Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Next Gig > Shared Responsibility > Flashcards

Shared Responsibility Flashcards

1
Q

Describe Shared Responsibility Model in Cloud Computing WRT Security

A

Security of the cloud is the CSPs responsibility

Security in the cloud is the CSCs responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who’s responsibility is it to provide Physical Security in Cloud relative to service models?

A

IaaS, PaaS and SaaS - All CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who’s responsibility is it to provide Infrastructure Security in Cloud relative to service models?

A

IaaS - Shared Responsibility

PaaS and SaaS - CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Who’s responsibility is it to provide Platform Security in Cloud relative to service models?

A

IaaS - Customer
PaaS - Shared
SaaS - CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Who’s responsibility is it to provide Application Security in Cloud relative to service models?

A

IaaS - Customer
PaaS - Customer
SaaS - Shared

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Who’s responsibility is it to provide Data Security in Cloud relative to service models?

A

IaaS, PaaS and SaaS - All Customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who’s responsibility is it to provide Governance, Risk and Compliance in Cloud relative to service models?

A

IaaS, PaaS and SaaS - All Customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who’s responsible for Physical Networks in Cloud relative to service models?

A

IaaS, PaaS, SaaS - All CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who’s responsible for Servers and Storage in Cloud relative to service models?

A

IaaS, PaaS, SaaS - All CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who’s responsible for Hypervisor in Cloud relative to service models?

A

IaaS, PaaS, SaaS - All CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who’s responsibile for Virtual Networks in Cloud relative to service models?

A

IaaS - Customer

PaaS, SaaS - CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Who’s responsibility is the Operating System in Cloud relative to service models?

A

IaaS - Customer

PaaS, SaaS - CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Who’s responsibility is the Application in Cloud relative to service models?

A

IaaS, PaaS - Customer

SaaS - CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who’s responsible for Data in Cloud relative to service models?

A

IaaS, PaaS, SaaS - Customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Who’s responsible for what people do in Cloud relative to service models?

A

IaaS, PaaS, SaaS - Customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the Shared Responsibility items between the CSP and CSC?

A
  1. Auditability
  2. Availability
  3. Compliance
  4. Governance
  5. Interoperability
  6. Maintenance & Versioning
  7. Performance
  8. Portability
  9. Privacy
  10. Protection of PII
  11. Regulatory
  12. Resiliency
  13. Reversibility
  14. Security
  15. Service-Levels
17
Q

What does Auditability mean in the context of Shared Responsibility in the cloud between CSP and CSC?

A

Giving senior management assurance and evidence that we are doing things the correct way or due dligence.

18
Q

What does Compliance mean in the context of Shared Responsibility in the cloud between CSP and CSC?

A

A business requirement to conform to relevant laws, internal governance and external regulations. ex. PCI-DSS, HIPAA, FISMA, SOX

19
Q

What does Governance mean in the context of Shared Responsibility in the cloud between CSP and CSC?

A

Relating to processes and decisions, the business is defining actions, assigning roles and responsibilities and verifying performance.

After migration to the cloud, there may be a need to revise procedures, processes, and activities.

20
Q

What does Interoperability mean in the context of Shared Responsibility in the cloud between CSP and CSC?

A

The requirement of all the cloud components to work together to achieve the intended goal. These components need to be replaceable by new/different components from different providers and continue to work. Just as the exchange of data between systems should as well.

21
Q

What does Maintenance and Versioning mean in the context of Shared Responsibility in the cloud between CSP and CSC?

A

Maintenance refers to maintaining, upgrading, or fixing cloud services

Versioning refers to the CSP provides proper labeling of a service to the cloud service customer, so the customer knows what particular version is being used.

22
Q

What does Resiliency mean in the context of Shared Responsibility in the cloud between CSP and CSC?

A

The cloud data center and its components’ ability to continue to operate in the event of a disruption e.g. equipment failure, power outage, natural disaster

23
Q

What does Security mean in the context of Shared Responsibility in the cloud between CSP and CSC?

A

Security is the biggest concern for using the cloud and must be shared responsibility

24
Q

Cloud Service Agreement (CSA)

A

Describes the relationship between the provider and the customer that the customer must agree to

Should include explicit definitions of the roles and responsibilities and execution of processes

Provided by the CSP to the cloud customer

25
Q

Before signing an Cloud Service Agreement (CSA) what should the customer do?

A
  1. Understand R&R
  2. Evaluate business level policies
  3. Understand service and deployment model differences
  4. Identify critical performance objectives
  5. Evaluate security and privacy requirements
  6. Identify service management requirements
  7. Prepare for service failure management
  8. Understand disaster recovery plan
  9. Develop an effective governance process
  10. Understand the exit process
26
Q

Acceptable Use Policy (AUP)

A

A policy from the CSP to the customer that prohibits activities that the provider has determined is either improper or illegal use of their services

Provided by the CSP to the CSC

27
Q

Service Level Requirements (SLR)

A

Requirements for a service or KPIs from the customers point of view, provided to prospective service providers to define what services and terms are required by the customer

Customer must monitor SLA for compliance with KPIs/requirements

Document which contains the service catalogue which defines the applicable services, the service level objectives (SLO’s) associated with those available services which quantify the metrics by those services are provided and consumed

28
Q

Service Level Report

A

Insight into a service providers ability to deliver the agreed upon service quality. Used before engagement with the provider. Typically archived through audit reports.

29
Q

Service Level Agreements (SLA)

A

Documented agreement between service provider and customer to guarantee service or performance level.
It identifies services required and the expected level of service. It measures the performance of service from the customer’s point of view.

Must have penalties and underpinning contracts.

Must be auditable.

Must capture compliance requirements, best practices and general operational activities

30
Q

What should SLA’s include?

A
  1. Minimum level fo services
  2. Availability
  3. Security
  4. Serviceability
  5. Performance
  6. Communication
  7. Support
  8. Data location
  9. Disaster Recovery Processes
  10. Exit Strategy
  11. Affirm data ownership
  12. Specify data return and destruction (Reversibility)
  13. Remedies for any failure to meet the agreement (Penalties)
  14. More…
31
Q

What is the customer’s due diligence WRT to SLA? Why?

A

Read it carefully, SLAs are often written in favor of CSP not the customer

32
Q

List Types of Cloud Service Agreement

A

Customer Agreements
Acceptable Use Policies
Service Level Agreements

33
Q

Customer Agreement Components

A 
Master Agreement
Term of Service
Service Management
CSP Processes & Procedures
Roles & Responsibilities (CSP v CSC)
Process Execution
34
Q

Customer Due Diligence Items WRT Customer Service Agreements

A
  1. Understand R&R
  2. Evaluate business level policies
  3. Understand service and deployment model differences
  4. Identify critical performance objectives
  5. Prepare for service failure management
  6. Understand the DR plan
  7. Develop an effective governance process
  8. Understand the exit process
35
Q

Operational Level Agreement

A

OLA’s are forged between departments within the same organization and do not have penalties

Next Gig (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions