Chapter 10

Question 1

Oversubscription

Answer 1

When demand exceeds available supply.

Question 2

Multitenancy

Answer 2

Many users sharing resources in the same cloud infrastructure.

Question 3

On Demand Self-Service Computing

Benefits of the Cloud

Answer 3

Cloud resources are available when and where you need them.

Question 4

Scalability

Benefits of the Cloud

Answer 4

A principle of application resilience that says that applications should be designed so that computing resources they require may be incrementally added to support increasing demand.

Question 5

Elasticity

Benefits of the Cloud

Answer 5

A principle of system resilience, which says that systems should be able to automatically provision resources to scale when necessary and then automatically deprovision those resources to reduce capacity (and cost) when it is no longer needed.

Question 6

Measured Service

Benefits of the Cloud

Answer 6

Everything you do in the cloud is measured by the provider. You pay exactly for what is used.

Question 7

Agility and Flexibility

Benefits of the Cloud

Answer 7

The speed to provision cloud resources and the ability to use them for short periods of time.

Question 8

Cloud Service Providers

Cloud Roles

Answer 8

The firms that offer cloud computing services to their customers.

Question 9

Cloud Consumers

Cloud Roles

Answer 9

The organizations and individuals that purchase cloud services from cloud service providers.

Question 10

Cloud Partners

Cloud Roles

Answer 10

Also known as Cloud Brokers. Organizations that offer ancillary products or services that support or integrate with the offerings of a cloud service provider.

Question 11

Cloud Auditors

Cloud Roles

Answer 11

Independent organizations that provide third-party assessments of cloud services and operations.

Question 12

Cloud Carriers

Cloud Roles

Answer 12

Serve as the intermediaries that provide the connectivity that allows the delivery of cloud services from providers to consumers.

Question 13

Infrastructure as a Service (IaaS)

Cloud Service Models

Answer 13

A model of cloud computing that utilizes virtualization; clients pay an outsourcer for the resources used.

Question 14

Software as a Service (SaaS)

Cloud Service Models

Answer 14

A derivative of platform as a service that provides on-demand online access to specific software applications or suites without the need for local installation (or even local hardware and operating system requirements in many cases).

Question 15

Platform as a Service (Paas)

Cloud Service Models

Answer 15

A cloud service model in which the consumer can deploy tools using a platform but does not manage or control any of the underlying cloud infrastructure.

Question 16

Function as a Service (FaaS)

Cloud Service Models - PaaS

Answer 16

An example of platform-as-a-service (PaaS) computing that allows customers to upload their own code functions to the provider; the provider will then execute those functions on a scheduled basis, in response to events, and/or on demand.

Question 17

Serverless Computing Environments

FaaS

Answer 17

An approach that does not expose customers to the actual server instances executing their code.

Question 18

Managed Service Providers (MSPs)

`

Answer 18

Services organizations that provide information technology as a service to their customers. MSPs may handle an organization’s IT needs completely, or they may offer focused services such as network design and implementation, application monitoring, or cloud cost management.

Question 19

Managed Security Service Providers (MSSPs)

Answer 19

When MSPs offer security services, they are called MSSPs

Question 20

Public Cloud

Cloud Deployment Models

Answer 20

Deploy infrastructure and then make it accessible to any customers who wish to take advantage of it in a multitenant model. A cloud delivery model available to others.

Question 21

Private Cloud

Cloud Deployment Models

Answer 21

A cloud delivery model owned and managed internally. Provisioned to be used by a single customer.

Question 22

Community Cloud

Cloud Deployment Models

Answer 22

Cloud delivery model in which the infrastructure is shared by organizations with something in common.

Question 23

Hybrid Cloud

Cloud Deployment Models

Answer 23

Any cloud delivery model that combines two or more of the other delivery model types.

Question 24

Bursting

Cloud Deployment Models

Answer 24

Leveraging public cloud capacity when demand exceeds the capacity of private cloud infrastructure.

Question 25

Cloud Bursting

Answer 25

Moving the execution of an application to the cloud on an as-needed basis.

Question 26

Centralized Approach

Answer 26

Refers to security management where all detection, monitoring, and decision-making functions are controlled from a single location.

Question 27

Decentralized Approach

Answer 27

An approach that reduces single points of failure by spreading technology components across multiple providers.

Question 28

Shared Responsibility Model

Answer 28

An operating environment that divides responsibilities between one or more service providers and the customers’ own cybersecurity teams.

Question 29

Responsibility Matrix

Answer 29

A chart that shows the common division of responsibilities between customers and vendors in IaaS, PaaS, and SaaS environments.

Question 30

Edge Computing

Answer 30

An approach that seeks to address the issue of sensors in remote location with poor connectivity by placing some processing power on the remote sensors, allowing them to preprocess data before shipping it back to the cloud.

Question 31

Fog Computing

Answer 31

A concept that uses Internet of Things (IoT) gateway devices that are located in close physical proximity to the sensors. The sensors don't have processing power, but they send data to their local gateway device that performs preprocessing before sending it to the cloud.

Question 32

Virtualization Technology

Answer 32

Emulating one or more physical computers on the same host.

Question 33

Hypervisor

Answer 33

This software helps virtual machines share and use the physical hardware of a computer efficiently. It makes sure each virtual machine gets the resources it needs, like memory and processing power, without interfering with others.

Question 34

Type I Hypervisor

Answer 34

Also known as bare-metal hypervisors. A hypervisor that provides virtualization by running directly on bare-metal hardware.

Question 35

Type II Hypervisor

Answer 35

A hypervisor that provides virtualization by running as an application supported by a host operating system.

Question 36

Containerization

Answer 36

A method of isolating applications and their dependencies into self-contained units called containers.

Question 37

Container ## Footnote Containerization

Answer 37

A method of packaging applications and their dependencies into isolated environments. This ensures that applications run consistently across different systems, regardless of the underlying infrastructure.

Question 38

Block Storage ## Footnote Cloud Storage Resources

Answer 38

Allocates large volumes of storage for use by virtual server instance(s).

Question 39

Elastic Block Storage (EBS) service ## Footnote Cloud Storage Resources

Answer 39

Samething as block storage just that it's offered by AWS.

Question 40

Object Storage ## Footnote Cloud Storage Resources

Answer 40

Provides customers with the ability to place files in buckets and treat each file as an independent entity that may be accessed over the web or through the provider’s API. ## Footnote AWS Simple Storage Service (S3) as an example of this.

Question 41

What are three key security considerations when working with cloud storage?

Answer 41

-Set Permissions Properly -Consider high availability and durability options -Use encryption to protect sensitive data

Question 42

Software-defined network (SDN)

Answer 42

A network that is controlled and configured using code and software.

Question 43

Software-defined visibility (SDV)

Answer 43

A code-defined visibility infrastructure.

Question 44

Security Groups

Answer 44

A feature that defines permissible network traffic.

Question 45

Segmentation

Answer 45

The process of dividing a network into smaller sections (segments or subnets) to improve performance, reduce congestion, and enhance security by isolating traffic. This can be done using VLANs, routers, or firewalls.

Question 46

Vritual Private Clouds (VPCs)

Answer 46

A “datacenter in the cloud,” a VPC is used in Infrastructure as a Service (IaaS) environments as the network that is defined for an organization as their cloud environment.

Question 47

Transit Gateway

Answer 47

Allow the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations.

Question 48

VPC endpoint

Answer 48

Allow the connection of VPCs to each other using the cloud provider's secure network backbone.

Question 49

Infrastructure as Code (IaC)

Answer 49

The process of managing and provisioning computer data centers through machine-readable definition files.

Question 50

Microservices

Answer 50

Cloud service offerings that provide very granular functions to other services, often through a function- as- a- service model. These microservices are designed to communicate with each other in response to events that take place in the environment.

Question 51

Data Sovereignty

Answer 51

A principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed.

Question 52

Virtual Machine (VM) Escape

Answer 52

The process of breaking out of the constraints of a virtual machine environment to attack or compromise the host system or software.

Question 53

Virtual machine (VM) sprawl

Answer 53

An issue that occurs when virtual machine users create virtual machine instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time.

Question 54

Resource Reuse

Answer 54

Occurs when cloud providers take hardware resources that were originally assigned to one customer and reassign them to another customer.

Question 55

API Inspection

Answer 55

A technology that scrutinizes API requests for security issues.

Question 56

Secure Web Gateways (SWGs)

Answer 56

Protects organizations from web-based threats by filtering and inspecting internet traffic before allowing access. It acts as a checkpoint between users and the internet, enforcing security policies to block malicious content, prevent data breaches, and ensure compliance.

Question 57

Auditability

Answer 57

Cloud computing contracts that should include language guaranteeing the right of the customer to audit cloud service providers.

Question 58

Cloud Access Security Brokers (CASBs)

Answer 58

Software tools that serve as intermediaries between cloud service users and providers.

Question 59

Inline CASB solutions

Answer 59

Cloud Access Security Broker solutions that physically or logically reside in the connection path between the user and the service.

Question 60

API-Based CASB Solutions

Answer 60

Cloud Access Security Broker solutions that do not interact directly with the user but rather interact directly with the cloud provider through the provider’s API.

Question 61

Resource Policies

Answer 61

Policies offered by cloud providers that customers use to limit the actions that users of their accounts may take.

Question 62

Hardware Security Modules (HSMs)

Answer 62

Special purpose computing devices that manage encryption keys and also perform cryptographic operations in a highly efficient manner.