Domain 1 - Cloud Computing and Concepts and Architectures Flashcards

1
Q

What are some Ways of viewing cloud computing?

A

It’s a technology, a collection of technologies, an operational model, a business model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What must you do to really see security benefits from the cloud?

A

Security benefits only appear if you understand and adopt cloud-native models and adjust your architectures and controls to align with the features and capabilities of cloud platforms.

In fact, taking an existing application or asset and simply moving it to a cloud provider without any changes will often reduce agility, resiliency, and even security, all while increasing costs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Cloud computing per CSA

A

Cloud computing is a new operational model and set of technologies for managing shared pools of computing resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which could computing definition is this?

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of con gurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management e ort or service provider interaction.”

A. NIST
B. ISO/IEC

A

A. NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which could computing definition is this?

“Paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand.”

A. NIST
B. ISO/IEC

A

B. ISO/IEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are two techniques to create a cloud?

A. Abstraction
B. Polymorhpishm
C. Orchestration
D. Compute

A

A & C: Abstraction and Orchestration

The key techniques to create a cloud are abstraction and orchestration. We abstract the resources from the underlying physical infrastructure to create our pools, and use orchestration (and automation) to coordinate carving out and delivering a set of resources from the pools to the consumers. As you will see, these two techniques create all the essential characteristics we use to de ne something as a “cloud.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between cloud computing and traditions virtualization?

A

Virtualization abstracts resources, but it typically lacks the orchestration to pool them together and deliver them to customers on demand, instead relying on manual processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the essential characteristics that make a cloud?

A

If something has these characteristics, we consider it cloud computing. If it lacks any of them, it is likely not a cloud.
• Resource pooling is the most fundamental characteristic, as discussed above. The provider abstracts resources and collects them into a pool, portions of which can be allocated to di erent consumers (typically based on policies).
• Consumers provision the resources from the pool using on-demand self-service. They manage their resources themselves, without having to talk to a human administrator.
• Broad network access means that all resources are available over a network, without any need for direct physical access; the network is not necessarily part of the service.
• Rapid elasticity allows consumers to expand or contract the resources they use from the pool (provisioning and deprovisioning), often completely automatically. This allows them to more closely match resource consumption with demand (for example, adding virtual servers as demand increases, then shutting them down when demand drops).
• Measured service meters what is provided, to ensure that consumers only use what they are allotted, and, if necessary, to charge them for it. This is where the term utility computing comes from, since computing resources can now be consumed like water and electricity, with the client only paying for what they use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the three key service models of a cloud?

A

NIST de nes three service models which describe the di erent foundational categories of cloud services:
• Software as a Service (SaaS) is a full application that’s managed and hosted by the provider. Consumers access it with a web browser, mobile app, or a lightweight client app.
• Platform as a Service (PaaS) abstracts and provides development or application platforms, such as databases, application platforms (e.g. a place to run Python, PHP, or other code),
le storage and collaboration, or even proprietary application processing (such as machine learning, big data processing, or direct Application Programming Interfaces (API) access to features of a full SaaS application). The key di erentiator is that, with PaaS, you don’t manage the underlying servers, networks, or other infrastructure.
• Infrastructure as a Service (IaaS) o ers access to a resource pool of fundamental computing infrastructure, such as compute, network, or storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are various deployment models of cloud?

A

Public, Private, Community, Hybrid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define Public Cloud

A

Public Cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Private cloud

A

Private Cloud. The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or by a third party and may be located on-premises or o - premises

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define community cloud

A

Community Cloud. The cloud infrastructure is shared by several organizations and supports a speci c community that has shared concerns (e.g. mission, security requirements, policy, or compliance considerations). It may be managed by the organizations or by a third party and may be located on-premises or o -premises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define Hybrid Cloud

A

Hybrid Cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Hybrid is also commonly used to describe a non-cloud data center bridged directly to a cloud provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a key difference be cloud and traditional computing?

A

The Metastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the Metastructure?

A

Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and con guration

17
Q

Define Infostructure.

A

Infostructure: The data and information. Content in a database, le storage, etc

18
Q

Define Applistructure

A

Applistructure: The applications deployed in the cloud and the underlying application services
used to build them. For example, Platform as a Service features like message queues, arti cial intelligence analysis, or noti cation services

19
Q

Which cloud deployment model is security responsibility almost completely targeted at the cloud provider?

A

Software as a Service: The cloud provider is responsible for nearly all security, since the
cloud user can only access and manage their use of the application, and can’t alter how the application works. For example, a SaaS provider is responsible for perimeter security, logging/ monitoring/auditing, and application security, while the consumer may only be able to manage authorization and entitlements

20
Q

Which cloud deployment model is security responsibility for the foundation of the cloud the cloud provider and everything else the cloud user?

A

Infrastructure as a Service: Just like PaaS, the provider is responsible for foundational security, while the cloud user is responsible for everything they build on the infrastructure. Unlike PaaS, this places far more responsibility on the client. For example, the IaaS provider will likely monitor their perimeter for attacks, but the consumer is fully responsible for how they de ne and implement their virtual network security, based on the tools available on the service.

21
Q

Which cloud deployment model is security more evenly split between the cloud provider and the cloud user?

A

Platform as a Service: The cloud provider is responsible for the security of the platform, while the consumer is responsible for everything they implement on the platform, including how they con gure any o ered security features. The responsibilities are thus more evenly split. For example, when using a Database as a Service, the provider manages fundamental security, patching, and core con guration, while the cloud user is responsible for everything else, including which security features of the database to use, managing accounts, or even authentication methods.

22
Q

What is the the Consensus Assessments Initiative Questionnaire (CAIQ)

A

The Consensus Assessments Initiative Questionnaire (CAIQ). A standard template for cloud providers to document their security and compliance controls.

23
Q

What is the the Cloud Controls Matrix (CCM)?

A

The Cloud Controls Matrix (CCM), which lists cloud security controls and maps them to multiple security and compliance standards. The CCM can also be used to document security responsibilities

24
Q

Regarding Cloud Security Models, what are Conceptual models or frameworks?

A

Conceptual models or frameworks include visualizations and descriptions used to explain cloud security concepts and principles, such as the CSA logical model in this document

25
Q

Regarding Cloud Security Models, what are Controls models or frameworks?

A

Controls models or frameworks categorize and detail speci c cloud security controls or categories of controls, such as the CSA CCM.

26
Q

Regarding Cloud Security Models, what are Reference architectures

A

Reference architectures are templates for implementing cloud security, typically generalized (e.g. an IaaS security reference architecture). They can be very abstract, bordering on conceptual, or quite detailed, down to speci c controls and functions.

27
Q

Regarding Cloud Security Models, what are Design Patterns?

A

Design patterns are reusable solutions to particular problems. In security, an example is IaaS log management. As with reference architectures, they can be more or less abstract or speci c, even down to common implementation patterns on particular cloud platforms.

28
Q

What are the simple high-level processes for managing cloud security?

A
  • Identify necessary security and compliance requirements, and any existing controls.
  • Select your cloud provider, service, and deployment models.
  • Define the architecture.
  • Assess the security controls.
  • Identify control gaps.
  • Design and implement controls to ll the gaps.
  • Manage changes over time.