Domain-3

Question 1

Cloud Service Consumer

Answer 1

maintains a business relationship with, and uses service from, Cloud Service Providers

Question 2

Cloud Service Provider

Answer 2

responsible for making a service available to service consumers

Question 3

Cloud Carrier

Answer 3

provides connectivity and transport of cloud services between Cloud Providers and Cloud Consumers

Question 4

Reservations

Answer 4

Guaranteed MINIMUM

Question 5

Limits

Answer 5

Absolute MAXIMUM

Question 6

Shares

Answer 6

If we fight.. we fight based on ranking !!! Used ONLY when we have a resource contention situation (too many requests, not enough resources)

Question 7

Type 1 Hypervisor

Answer 7

Bare Metal, Embedded or Native Hypervisor

Question 8

Type 2 Hypervisor

Answer 8

installed on top of the host’s operating system and

then supports other guest operating systems running above it as virtual machines

Question 9

Network traffic between VMs

Answer 9

not necessarily visible to physical network security controls, which means additional security controls may be necessary

Question 10

Virtual machines and their disk

Answer 10

are simply files residing somewhere. This means that, for example, a stopped VM is potentially accessible on a file system by third parties if no controls are applied

Question 11

Management Plane

Answer 11

Provides administrators with the ability to remotely manage

Question 12

the management plane is the most powerful tool in the entire cloud infrastructure

Answer 12

it will also integrate authentication, access control, and logging and monitoring of resources use

pathway for individual tenants who will have limited and controlled access to the cloud’s resources

Question 13

management plane’s primary interface is the API

Answer 13

both toward the resources managed as well as toward the users

graphical user interface (i.e., web page) is typically built on top of those APIs. These APIs allow automation of control tasks

Question 14

the 4 layers of Data Center Security

Answer 14

1. Perimeter Security
2. Facility Controls
3. Computer Room Controls
4. Cabinet Controls

Question 15

Perimeter security

Answer 15

discourage, detect, and delay any unauthorized entry

achieved through a high-resolution video surveillance system, motion-activated security lighting, fiber-optic cable, etc. Video content analytics (VCA) can detect individuals and objects and check for any illegal activity. Track movements of people and avoid false alarms

Question 16

Facility controls

Answer 16

the second layer of defense restricts access

card swipes or biometrics
High-resolution video surveillance and analytics can identify the person entering and also prevent tailgating
More complex VCA can read license plates, conduct facial recognition, and detect smoke and fire threats

Question 17

Computer room controls

Answer 17

restricts access through diverse verification methods including:
monitoring all restricted areas, deploying entry restrictions such as turnstile, providing VCA, providing biometric access control devices to verify finger and thumb prints, irises, or vascular pattern, and using radio frequency identification

Question 18

Cabinet controls

Answer 18

addresses the fear of an “insider threat,” such as a malicious employee

Question 19

Tier I

Answer 19

Basic Site Infrastructure

Question 20

Tier II

Answer 20

Redundant Site Infrastructure Capacity Components

Question 21

Tier III

Answer 21

Concurrently Maintainable Site Infrastructure

Question 22

Tier IV

Answer 22

Fault-Tolerant Site Infrastructure

Question 23

Vulnerability

Answer 23

weakness

Question 24

Likelihood

Answer 24

the chance something might happen

Question 25

Impact

Answer 25

what a threat will cost (quantitative/qualitative)

Question 26

Countermeasure (control)

Answer 26

the mechanism applied to minimize risk

Question 27

Residual Risk

Answer 27

remaining risk(s) after all countermeasures/controls have been applied

Question 28

Threat

Answer 28

an event or situation that if it occurred, would prevent the organization from operating in its normal manner