Matt Walker - Chapter 9 Flashcards
8.1.Implementing cloud computing provides many benefits. Which of the following is the best choice of a security principle applicable to implementing cloud security?
A. Need to know
B. Least privilege
C. Job rotation
D. Separation of duties
1.D. Job Rotation
While implementing cloud computing doesn’t fully address separation of duties, of the choices provided it’s the only one that makes sense. The cloud, by its nature, can separate the data owner from the data custodian (the cloud provider assumes the role).
8.2. Which of the following best represents SOA?
A. File server
B.An application containing both the user interface and the code allowing access to the data
C.An API that allows different components to communicate
D. A single database accessed by multiple sources
2.C. An API that allows different components to communicate
Service Oriented Architecture (SOA) is all about software components delivering information to one another on a network, and this is the best available answer.
8.3.Which cloud computing model is geared toward software development?
A. IaaS
B. PaaS
C. SaaS
D. Private
3.B. PaaS
PaaS provides a development platform that allows subscribers to develop applications without building the infrastructure it would normally take to develop and launch software.
8.4.Amazon’s EC2 provides virtual machines that can be controlled through a service API. Which of the following best defines this service?
A. IaaS
B. PaaS
C. SaaS
D. Public
4.A. IaaS
Amazon’s EC2 provides resizable compute capacity in the cloud via VMs that can be controlled via an API, thus fitting the definition of IaaS.
8.5.Google Docs and Salesforce CRM are two examples of which cloud computing model?
A. IaaS
B. PaaS
C. SaaS
D. Public
5.C. SaaS
Software as a Service best describes this. SaaS is simply a software distribution model—the provider offers on-demand applications to subscribers over the Internet.
8.6.Which of the following cloud computing attacks can be best described as a CSRF attack?
A. Session riding
B. Side channel
C. Cross-guest VM breach
D. Hypervisor attack
6.A. Session Riding
Session riding is simply CSRF under a different name and deals with cloud services instead of traditional data centers.
8.7.Which of the following best describes a wrapping attack?
A. CSRF-type attack against cloud computing resources.
B.An attack that involves leveraging a new or existing VM on a physical device against another VM.
C.A SOAP message is intercepted, data in the envelope is changed, and then the data is sent/replayed.
D.The virtual machine management system on the physical machine is corrupted or administrative control is gained over it.
7.C. SOAP message is intercepted, data in the envelope changed and then the data is resent/replayed.
Wrapping attacks involve messing with SOAP messages and replaying them as legitimate.
8.8.In the NIST Cloud Computing Reference Architecture, which of the following has the responsibility of transmitting the data?
A. Cloud provider
B. Cloud carrier
C. Cloud broker
D. Cloud consumer
8.B. Cloud Carrier
Akin to the power distributor for the electric grid, the carrier is the intermediary for connectivity and transport between subscriber and provider.
8.9.In the NIST Cloud Computing Reference Architecture, which component acts to manage use, performance, and delivery of cloud services, as well as the relationships between providers and subscribers?
A. Cloud provider
B. Cloud carrier
C. Cloud broker
D. Cloud consumer
9.C. Cloud Broker
Per SP 500-292, the broker “acts as the intermediate between consumer and provider and will help consumers through the complexity of cloud service offerings and may also create value added cloud services as well.”
8.10.In the NIST Cloud Computing Reference Architecture, which component acquires and uses cloud products and services?
A. Cloud provider
B. Cloud carrier
C. Cloud broker
D. Cloud consumer
10.D. Cloud Consumer
The consumer is the subscriber, who engages a provider for services.
