud providers, allowing them to create a holistic architecture that customers can purchase (including physical/logical layout of network and processes necessary to utilize both)

Question 26

Vendor Lock-In

Answer 26

situation where a customer is unable to leave, migrate, retrieve, or transfer data to an alternate provider due to technical/nontechnical constraints; use portability for a level of ease when transporting data, ensure contract states so, avoid proprietary formats (requires specific software to read data), check for regulatory constraints; detrimental contract terms or technical limitations

Question 27

Vendor Lock-Out

Answer 27

when a customer is unable to recover/access their own data due to provider going into bankruptcy or leaving the market

Question 28

Blockchain

Answer 28

open means of conveying value using encryption technologies/algorithms (cryptocurrency); transactional ledger where all participants can view every transaction, making it extremely difficult to negatively affect the integrity of past transactions; each record (block) is distributed among all participants in a distributed or cloud-based manner

Question 29

Containers

Answer 29

logical segmentation of memory space in a device, creating two or more abstract areas that cannot interface directly; commonly used in BYOD environment; distinguish two distinct partitions (one for work functions/data and other for personal functions/data)

Question 30

Quantum Computing

Answer 30

emerging technology that allow IT systems to operate beyond binary math; instead of using the presence of electrons for calculations (electrons is either present/not present), quantum computing may use subatomic characteristics (electron spin, charm, etc.) to offer computing on exponentially larger scale

Question 31

Homomorphic Encryption

Answer 31

theoretical phenomenon that allow processing of encrypted material without needing to first decrypt it; can allow cloud customers to upload encrypted data and still utilize data without sharing keys with provider or having to accommodate decryption as part of the process

Question 32

STRIDE Threat Model

Answer 32

Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of Privilege

Question 33

Apache cloud stack

Answer 33

open source cloud computing software for creating, managing, and deploying infrastructure cloud services; uses existing hypervisor platforms

Question 34

Business Requirement

Answer 34

operational driver for decision-making and input for risk management