1. Architectural Concepts and Design Requirements Domain Flashcards
Which of the following are attributes of cloud computing?
A. Minimal management effort and shared resources
B. High cost and unique resources
C. Rapid provisioning and slow release of resources
D. Limited access and service provider interaction
Answer: A
Explanation:
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
N.I.S.T Definition of Cloud Computing
Which of the following are distinguishing characteristics of a Managed Service Provider?
A. Have some form of a Network Operations Center but no help desk
B. Be able to remotely monitor and manage objects for the customer and reactively maintain these objects under management
C. Have some form of a help desk but no Network Operations Center
D. Be able to remotely monitor and manage objects for the customer and proactively maintain these objects under management
Answer: D
Explanation:
According to the MSP Alliance, typically, MSPs will have the following distinguishing characteristics:
• Have some form of Network Operation Center (NOC) service
• Have some form of help desk service
• Be able to remotely monitor and manage all or a majority of the objects for the customer
• Proactively maintain the objects under management for the customer
• Delivery of these solutions with some form of predictable billing model, where the customer knows with great accuracy what their regular IT management expense will be
====
Which of the following are cloud computing roles?
A. Cloud Customer and Financial Auditor
B. Cloud Provider and Backup Service Provider
C. Cloud Service Broker and User
D. Cloud Service Auditor and Object
Answer: B
Explanation:
The following groups form the key roles and functions associated with cloud computing. They do not constitute an exhaustive list, but highlight the main roles and functions within cloud computing:
• Cloud Customer: An individual or entity that utilizes or subscribes to cloud-based services or resources.
• Cloud Provider: A company that provides cloud-based platform, infrastructure, application, or storage services to other organizations and/or individuals, usually for a fee, otherwise known to clients “As a Service.”
• Cloud Backup Service Provider: A third-party entity that manages and holds operational responsibilities for cloud-based data backup services and solutions to customers from a central data center.
• Cloud Services Broker (CSB): Typically a third-party entity or company that looks to extend or enhance value to multiple customers of cloud-based services through relationships with multiple cloud service providers. It acts as a liaison between cloud services customers and cloud service providers, selecting the best provider for each customer and monitoring the services. The CSB can be utilized as a “middleman” to broker the best deal and customize services to the customer’s requirements. May also resell cloud services.
• Cloud Service Auditor: Third party organization that verifies attainment of SLAs.
Which of the following are essential characteristics of cloud computing? (Choose two)
A. On-demand self service
B. Unmeasured service
C. Resource isolation
D. Broad network access
Answer: A and D
Explanation:
According to the NIST Definition of Cloud Computing, the essential characteristics of cloud computing are:
• On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
• Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
• Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.
• Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
• Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
Which of the following are considered to be the building blocks of cloud computing?
A. Data, Access Control, Virtualization and Services
B. Storage, Networking, Printing and Virtualization
C. CPU, RAM, Storage and Networking
D. Data, CPU, RAM and Access Control
Answer: C
Explanation:
The building blocks of cloud computing are comprised of RAM, CPU, storage and networking.
When using an Infrastructure as a Service solution, what is the capability provided to the customer?
A. To provision processing, storage, networks, and other fundamental computing resources where the consumer is not able to deploy and run arbitrary software, which can include operating systems and applications.
B. To provision processing, storage, networks, and other fundamental computing resources where the provider is able to deploy and run arbitrary software, which can include operating systems and applications.
C. To provision processing, storage, networks, and other fundamental computing resources where the auditor is able to deploy and run arbitrary software, which can include operating systems and applications.
D. To provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.
Answer: D
Explanation:
According to the NIST Definition of Cloud Computing, in IaaS, “the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).”
When using an Infrastructure as a Service solution, what is a key benefit provided to the customer?
A. Usage is metered and priced on the basis of units consumed.
B. The ability to scale up infrastructure services based on projected usage.
C. Increased energy and cooling system efficiencies.
D. Cost of ownership is transferred.
Answer: A
Explanation:
Infrastructure as a Service has a number of key benefits for organizations, which include but are not limited to:
• Usage is metered and priced on the basis of units (or instances) consumed. This can also be billed back to specific departments or functions.
• The ability to scale up and down of infrastructure services based on actual usage. This is particularly useful and beneficial where there are significant spikes and dips within the usage curve for infrastructure.
• Reduced cost of ownership. There is no need to buy any assets for everyday use, no loss of asset value over time, and reduced costs of maintenance and support.
• Reduced energy and cooling costs along with “Green IT” environment effect with optimum use of IT resources and systems.
When using a Platform as a Service solution, what is the capability provided to the customer?
A. To deploy onto the cloud infrastructure provider-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
B. To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The provider does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
C. To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
D. To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the consumer. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
Answer: C
Explanation:
According to the NIST Definition of Cloud Computing, in PaaS, “the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.”
What is a key capability or characteristic of Platform as a Service?
A. Support for a homogenous hosting environment.
B. Ability to reduce lock-in.
C. Support for a single programming language.
D. Ability to manually scale.
Answer: B
Explanation:
Platform as a Service should have the following key capabilities and characteristics:
• Support multiple languages and frameworks: PaaS should support multiple programming languages and frameworks, thus enabling the developers to code in whichever language they prefer or the design requirements specify.
In recent times, significant strides and efforts have been taken to ensure that open source stacks are both supported and utilized, thus reducing “lock-in” or issues with interoperability when changing cloud providers.
• Multiple hosting environments: The ability to support a wide choice and variety of underlying hosting environments for the Platform is key to meeting customer requirements and demands. Whether public cloud, private cloud, local hypervisor, or bare metal, supporting multiple hosting environments allows the application developer or administrator to migrate their application when and as required. This can also be used as a form of contingency and continuity and to ensure the ongoing availability.
• Flexibility: Traditionally, Platform providers provided features and requirements that they felt suited the client requirements, along with what suited their service offering and positioned them as the provider of choice, with limited options for the customers to move easily.
This has changed drastically, with extensibility and flexibility now afforded to meeting the needs and requirements of developer audiences. This has been heavily influenced by open source, which allows relevant plugins to be quickly and efficiently introduced into the Platform.
• Allow choice and reduce “lock-in”: Learning from previous horror stories and restrictions, proprietary meant red tape, barriers, and restrictions on what developers could do when it came to migration or adding features and components to the Platform. While the requirement to code to specific APIs was made available by the provider, they could run their apps in various environments based on commonality and standard API structures, ensuring a level of consistency and quality for customers and users.
• Ability to “auto-scale”: This enables the application to seamlessly scale up and down as required to accommodate the cyclical demands of users. The Platform will allocate resources and assign these to the Application as required. This serves as a key driver for any seasonal organizations that experience “spikes” and “drops” in usage.
When using a Software as a Service solution, what is the capability provided to the customer?
A. To use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
B. To use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
C. To use the consumer’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
D. To use the consumer’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Answer: A
Explanation:
According to the NIST Definition of Cloud Computing, in SaaS, “The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.”
What are the four cloud deployment models?
A. Public, Internal, Hybrid and Community
B. External, Private, Hybrid and Community
C. Public, Private, Joint and Community
D. Public, Private, Hybrid and Community
Answer: D
Explanation:
According to the NIST Definition of Cloud Computing, the Cloud deployment models are:
• Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
• Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
• Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
• Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
What are the six stages of the cloud secure data lifecycle?
A. Create, Use, Store, Share, Archive and Destroy
B. Create, Store, Use, Share, Archive and Destroy
C. Create, Share, Store, Archive, Use and Destroy
D. Create, Archive, Use, Share, Store and Destroy
Answer: B
Explanation:
As with systems and other organizational assets, data should have a defined and managed life cycle across the following key stages:
• Create: Generation of new digital content or the modification of existing content
• Store: Commit data to storage repository; typically occurs directly after creation
• Use: Data is viewed, processed, or otherwise used in some sort of activity (not including modification)
• Share: Information made accessible to others – users, partners, customers, etc.
• Archive: Data leaves active use and enters long-term storage
• Destroy: Data permanently destroyed using physical or digital means
What are SOCI/SOCII/SOCIII?
A. Risk Management frameworks
B. Access Controls
C. Audit reports
D. Software Development phases
Answer: C
Explanation:
- SOC 1: A SOC 1 is a report on controls at a service organization that may be relevant to user entities internal control over financial reporting.
- SOC II: A SOC II report is based on the existing SysTrust and WebTrust principles. The purpose of a SOC II report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality or privacy.
- SOC III: A SOC III report is also based on the existing SysTrust and WebTrust principles, like a SOC II report. The difference is that the SOC III report does not detail the testing performed.
What are the five Trust Services Principles?
A. Security, Availability, Processing Integrity, Confidentiality and Privacy
B. Security, Auditability, Processing Integrity, Confidentiality and Privacy
C. Security, Availability, Customer Integrity, Confidentiality and Privacy
D. Security, Availability, Processing Integrity, Confidentiality and Non-repudiation
Answer: A
Explanation:
SOC II Reporting was specifically designed for IT-managed service providers and cloud computing. The report specifically addresses any number of the five so-called “Trust Services Principles,” which are: o Security (the system is protected against unauthorized access, both physical and logical) o Availability (the system is available for operation and use as committed or agreed) o Processing Integrity (system processing is complete, accurate, timely, and authorized) o Confidentiality (information designated as confidential is protected as committed or agreed) o Privacy (personal information is collected, used, retained, disclosed, and disposed of in conformity with the provider’s Privacy Policy)
What is a security related concern for a Platform as a Service solution?
A. Virtual Machine attacks
B. Web application security
C. Data access and policies
D. System/Resource isolation
Answer: D
Explanation:
Platform as a Service (PaaS) Security concerns are focused on the following areas:
- System/Resource Isolation
- User Level Permissions
- User Access Management
- Protection Against Malware/ Backdoors/Trojans
