Cloud computing

Question 1

Cloud computing

Answer 1

The delivery of computing services over the internet, offering on-demand access, scalability, and cost savings.

Question 2

Cloud Computing (IaaS)

Answer 2

Infrastructure as a Service provides virtualized computing resources—such as virtual machines, storage, and networking—over the internet, allowing users to manage infrastructure without owning physical hardware.

Question 3

Cloud Computing (PaaS)

Answer 3

Platform as a Service offers a cloud environment where developers can build, test, and deploy applications without needing to manage the underlying infrastructure.

Question 4

Cloud Computing (SaaS)

Answer 4

Software as a Service delivers applications over the internet, managed by a third-party provider, and typically accessed through a web browser on a subscription basis.

Question 5

Cloud Computing (IDaaS)

Answer 5

Identity as a Service provides cloud-based identity and access management services, including single sign-on, authentication, and user provisioning.

Question 6

Cloud Computing (SECaaS)

Answer 6

Security as a Service delivers outsourced security services via the cloud, such as antivirus, intrusion detection, firewalls, and encryption.

Question 7

Cloud Computing (CaaS)

Answer 7

Container as a Service is a cloud service model that allows users to manage and deploy containerized applications using orchestration tools like Kubernetes.

Question 8

Cloud Computing (FaaS)

Answer 8

Function as a Service, allows users to run code in response to events without provisioning or managing servers, ideal for microservices.

Question 9

Cloud Computing (XaaS)

Answer 9

Anything as a Service encompasses a broad range of cloud services beyond the traditional IaaS, PaaS, and SaaS, delivering customizable, on-demand capabilities.

Question 10

CSP shared responsibility model

Answer 10

A framework outlining which aspects of cloud security are managed by the cloud provider and which are the customer’s responsibility, depending on the service model.

Question 11

Public cloud

Answer 11

A cloud environment provided by third parties where services are offered over the public internet and shared across multiple customers.

Question 12

Private cloud

Answer 12

A cloud environment dedicated to a single organization, providing greater control, security, and customization, and can be hosted internally or externally.

Question 13

Hybrid cloud

Answer 13

An architecture that combines public and private cloud environments, allowing data and applications to move between them for flexibility and optimization.

Question 14

Community cloud

Answer 14

A cloud infrastructure shared among several organizations with similar goals or compliance requirements, managed internally or by a third party.

Question 15

Multi cloud

Answer 15

The use of multiple cloud services from different providers to avoid vendor lock-in, improve reliability, or optimize service delivery.

Question 16

Hosted IT deployment model

Answer 16

An IT infrastructure setup where systems are hosted in a third-party data center but not in a true cloud environment.

Question 17

Cloud IT deployment model

Answer 17

A model that describes the different cloud deployment modes as well as the shared responsability model.

Question 18

NIST Cloud Deployment Reference Architecture

Answer 18

A standardized framework from NIST that defines cloud actors, roles, and components to promote consistent and secure cloud adoption.

Question 19

Cloud consumer

Answer 19

An individual or organization that uses cloud services for computing, storage, application hosting, or other purposes.

Question 20

Cloud provider

Answer 20

The entity responsible for making cloud services available, including managing infrastructure, platforms, and applications.

Question 21

Cloud carrier

Answer 21

A third-party service that provides connectivity and transport for cloud services between providers and consumers.

Question 22

Cloud auditor

Answer 22

An independent party that evaluates cloud services to ensure they meet required security, compliance, and performance standards.

Question 23

Cloud broker

Answer 23

An entity that manages cloud service use across multiple providers and adds value through customization, aggregation, or intermediation.

Question 24

Service intermediation

Answer 24

Enhancement of cloud services by adding capabilities such as identity management, access control, or monitoring.

Question 25

Service aggregation

Answer 25

Combining multiple cloud services into a unified, integrated solution presented to the user as a single service.

Question 26

Service arbitrage

Answer 26

A model where a broker selects the best cloud services from different providers to assemble a flexible, cost-effective solution.

Question 27

Elements of the cloud provider

Answer 27

Core components including physical hardware, virtualization, orchestration tools, management consoles, and APIs used to deliver services.

Question 28

Cloud storage architecture: front-end

Answer 28

The interface users interact with, such as APIs or dashboards, to access or manage cloud storage services.

Question 29

Cloud storage architecture: middleware

Answer 29

The logic and processing layer handling tasks like authentication, data routing, and access management between front-end and back-end.

Question 30

Cloud storage architecture: back-end

Answer 30

The physical infrastructure, such as storage drives, file systems, and database engines, where data is actually stored.

Question 31

Fog computing

Answer 31

A model that extends cloud capabilities to local networks by processing data closer to the source, improving latency and efficiency.

Question 32

Edge computing

Answer 32

Edge computing is a **distributed computing paradigm** in which data processing and analysis occur **directly on or near** the physical devices.

Question 33

Edge

Answer 33

The physical point at which data is generated and initially processed, such as IoT devices or local servers.

Question 34

Security Assertion Markup Language (SAML)

Answer 34

An open standard for securely exchanging authentication and authorization information between entities, often used for single sign-on (SSO).

Question 35

SAML: Client

Answer 35

The software or application requesting authentication from an identity provider via SAML to access a service.

Question 36

SAML: Service provider

Answer 36

The entity that provides a service and relies on SAML assertions to authorize and authenticate users.

Question 37

SAML: Identity provider

Answer 37

The system that authenticates users and provides SAML assertions to service providers.

Question 38

XML

Answer 38

Extensible Markup Language used to define, transport, and store data in a format both human-readable and machine-processable.

Question 39

Virtual Private Cloud (VPC)

Answer 39

A logically isolated section of the cloud where users can define and control virtual networks, including IP ranges and subnets.

Question 40

Public Subnet in VPC

Answer 40

A subnet in a VPC that is connected to the internet and can host public-facing applications or services.

Question 41

Private Subnet in VPC

Answer 41

A subnet in a VPC without direct internet access, used for internal resources like databases or application logic.

Question 42

Transit Gateway

Answer 42

A networking service that connects multiple VPCs and on-premises networks via a central hub, simplifying network management.

Question 43

VPC endpoints

Answer 43

Private connections between VPCs and supported AWS services that bypass the public internet for improved security.

Question 44

VPC endpoint: Interface endpoint

Answer 44

A type of VPC endpoint that uses elastic network interfaces to connect securely to services within the VPC.

Question 45

Elastic network interface (ENI)

Answer 45

A virtual network card that can be attached to a cloud instance to allow it to connect to the network.

Question 46

VPC endpoints: Gateway Load Balancer endpoint

Answer 46

A VPC endpoint that enables private traffic routing to third-party appliances like firewalls or intrusion detection systems.

Question 47

Security groups

Answer 47

Virtual firewalls that control inbound and outbound traffic at the instance level in cloud environments.

Question 48

Instance awareness

Answer 48

The ability of a system or service to detect, manage, and apply policies to individual virtual machine instances.

Question 49

AICPA SAS 70 Type II audit

Answer 49

An independent audit that assesses the operational effectiveness of a service provider’s internal controls over a period of time.

Question 50

Cloud Security Alliance (CSA)

Answer 50

A nonprofit organization focused on promoting best practices for security assurance within cloud computing.

Question 51

Cloud Access Security Broker (CASB)

Answer 51

A security enforcement point between users and cloud providers that monitors activity and enforces security policies.

Question 52

Next Generation Secure Web Gateway (SWG)

Answer 52

A cloud-based security solution that provides real-time protection and policy enforcement for web access, including threat detection and content filtering.

Question 53

Cloud consultant

Answer 53

A professional who advises organizations on adopting, migrating to, and optimizing cloud services to meet technical and business goals.

Question 54

DASBLUAD – Cloud Security Best Practices

Answer 54

A mnemonic for essential cloud security best practices: D – Data protection, backup, and retention: Ensure data is encrypted, backed up regularly, and stored according to retention policies. A – AICPA SAS 70 Type II audits: Use third-party audits to validate internal controls and service reliability. S – SLAs for patching and vulnerability remediation: Establish agreements for timely updates and vulnerability fixes. B – Blacklists: Check if domains or services are listed in known blacklists to avoid risky connections. L – Legal contracts in employee behavior policy: Include security expectations and legal obligations in employment agreements. U – User credentials sharing prohibited: Enforce policies that prevent sharing of login credentials. A – Authentication, authorization, auditing: Implement robust access control and activity monitoring. D – Data protection at design and runtime: Embed security throughout the development lifecycle and during operation.

Question 55

ADARISR – NIST Cloud Security Recommendations

Answer 55

mnemonic for recommendations of cloud security A – Assess the risk posed: Evaluate threats, vulnerabilities, and impacts before adopting cloud services. D – Deployment model selection: Choose between public, private, hybrid, or community cloud models based on risk. A – Audit procedures are in place: Ensure that logging and auditing mechanisms monitor system and user activity. R – Renew SLAs if security gaps exist: Revisit service level agreements if providers fail to meet security needs. I – Incident detection & reporting: Establish systems and processes for timely identification and reporting of security incidents. S – Security objectives analysis: Align cloud services with organizational security goals and requirements. R – Responsibility for data security: Clearly define who is accountable for securing data in the shared responsibility model.