Practice CEH Exam - Cloud Flashcards
Your company has decided to move all of its data into the cloud. Your company is concerned about the privacy of its data due to some recent data breaches that have been in the news. Therefore, they have decided to purchase cloud storage resources that will be dedicated solely for their use. Which of the following types of clouds is your company using?
A. Hybrid
B. Private
C. Public
D. Community
B. Private
Explanation
OBJ-8.1: Private cloud refers to a cloud computing model where IT services are provisioned over private IT infrastructure for the dedicated use of a single organization. A private cloud is usually managed via internal resources. The terms private cloud and virtual private cloud (VPC) are often used interchangeably.
Which of the following types of digital forensic investigations is most challenging due to the on-demand nature of the analyzed assets?
A. Employee workstations
B. Cloud services
C. Mobile devices
D. On-premise servers
B. Cloud services
Explanation
OBJ-8.1: The on-demand nature of cloud services means that instances are often created and destroyed again, with no real opportunity for forensic recovery of any data. Cloud providers can mitigate this to some extent by using extensive logging and monitoring options. A CSP might also provide an option to generate a file system and memory snapshots from containers and VMs in response to an alert condition generated by a SIEM. Employee workstations are often the easiest to conduct forensics on since they are a single-user environment for the most part. Mobile devices have some unique challenges due to their operating systems, but good forensic tool suites are available to ease the forensic acquisition and analysis of mobile devices. On-premise servers are more challenging than a workstation to analyze, but they do not suffer from the same issues as cloud-based services and servers.
Which of the following are valid concerns when migrating to a serverless architecture? (SELECT THREE)
A. Protection of endpoint security
B. Management of VPC offerings
C. Dependency on the cloud service provider
D. Limited disaster recovery options
E. Patching of the backend infrastructure
F. Management of physical servers
A. Protection of endpoint security
C. Dependency on the cloud service provider
D. Limited disaster recovery options
Explanation
OBJ-8.1: Serverless is a modern design pattern for service delivery. With serverless, all the architecture is hosted within a cloud, but unlike “traditional” virtual private cloud (VPC) offerings, services such as authentication, web applications, and communications aren’t developed and managed as applications running on servers located within the cloud. Instead, the applications are developed as functions and microservices, each interacting with other functions to facilitate client requests. There is a heavy dependency on the cloud service provider in a serverless architecture system since all of the back-end infrastructure’s patching and management functions are done by them. An organization using such an architecture would still need to prevent compromise of the user endpoints, though the cloud service provider does not manage these. Another concern with serverless architectures is that there are limited options for disaster recovery if service provisioning fails. Patching of backend infrastructure is eliminated because the infrastructure is eliminated with serverless architectures. Once migration is complete, there are no physical servers to manage, which reduces the workload on your system administration teams.
Your organization has recently migrated to a SaaS provider for its enterprise resource planning (ERP) software. Before this migration, a weekly port scan was conducted to help validate the on-premise systems’ security. Which of the following actions should you take to validate the security of the cloud-based solution?
A. Utilize a different scanning tool
B. Utilize vendor testing and audits
C. Utilize a third-party contractor to conduct the scans
D. Utilize a VPN to scan inside the vendor’s security perimeter
B. Utilize vendor testing and audits
Explanation
OBJ-8.1: The best option is to utilize vendor testing and audits in a cloud-based environment. Most SaaS providers will not allow customers to conduct their own port scans or vulnerability scans against the SaaS service. This means you cannot scan using a VPN connection, utilize different scanning tools, or hire a third-party contractor to scan on your behalf.
What type of cloud service would provide you with a complete development and deployment environment in the cloud for you to create customized cloud-based apps?
A. PaaS
B. IaaS
C. SaaS
D. DaaS
A. PaaS
Explanation
OBJ-8.1: Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection. PaaS includes infrastructure (servers, storage, and networking) and middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS allows you to avoid the expense and complexity of buying and managing software licenses, the underlying application infrastructure and middleware, container orchestrators, or the development tools and other resources. You manage the applications and services you develop, and the cloud service provider typically manages everything else.
Which cloud computing concept is BEST described as focusing on replacing the hardware and software required when creating and testing new applications and programs from a customer’s environment with cloud-based resources?
A. PaaS
B. SaaS
C. IaaS
D. SECaaS
A. PaaS
Explanation
OBJ-8.1: Platform as a Service (PaaS) provides the end-user with a development environment without all the hassle of configuring and installing it themselves. If you want to develop a customized or specialized program, PaaS helps reduce the development time and overall costs by providing a ready to use platform.
Which of the following would a virtual private cloud infrastructure be classified as?
A. Infrastructure as a Service
B. Platform as a Service
C. Software as a Service
D. Function as a Service
A. Infrastructure as a Service
Explanation
OBJ-8.1: Infrastructure as a Service (IaaS) is a computing method that uses the cloud to provide any or all infrastructure needs. In a VPC environment, an organization may provision virtual servers in a cloud-hosted network. The service consumer is still responsible for maintaining the IP address space and routing internally to the cloud. Platform as a Service (PaaS) is a computing method that uses the cloud to provide any platform-type services. Software as a Service (SaaS) is a computing method that uses the cloud to provide users with application services. Function as a Service (FaaS) is a cloud service model that supports serverless software architecture by provisioning runtime containers to execute code in a particular programming language.
Which cloud computing concept is BEST described as focusing on the replacement of physical hardware at a customer’s location with cloud-based resources?
A. SaaS
B. PaaS
C. IaaS
D. SECaaS
C. IaaS
Explanation
OBJ-8.1: Infrastructure as a Service (Iaas) is focused on moving your servers and computers into the cloud. If you purchase a server in the cloud and then install and manage the operating system and software, this is Iaas.
Dion Training wants to install a new accounting system and is considering moving to a cloud-based solution to reduce cost, reduce the information technology overhead costs, improve reliability, and improve availability. Your Chief Information Officer is supportive of this move since it will be more fiscally responsible. Still, the Chief Risk Officer is concerned with housing all of the company’s confidential financial data in a cloud provider’s network that might be shared with other companies. Since the Chief Information Officer is determined to move to the cloud, what type of cloud-based solution would you recommend to account for the Chief Risk Officer’s concerns?
A. PaaS in a community cloud
B. SaaS in a private cloud
C. PaaS in a hybrid cloud
D. SaaS in a public cloud
B. SaaS in a private cloud
Explanation
OBJ-8.1: A SaaS (Software as a Service) solution best describes an accounting system or software used as part of a cloud service. This meets the CIO’s requirements. To mitigate the concerns of the Chief Risk Officer, you should use a private cloud solution. This type of solution ensures that the cloud provider does not comingle your data with other customers’ data and providers dedicated servers and resources for your company’s use only.
Which cloud computing concept is BEST described as focusing on the replacement of applications and programs on a customer’s workstation with cloud-based resources?
A. IaaS
B. PaaS
C. SaaS
D. DBaaS
C. SaaS
Explanation
OBJ-8.1: Software as a Service (SaaS) is used to provide web applications to end-users. This can be a calendar, scheduling, invoicing, word processor, database, or other programs. For example, Google Docs and Officer 365 are both word processing SaaS solutions.
You work for a bank interested in moving some of its operations to the cloud, but it is worried about security. You recently discovered an organization called CloudBank that was formed by 15 local banks as a way for them to build a secure cloud-based environment that can be accessed by the 15 member banks. Which cloud model BEST describes the cloud created by CloudBank?
A. Private cloud
B. Public cloud
C. Hybrid cloud
D. Community cloud
D. Community cloud
Explanation
OBJ-8.1: Community Cloud is another type of cloud computing in which the cloud setup is shared manually among different organizations that belong to the same community or area. A multi-tenant setup is developed using cloud among different organizations belonging to a particular community or group with similar computing concerns. For joint business organizations, ventures, research organizations, and tenders, a community cloud is an appropriate solution. Based on the description of 15 member banks coming together to create the CloudBank organization and its cloud computing environment, a community cloud model is most likely described.
Your company has decided to begin moving some of its data into the cloud. Currently, your company’s network consists of both on-premise storage and some cloud-based storage. Which of the following types of clouds is your company currently using?
A. Hybrid
B. Private
C. Public
D. Community
A. Hybrid
Explanation
OBJ-8.1: A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and third-party public cloud services with orchestration between these platforms.
