WGU - MANAGING CLOUD SECURITY - C838| 432 QUESTIONS WITH VERIFIED SOLUTIONS.

What are the 4 characteristics of cloud computing? Broad network access On-demand services Resource Pooling Measured or "metered" service What NIST publication number defines cloud computing? 800-145 What ISO/IEC standard provides information on cloud computing? 17788 What is another way of describing a functional business requirement? necessary What is another way of describing a nonfunctional business requirement? not necessary What is the greatest driver pushing orgs to the cloud? Cost savings What is cloud bursting? Ability to increase available cloud resources on demand What are 3 characteristics of cloud computing? Elasticity Simplicity Scalability What is a cloud customer? Anyone purchasing cloud services What is a cloud user? Anyone using cloud services What are the three cloud computing service models? SaaS(Software as a service) PaaS(Platform as a service) IaaS(Infrastructure as a service) What is IaaS (Infrastructure as a Service)? Cloud provider provides all the physical capability and administration, while the customer is responsible for logical resources. What is PaaS (Platform as a Service)? A cloud computing service that provides the hardware and the operating system and is responsible for updating and maintaining both. What is SaaS (Software As A Service)? Cloud provider manages everything. What are the four cloud deployment models? Public Private Community Hybrid What cloud model is owned by a single organization? Private What cloud model is an arrangement of two or more cloud servers? Hybrid What cloud model is a shared setup between orgs? Community What cloud model is open for free usage? Public What is a cloud service provider? Cloud service provider manages and provides entire hosting ability What is a Cloud Access Security Broker? Third-party acting as an intermediary for identity and access management What do regulators do? Ensure organizations are in compliance with regulatory framework. What word in the CIA triad describes: What protects information from unauthorized access/dissemination? Confidentiality What word in the CIA triad describes: Ensuring that information is not subject to unauthorized modification? Integrity What word in the CIA triad describes: Ensuring that authorized users can access the information when they are permitted to do so? Availability What is a cloud architect? Expert in cloud computing What is cloud os also known as? PaaS NIST standard number that lists accredited and outmoded cryptosystems FIPS 140-2 customer may be unable to leave, migrate, or transfer to an alternate provider due to technical or non-technical constraints. vendor lock-m What is cloud migration? Process of transitioning part of a company's data or services from onsite premises to the cloud What is cloud portability? Move applications and data between cloud providers What offers a degree of assurance that nobody w/o authorization will be able to access other's data? Encryption If a cloud customer wants a secure, isolated sandbox in order to conduct software development and testing, which cloud service model would probably be best? PaaS What technology has NOT made cloud service viable? Smart hubs What determines the critical paths, processes, and assets of an organization? BIA Fully-operational environment with very little maintenance or administration necessary, which cloud service model would probably be best? PaaS customer is unable to recover or access their own data due to the cloud provider going into bankruptcy or otherwise leaving the market. Vendor lock-out What are four examples of things to know to decide how to handle risks within an org? Inventory of all assets Valuation of each asset Critical paths, processes, and assets Clear understanding of risk appetite T/F: Assets are only tangible items. False. Assets are everything owned or controlled by an org. The process of evaluating assets? Business Impact Analysis(BIA) What is criticality? Something an org could not operate or exist without What are 5 examples of criticality for an org Tangible assets Intangible assets Processes Data paths Personnel In risk, what is the avoidance method? Avoiding high risk In risk, what is the acceptance method? Acceptable level of risk In risk, what is an example of the avoidance method? Insurance In risk, what is the mitigation method? Controls or countermeasures Assets can be what? Tangible Intangible Personnel What does Business Impact Analysis do? Defines which of the assets provide the intrinsic value of an organization. What is risk appetite Level, Amount, or Type of risk that an org finds acceptable What is the IaaS boundary? The provider is responsible for connectivity and power and the customer is in charge for installation of software. What is the PaaS boundary? The provider is responsible for updates and administration of the OS and the customer monitors and reviews software events. What is the SaaS boundary? The provider is responsible for system maintenance and the customer supplies and processes data to and in the system. What should encryption be used for in a cloud datacenter? Long-term storage/archiving Protecting near-term stored files, such as snapshots of virtualized instances Preventing unauthorized access to specific datasets by authorized personnel What should encryption be used for in communications between cloud providers and users? Creating secure sessions Ensuring the integrity and confidentiality of data in transit What are 4 controls/mechanisms a cloud provider should play a role in in layered defense? Strong personnel controls Technological controls Physical controls Governance mechanisms In cloud layered defense what are examples of personnel controls? background checks continual monitoring In cloud layered defense what are examples of technological controls? encryption event logging access control enforcement In cloud layered defense what is an examples of physical controls? access to overall campus In cloud layered defense what is an example of governance mechanisms? auditing What are ways for securing devices in a datacenter? Guess accounts removed no default passwords systems are patched, maintained and updated unused ports are closed limited physical access What is layered defense? The practice of having multiple overlapping means of securing the environment with a variety of methods Who determines risk appetite? senior management Experimental technology of processing encrypted data w/o decrypting it first? Homomorphic T/F: Data owners remain legally responsible for all data they own True What are four ways an org might categorize data? Regulatory compliance business function function unit by project What are three examples of classification? sensitivity jurisdiction criticality What is a data owner? Collects or creates the data, and possesses the rights and responsibilities of the data What is a data custodian? Manipulates, stores, or moves the data, and serves as a cloud provider