ALL DOMAINS EXAM SCRIPT 2025/2026 QUESTIONS AND
ANSWERS GRADED A+
✔✔Cloud OS - ✔✔Operating system designed to manage and deliver cloud services.
✔✔Cloud Portability - ✔✔Ability to move applications and data between different cloud
providers without issues.
✔✔Cloud Provider - ✔✔Entity that supplies cloud computing resources.
✔✔Cloud Service Broker - ✔✔Intermediary managing cloud services between provider
and customer.
✔✔Cloud Storage - ✔✔Service that stores data in the cloud and provides access.
✔✔Cloud - ✔✔Provides access via the internet.
✔✔Cloud Testing - ✔✔Testing applications, services, or infrastructure deployed in the
cloud.
✔✔Community Cloud - ✔✔Cloud infrastructure shared by multiple organizations with
similar needs.
✔✔Enterprise Application - ✔✔Large-scale software system designed for business
operations.
✔✔Layered Defenses - ✔✔Defense-in-depth strategy using multiple security layers
(firewalls, encryption, monitoring).
✔✔Eucalyptus - ✔✔Open-source software for building private and hybrid clouds.
✔✔FIPS 140-2 - ✔✔Federal standard defining security requirements for cryptographic
modules.
✔✔Trusted Cloud Initiative Reference Model - ✔✔Framework by Cloud Security
Alliance to secure cloud computing environments.
✔✔Vendor Lock-in - ✔✔Difficulty in moving to a new provider due to proprietary
technologies or dependencies.
✔✔Vendor Lock-out - ✔✔Being unable to access services or data because of provider
restrictions.
,✔✔Virtualization - ✔✔Technology that creates virtual versions of hardware, OS,
storage, or networks.
✔✔Sensitive Data - ✔✔Information that must be protected (e.g., PII, financial records).
✔✔Encryption - ✔✔Process of converting data into unreadable form to protect
confidentiality.
✔✔Auditing and Compliance - ✔✔Processes ensuring systems meet regulations,
policies, and security standards.
✔✔Cloud Service Provider Contracts - ✔✔Agreements outlining terms, responsibilities,
and SLAs between CSP and customer.
✔✔Hardening Devices - ✔✔Securing systems by reducing vulnerabilities and disabling
unnecessary services.
✔✔Risk appetite - ✔✔Level of risk an organization is willing to accept.
✔✔Avoidance - ✔✔Risk response strategy: eliminate or avoid exposure.
✔✔Acceptance - ✔✔Risk response strategy: acknowledge and take no action beyond
monitoring.
✔✔Transference - ✔✔Risk response strategy: shift risk to another party (e.g.,
insurance, outsourcing).
✔✔Mitigation - ✔✔Risk response strategy: reduce likelihood or impact through controls.
✔✔Resource pooling - ✔✔Cloud provider's resources shared across multiple
customers.
✔✔Broad network access - ✔✔Cloud services accessible from anywhere over the
internet.
✔✔Rapid elasticity - ✔✔Ability to quickly scale resources based on demand.
✔✔Measured service meters - ✔✔Cloud resources monitored and billed per usage.
✔✔On-demand self-service - ✔✔Customers provision computing resources
automatically without provider interaction.
✔✔Multitenancy - ✔✔Multiple customers share the same infrastructure securely.
, ✔✔ISO/IEC 17788 - ✔✔International standard defining cloud computing concepts and
terminology.
✔✔NIST 500-292 - ✔✔NIST cloud computing reference architecture.
✔✔Infrastructure - ✔✔Physical/virtual resources like servers, networks, and storage.
✔✔Metastructure - ✔✔Interfaces and services controlling interactions between
infrastructure and applications.
✔✔Applistructure - ✔✔Applications and software built on cloud platforms.
✔✔Traditional Computing - ✔✔On-premises, hardware-based IT model managed by
organization.
✔✔Shared responsibility model - ✔✔Defines division of security/management duties
between CSP and customer.
✔✔Consensus Assessments Initiative Questionnaire (CAIQ) - ✔✔Standardized
questionnaire to assess cloud provider security.
✔✔Cloud Controls Matrix (CCM) - ✔✔Security control framework for cloud providers by
Cloud Security Alliance.
✔✔ISO 31000:2009 - ✔✔International standard for risk management principles and
guidelines.
✔✔ISO/IEC 31010:2009 - ✔✔International standard for risk assessment techniques.
✔✔NIST Special Publication 800-37 - ✔✔Guide for applying risk management
framework (RMF) to federal information systems.
✔✔ISO/IEC 27018 - ✔✔International standard for protecting personally identifiable
information (PII) in public cloud services.
✔✔ISO/IEC 27036 - ✔✔International standard for information security in supplier
relationships.
✔✔Directive 95/46/EC - ✔✔EU Data Protection Directive (predecessor to GDPR)
regulating personal data processing.
✔✔Safe Harbor - ✔✔Former agreement between EU and US on personal data transfer
(replaced by Privacy Shield/GDPR).
ANSWERS GRADED A+
✔✔Cloud OS - ✔✔Operating system designed to manage and deliver cloud services.
✔✔Cloud Portability - ✔✔Ability to move applications and data between different cloud
providers without issues.
✔✔Cloud Provider - ✔✔Entity that supplies cloud computing resources.
✔✔Cloud Service Broker - ✔✔Intermediary managing cloud services between provider
and customer.
✔✔Cloud Storage - ✔✔Service that stores data in the cloud and provides access.
✔✔Cloud - ✔✔Provides access via the internet.
✔✔Cloud Testing - ✔✔Testing applications, services, or infrastructure deployed in the
cloud.
✔✔Community Cloud - ✔✔Cloud infrastructure shared by multiple organizations with
similar needs.
✔✔Enterprise Application - ✔✔Large-scale software system designed for business
operations.
✔✔Layered Defenses - ✔✔Defense-in-depth strategy using multiple security layers
(firewalls, encryption, monitoring).
✔✔Eucalyptus - ✔✔Open-source software for building private and hybrid clouds.
✔✔FIPS 140-2 - ✔✔Federal standard defining security requirements for cryptographic
modules.
✔✔Trusted Cloud Initiative Reference Model - ✔✔Framework by Cloud Security
Alliance to secure cloud computing environments.
✔✔Vendor Lock-in - ✔✔Difficulty in moving to a new provider due to proprietary
technologies or dependencies.
✔✔Vendor Lock-out - ✔✔Being unable to access services or data because of provider
restrictions.
,✔✔Virtualization - ✔✔Technology that creates virtual versions of hardware, OS,
storage, or networks.
✔✔Sensitive Data - ✔✔Information that must be protected (e.g., PII, financial records).
✔✔Encryption - ✔✔Process of converting data into unreadable form to protect
confidentiality.
✔✔Auditing and Compliance - ✔✔Processes ensuring systems meet regulations,
policies, and security standards.
✔✔Cloud Service Provider Contracts - ✔✔Agreements outlining terms, responsibilities,
and SLAs between CSP and customer.
✔✔Hardening Devices - ✔✔Securing systems by reducing vulnerabilities and disabling
unnecessary services.
✔✔Risk appetite - ✔✔Level of risk an organization is willing to accept.
✔✔Avoidance - ✔✔Risk response strategy: eliminate or avoid exposure.
✔✔Acceptance - ✔✔Risk response strategy: acknowledge and take no action beyond
monitoring.
✔✔Transference - ✔✔Risk response strategy: shift risk to another party (e.g.,
insurance, outsourcing).
✔✔Mitigation - ✔✔Risk response strategy: reduce likelihood or impact through controls.
✔✔Resource pooling - ✔✔Cloud provider's resources shared across multiple
customers.
✔✔Broad network access - ✔✔Cloud services accessible from anywhere over the
internet.
✔✔Rapid elasticity - ✔✔Ability to quickly scale resources based on demand.
✔✔Measured service meters - ✔✔Cloud resources monitored and billed per usage.
✔✔On-demand self-service - ✔✔Customers provision computing resources
automatically without provider interaction.
✔✔Multitenancy - ✔✔Multiple customers share the same infrastructure securely.
, ✔✔ISO/IEC 17788 - ✔✔International standard defining cloud computing concepts and
terminology.
✔✔NIST 500-292 - ✔✔NIST cloud computing reference architecture.
✔✔Infrastructure - ✔✔Physical/virtual resources like servers, networks, and storage.
✔✔Metastructure - ✔✔Interfaces and services controlling interactions between
infrastructure and applications.
✔✔Applistructure - ✔✔Applications and software built on cloud platforms.
✔✔Traditional Computing - ✔✔On-premises, hardware-based IT model managed by
organization.
✔✔Shared responsibility model - ✔✔Defines division of security/management duties
between CSP and customer.
✔✔Consensus Assessments Initiative Questionnaire (CAIQ) - ✔✔Standardized
questionnaire to assess cloud provider security.
✔✔Cloud Controls Matrix (CCM) - ✔✔Security control framework for cloud providers by
Cloud Security Alliance.
✔✔ISO 31000:2009 - ✔✔International standard for risk management principles and
guidelines.
✔✔ISO/IEC 31010:2009 - ✔✔International standard for risk assessment techniques.
✔✔NIST Special Publication 800-37 - ✔✔Guide for applying risk management
framework (RMF) to federal information systems.
✔✔ISO/IEC 27018 - ✔✔International standard for protecting personally identifiable
information (PII) in public cloud services.
✔✔ISO/IEC 27036 - ✔✔International standard for information security in supplier
relationships.
✔✔Directive 95/46/EC - ✔✔EU Data Protection Directive (predecessor to GDPR)
regulating personal data processing.
✔✔Safe Harbor - ✔✔Former agreement between EU and US on personal data transfer
(replaced by Privacy Shield/GDPR).
