Domain 1 - Cloud Computing Concepts and Architectures Flashcards

1
Q

True or False - taking an existing application or asset and simply moving it to a cloud provider without any changes will often reduce agility, resiliency, and even security, all while increasing costs.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_____ is a new operational model and set of technologies for managing shared pools of
computing resources.

A

Cloud Computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

_____ is a model for enabling ubiquitous, convenient, on-demand network access to a
shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal management effort or service
provider interaction.

A

NIST Cloud Computing Definition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual
resources with self-service provisioning and administration on-demand

A

ISO/IEC Cloud Computing Definition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

____ is the person or organization requesting and using the resources

A

Cloud User

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_____ is the person or organization who delivers the resources

A

Cloud Provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the key techniques to create a cloud?

A

Abstraction and Orchestration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True or False - The difference between cloud computing and traditional virtualization is that virtualization abstracts
resources, but it typically lacks the orchestration to pool them together and deliver them to
customers on demand, instead relying on manual processes.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or False - Clouds are multitenant by nature. Multiple different consumer constituencies share the same pool
of resources but are segregated and isolated from each other

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

_____ allows the cloud provider
to divvy up resources to the different groups, and _____ ensures they can’t see or modify each
other’s asset

A

Segregation , Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is NIST 800-145?

A

NIST Working Definition of Cloud Computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

NIST defines cloud computing by describing how many essential characteristics, how many cloud service models and how many cloud deployment models?

A

5 Essential Characteristics
3 Cloud Service Models
4 Cloud Deployment Models

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 5 Essential Characteristics of Cloud Computing?

A
  • Resource Pooling
  • On Demand Self Service
  • Broad Network Access
  • Rapid Elasticity
  • Measured Service
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ISO/IEC 17788 list 6 essential cloud characteristics. Five are the same with NIST. What is the added one?

A

Multi tenancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

NIST 3 Cloud Service Models

A
  • Software as a Service (SaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
\_\_\_\_ is the most fundamental characteristic of Cloud. The provider abstracts resources and collects them into a pool, portions of which can be allocated to
different consumers (typically based on policies).
A

Resource Pooling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Consumers provision the resources from the pool using ______. They manage
their resources themselves, without having to talk to a human administrator.

A

On Demand Self Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

It means that all resources are available over a network, without any need
for direct physical access; the network is not necessarily part of the service.

A

Broad Network Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

This characteristic allows consumers to expand or contract the resources they use from the pool
(provisioning and deprovisioning), often completely automatically. This allows them to more
closely match resource consumption with demand (for example, adding virtual servers as
demand increases, then shutting them down when demand drops).

A

Rapid Elasticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

This meters what is provided, to ensure that consumers only use what they are allotted, and, if necessary, to charge them for it. This is where the term utility computing comes from, since computing resources can now be consumed like water and electricity, with the
client only paying for what they use.

A

Measured Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Is a service model which is a full application that’s managed and hosted by the provider.
Consumers access it with a web browser, mobile app, or a lightweight client app.

A

SaaS

22
Q

Is another service model that abstracts and provides development or application platforms,
such as databases, application platforms (e.g. a place to run Python, PHP, or other code),
file storage and collaboration, or even proprietary application processing (such as machine
learning, big data processing, or direct Application Programming Interfaces (API) access to
features of a full SaaS application). The key differentiator is that, you don’t manage
the underlying servers, networks, or other infrastructure.

A

PaaS

23
Q

Is a service model that offers access to a resource pool of fundamental computing
infrastructure, such as compute, network, or storage.

A

IaaS

24
Q

What are the four NIST/ISO/IEC Cloud Deployment Models

A
  • Public Cloud
  • Private Cloud
  • Community Cloud
  • Hybrid Cloud
25
Q

Is a cloud deployment model where the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

A

Public Cloud

26
Q

Is a cloud deployment model where the cloud infrastructure is operated solely for a single organization. It may be
managed by the organization or by a third party and may be located on-premises or off-
premises.

A

Private Cloud

27
Q

Is a cloud deployment model where The cloud infrastructure is shared by several organizations and supports a
specific community that has shared concerns (e.g. mission, security requirements, policy, or
compliance considerations). It may be managed by the organizations or by a third party and
may be located on-premises or off-premises.

A

Community Cloud

28
Q

Is a cloud deployment model where The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Hybrid is also commonly used to describe a non-cloud data center bridged directly to a cloud provider.

A

Hybrid Cloud

29
Q

True or False - Deployment models are defined based on the cloud user—that is, who uses the cloud

A

True

30
Q

What are the cloud logical model that helps identify different layers based on functionality?

A
  • Infrastructure
  • Metastructure
  • Infostructure
  • Applistructure
31
Q

A cloud logical model that defines the core components of a computing system: compute, network, and storage.
The foundation that everything else is built on. The moving parts.

A

Infrastructure

32
Q

A cloud logical model that defines the protocols and mechanisms that provide the interface between the
infrastructure layer and the other layers. The glue that ties the technologies and enables
management and configuration

A

Metastructure

33
Q

A cloud logical model that defines the data and information. Content in a database, file storage, etc.

A

Infostructure

34
Q

A cloud logical model that defines the applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial
intelligence analysis, or notification services.

A

Applistructure

35
Q

What is the key difference between cloud and traditional computing?

A

Metastructure - Cloud
metastructure includes the management plane
components, which are network-enabled and
remotely accessible. Another key difference is
that, in cloud, you tend to double up on each
layer. Infrastructure, for example, includes
both the infrastructure used to create the
cloud as well as the virtual infrastructure used
and managed by the cloud user. In private
cloud, the same organization might need to
manage both; in public cloud the provider
manages the physical infrastructure while the
consumer manages their portion of the virtual
infrastructure.

36
Q

True or False - At a high level, security responsibility maps to the degree of control any given actor has over the architecture stack:

A

True

37
Q

In this service or architecture model, The cloud provider is responsible for nearly all security, since the
cloud user can only access and manage their use of the application, and can’t alter how the
application works. For example, a SaaS provider is responsible for perimeter security, logging/
monitoring/auditing, and application security, while the consumer may only be able to manage
authorization and entitlements.

A

SaaS

38
Q

In this service or architecture model, The cloud provider is responsible for the security of the platform,
while the consumer is responsible for everything they implement on the platform, including
how they configure any offered security features. The responsibilities are thus more evenly
split. For example, when using a Database as a Service, the provider manages fundamental
security, patching, and core configuration, while the cloud user is responsible for everything
else, including which security features of the database to use, managing accounts, or even
authentication methods.

A

PaaS

39
Q

In this service or architecture model, Just like PaaS, the provider is responsible for foundational security,
while the cloud user is responsible for everything they build on the infrastructure. Unlike
PaaS, this places far more responsibility on the client. For example, the IaaS provider will likely
monitor their perimeter for attacks, but the consumer is fully responsible for how they define
and implement their virtual network security, based on the tools available on the service.

A

IaaS

40
Q

True or False - the most important security consideration is knowing exactly who is responsible for what in any given
cloud project.

A

True

41
Q

CSA two recommendations for a Shared Security model:

A

• • Cloud providers should clearly document their internal security controls and customer security
features so the cloud user can make an informed decision. Providers should also properly
design and implement those controls.

• • Cloud users should, for any given cloud project, build a responsibilities matrix to document
who is implementing which controls and how. This should also align with any necessary
compliance standards.

42
Q

A standard template for

cloud providers to document their security and compliance controls.

A

The Consensus Assessments Initiative Questionnaire (CAIQ)

43
Q

Which lists cloud security controls and maps them to
multiple security and compliance standards. This can also be used to document security
responsibilities.

A

Cloud Control Matrix ( CCM )

44
Q

Tools to help guide security decisions

A

Cloud Security Models

45
Q

What are the 4 clouds security models?

A
  • Conceptual Models or frameworks
  • Control Models or frameworks
  • Reference Architectures
  • Design Patterns
46
Q

Is a cloud security model that include visualizations and descriptions used to explain cloud
security concepts and principles, such as the CSA logical model in this document.

A

Conceptual Models or frameworks

47
Q

Is a cloud security model that categorizes and detail specific cloud security controls or
categories of controls, such as the CSA CCM.

A

Controls Model or framework

48
Q

Is a cloud security model which are templates for implementing cloud security, typically generalized (e.g.
an IaaS security reference architecture). They can be very abstract, bordering on conceptual,
or quite detailed, down to specific controls and functions.

A

Reference Architectures

49
Q

Is a cloud security model which are are reusable solutions to particular problems. In security, an example is
IaaS log management. As with reference architectures, they can be more or less abstract or
specific, even down to common implementation patterns on particular cloud platforms.

A

Design Patterns

50
Q

There are relatively straightforward and high level processes for managing cloud security. What are these?

A
  • Identify necessary security and compliance requirements, and any existing controls.
  • Select your cloud provider, service, and deployment models.
  • Define the architecture.
  • Assess the security controls.
  • Identify control gaps.
  • Design and implement controls to fill the gaps.
  • Manage changes over time.
51
Q

CSA provides two tools to help meet shared responsibility requirements. What are these?

A

Consensus Assessments Initiative Questionnaire (CAIQ)

Cloud Control Matrix