CHP 6 CLOUD

Question 1

Public cloud vs Private cloud

Answer 1

Public cloud is for everyone to use. A private cloud is for an individual company to use ONLY

Question 2

Community cloud

Answer 2

is where several organizations share the costs of either a hosted private or fully private cloud.

Question 3

Single-Tenant Architecture vs Multi-Tenant Architecture

Answer 3

Single-Tenant Architecture:

Dedicated Infrastructure: Each customer has their own separate infrastructure.
Security: Highest level of security because the infrastructure is not shared.

Multi-Tenant Architecture:

Shared Infrastructure: Multiple customers share the same infrastructure.
Security: Lower security if not properly managed, as data and applications are logically separated but on the same hardware.

Question 4

Serverless cloud architecture

Answer 4

is when the cloud provider manages the infrastructure and automatically scales resources up or down based on demand.

Question 5

PaaS

Answer 5

Let’s say you’re a small business owner who wants to create a new website or app to reach more customers. You have great ideas but don’t want to worry about the technical details like servers, storage, or networks.
Platform as a Service (PaaS) is like renting a fully equipped workshop. Instead of building your workshop from scratch, you rent one that already has all the tools, workbenches, and materials you need. You can just walk in and start creating.

Question 5

XaaS

Answer 5

anything as a service (XaaS) The concept that most types of IT requirements can be deployed as a cloud service model.

Question 6

SaaS

Answer 6

Software as a Service (SaaS) is a model for delivering software applications over the internet. Instead of purchasing software licenses, businesses access the software hosted on the provider’s servers on a subscription or pay-as-you-go basis.
Think “Microsoft 365”

Question 7

IaaS

Answer 7

Suppose you’re starting an online store and need a place to host your website. You want flexibility and scalability but don’t want to buy and maintain your own hardware.

Infrastructure as a Service (IaaS) is like renting a fully equipped warehouse where you can store and manage your products without owning the building or equipment. You rent space and resources as you need them, allowing you to scale up or down easily.

Question 8

CDNs

Answer 8

Content delivery networks (CDNs) distribute content across multiple servers to improve performance, reliability, and scalability.

Question 9

GRS

Answer 9

Geo-redundant storage (GRS)—replicates your data to a secondary region that is distant from the primary region. This safeguards data in the event of a regional outage or a disaster.

Question 10

Regional replication

Answer 10

—replicates your data across multiple datacenters within one or two regions. This safeguards data and access in the event a single datacenter is destroyed or goes offline.

Question 11

VDI

Answer 11

Virtual Desktop Infrastructure (VDI) is a technology that allows users to access a desktop operating system (like Windows) hosted on a remote server.

Question 12

Dependency Nightmare

Answer 12

A dependency nightmare is a situation in software development where managing software dependencies becomes extremely complex and problematic.

Question 13

Serverless Computing

Answer 13

is a cloud computing model where the cloud provider manages the infrastructure and automatically allocates resources as needed, charging only for the actual usage of the application.
Serverless: Imagine a library where a librarian only comes to work when someone needs help finding a book.

Question 14

VPC

Answer 14

A Virtual Private Cloud (VPC) is a private cloud environment within a public cloud. It provides the benefits of a private cloud with the scalability and flexibility of a public cloud. Users can provision logically isolated sections of the cloud where they can launch resources in a virtual network that they define.

Question 15

Microservices

Answer 15

Imagine a library where there are different librarians specialized in different sections (fiction, non-fiction, children’s books), each always available in their section.
In summary, serverless is about running small pieces of code without managing servers, while microservices are about building an application as a collection of small, independent services.

Question 16

IaC

Answer 16

Infrastructure as Code (IaC) is a practice in IT where infrastructure (like servers, networks, and databases) is managed and provisioned through machine-readable configuration files, rather than through physical hardware configuration or interactive configuration tools.

Question 17

RTOS

Answer 17

Real-Time Operating Systems (RTOS is a type of operating system designed for use in applications that require real-time processing and response

Question 17

SDN

Answer 17

Software-Defined Networking (SDN) is a way to manage and control networks using software. It separates the decision-making process of where data should go (control plane) from the actual movement of data (data plane).

Question 18

SD-WAN

Answer 18

Software-Defined Wide Area Network (SD-WAN) is a network technology that uses software-based controllers to manage and optimize the performance of a wide area network (WAN). It enables centralized control of WAN traffic, improving network efficiency and reducing costs.

Question 18

NFV

Answer 18

Network Functions Virtualization (NFV) is a way to virtualize network services that traditionally run on hardware. By using software, these services can be run on standard servers instead of specialized hardware.

Question 19

SASE

Answer 19

Secure Access Service Edge (SASE) is a cloud-based network architecture that combines wide area networking (WAN) capabilities with comprehensive security services, providing secure and efficient access to applications, data, and services regardless of location.

Question 20

Embedded Systems

Answer 20

Home appliances, Smartphones and tablets, Automotive systems, etc

Question 21

ICS

Answer 21

Industrial control systems (ICSs) provide mechanisms for workflow and process automation. These systems control machinery used in critical infrastructure, like power suppliers, water suppliers, health services, telecommunications, and national security services.

Question 22

OT

Answer 22

operational technology (OT) A communications network designed to implement an industrial control system rather than data networking.

Question 23

PLCs

Answer 23

Programmable Logic Controllers (PLCs) are industrial digital computers designed to control manufacturing processes, such as assembly lines, robotic devices, or any activity that requires high reliability, ease of programming, and process fault diagnosis.

Question 24

HMI

Answer 24

human-machine interfaces (HMIs) Input and output controls on a PLC to allow a user to configure and monitor the system.

Question 25

Which of the following best describes the priorities of industrial systems compared to IT systems?

Options:

A. Industrial systems prioritize confidentiality, integrity, and availability (CIA triad), similar to IT systems.

B. Industrial systems prioritize availability, integrity, and confidentiality (AIC triad) because safety and continuous operation are critical, often involving hazardous electromechanical components.

C. Industrial systems prioritize speed, accuracy, and confidentiality because they need to process data quickly and securely.

D. Industrial systems do not prioritize any specific aspects differently than IT systems and follow the same CIA triad.

Answer 25

B
reversing the CIA triad as the AIC triad.

Question 26

SCADA

Answer 26

Supervisory Control and Data Acquisition (SCADA)
A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer.

Question 27

Deperimeterization

Answer 27

is a security approach that moves away from focusing on defending the network perimeter and instead emphasizes protecting individual resources and data within the network. This shift is driven by the increasing use of cloud computing, remote work, and mobile devices, which make traditional perimeter-based security models less effective.

Question 28

The IT department of an organization is preparing to implement new access control measures to enhance the security of its network. The IT team has studied various access control models and is assessing the potential applicability to their needs. Which access control models should the IT team consider if they want to implement access controls based on user roles and security classifications of information? (Select the two best options.)

A.Discretionary access control
B.Mandatory access control
C.Role-based access control
D.Rule-based access control

Answer 28

B and C
In the mandatory access control (MAC) model, the system grants access rights by examining the security classifications assigned to information and the clearances associated with the user. This model focuses on information confidentiality and classification, providing robust control over information flow.

Question 28

Upon learning that the organization is looking to enhance network security solutions for the corporate office, a software technician explores the benefits of deploying a Zero Trust Architecture (ZTA). What is not a key benefit of using a ZTA?

A.Greater security
B.Better access controls
C.Decreased granularity
D.Improved governance and compliance

Answer 28

C
To the contrary of decreased granularity, a key benefit of deploying ZTA is to have increased granularity, as it grants users access to what they need when they need it.

Question 29

The network security engineer at a multinational company is preparing to introduce a new network infrastructure model. The company’s objective is to minimize the attack surface by implementing effective port security measures. To accomplish this, the engineer is evaluating the security implications of various architecture models and their compatibility with port security measures. Since the network security engineer plans to deploy port security to minimize the attack surface, which architecture model can BEST assist in supporting and enhancing the effectiveness of port security?

A.Peer-to-peer model
B.Client-server model
C.Hybrid model
D.Three-tier model

Answer 29

B
The client-server model can enhance the effectiveness of port security as it has centralized servers, making it easier to monitor and manage port security.

Question 30

To improve security, the security team at a growing tech company aims to update its infrastructure. They explore different architecture models and ponder the implications of logical segmentation. To curb lateral movement within the network (in case an intruder accesses one segment), the team plans to split the network into smaller, isolated segments, each boasting its own resources and security controls. Considering this strategy to boost security, which architecture model would optimally support the logical segmentation strategy?

A.Client-server model
B.Peer-to-peer model
C.Hybrid model
D.Monolithic model

Answer 30

A
The client-server model best supports logical segmentation. In this model, clients request services, and servers provide those services. This model is more suitable for segmentation as each segment can have its own server that manages its resources and security controls.

Question 31

In exploring the tenets of Zero Trust Architecture, a cyber consultant reviews its’ various benefits and components to determine how the solution can help the company. What components are associated with ZTA? (Select the two best options.)

A.Better access controls
B.Cloud security
C.Improved governance and compliance
D.Data protection

Answer 31

B and D
Cloud security is a component of ZTA that manages access to cloud-based applications, services, and data.

Data protection is a component of ZTA that controls and secures access to sensitive data, including encryption and auditing.

Question 32

A network architect at a global financial institution overhauls the company’s on-premises network to enhance security and reduce the attack surface. To accomplish this, the architect assesses various architecture models and their respective impact on the on-premises network’s security implications. While redesigning the on-premises network, which architecture derivative/model could effectively decrease the attack surface?

A.Centralized architecture
B.Peer-to-peer network
C.Content delivery networks
D.Hybrid cloud

Answer 32

A
Centralized computing architecture refers to a model where all data processing and storage is performed in a single location, typically a central server. That can help minimize threat vectors.