Siedel Chapter 1 Review Questions Flashcards
Which of the following is not a common cloud service model?
A. Software as a Service (SaaS
B. Programming as a service (PaaS)
C. Infrastructure as a service (IaaS)
D. Platform as a service (PaaS)
B. Programming as a service (PaaS)
Explanation:
Programming as a service is not a common offering; the others are ubiquitous throughout the industry
Which one of the following emerging technologies, if fully implemented, would jeopardize the security of current encryption technology?
A. Quantum computing
B. Blockchain
C. Internet of things
D. Confidential computing
A. Quantum computing
Explanation:
Quantum computing technology has the potential to unleash massive computing power that could break current encryption algorithms
Cloud vendors are held to contractual obligations with specified metrics by:
A. Service level agreements (SLAs)
B. Regulations
C. Law
D. Discipline
A. Service level agreements (SLAs)
Explanation:
SLAs specify objective measures that define what the cloud provider will deliver to the customer
______ drive security decisions
A. Customer service responses
B. Surveys
C. Business requirements
D. Public opinion
C. Business requirements
Explanation:
Security is usually not a profit center and is therefore beholden to business drivers; the purpose of security is to support the business
If a cloud customer cannot get access to the cloud provider, this affects what portion of the CIA triad?
A. Integrity
B. Authentication
C. Confidentiality
D. Availability
D. Availability
Explanation:
Availability concerns arise when legitimate users are unable to gain authorized access to systems and information. The scenario described here is depriving a legitimate user access and is, therefore an availability concern
You recently worked with a third party vendor to help you implement a SaaS offering provided by a different company. Which one of the following cloud service roles is not represented here?
A. Regulator
B. Customer
C. Provider
D. Partner
A. Regulator
Explanation:
In this scenario, there is no regulatory agency mentioned. You are the cloud customer and you are working with a cloud service partner to implement a service offered by a cloud service provider
Which of the following hypervisor types is most likely to be seen in a cloud providers data center?
A. Type 1
B. Type 2
C. Type 3
D. Type 4
A. Type 1
Explanation:
Type 1 Hypervisors or bare metal hypervisors are the most efficient form of hypervisor and the technology that is used in data center environments. Type 2 hypervisors generally run on personal computers
All of these are reasons an organization may want to consider cloud migration except ____
A. Reduced personnel costs
B. Elimination of risks
C. Reduced operational expenses
D. Increased efficiency
B. Elimination of risks
Explanation:
Risks, in general, can be reduced but never eliminated; cloud service, specifically does not eliminate risk to the cloud customer because the customer retains a great deal of risk after migration
The generally accepted definition of cloud computing includes all of the following characteristics except _____
A. On Demand Self Service
B. Negating the need for backups
C. Resource Pooling
D. Measured or metered service
B. Negating the need for backups
Explanation:
Backups are still just as important as ever, regardless of where your primary data and backups are stored
You are working on a governance project designed to make sure the different cloud services use in your organization work well together. What goal are you attempting to achieve?
A. Performance
B. Resiliency
C. Reversibility
D. Interoperability
D. Interoperability
Explanation:
Interoperability is the ability of cloud services to function well together. Resiliency is the ability of the cloud infrastructure to withstand disruptive events. Performance is the ability of the cloud service to stand up to demand. Reversibility is the ability of a customer to undo a move to the cloud
The risk that a customer might not be able to switch cloud providers at a later date is known as _____
A. Vendor closure
B. Vendor lock out
C. Vendor Lock In
D. Vendor synchronization
C. Vendor Lock In
Explanation:
Vendor lock in occurs when technical or business constraints prevent an organization from switching from one cloud vendor to another
All of these are characteristics of cloud computing except _____
A. Broad network access
B. Diminished elasticity
C. Rapid scaling
D. On demand self service
B. Diminished elasticity
Explanation:
Cloud services provide on demand self service, broad network access, rapid scalability, and increased elasticity
When a cloud customer uploads personally identifiable information (PII) to a cloud provider, who is ultimately responsible for the security of that PII?
A. Cloud provider
B. Regulators
C. Cloud customer
D. The individuals who are the subjects of PII
C. Cloud customer
Explanation:under current laws in most jurisdictions; the data owner is responsible for any breaches that result in unauthorized disclosure of PII; this includes breaches caused by contracted parties and outsourced services. The data owner is the cloud customer
We use which of the following to determine the critical paths, processes and assets of an organization?
A. Business requirements
B. Business impact analysis (BIA)
C. Risk Management Framework (RMF)
D. CIA Triad
B. Business impact analysis (BIA)
Explanation:
The BIA is designed to ascertain the value of the organizations assets and learn critical paths and processes
If an organizations owns all of the hardware and infrastructure of a cloud data center that is used only by members of that organization, which cloud deployment model would this be?
A. Private
B. Public
C. Hybrid
D. Motive
A. Private
Explanation:
Because ownership and usage are restricted to one organization, this is a private cloud
