CCSK - V4 and ENISA Questions With Complete Solutions Graded A+

What is the standard cloud computing model used here? - NIST (National Institute of Standards and Technology, a US federal agency); the ISO definition is similar. What are the five essential characteristics that NIST uses to define cloud computing? - 1) broad network access 2) rapid elasticity 3) measured service 4) on-demand self service 5) resource pooling What are the four cloud deployment models defined by NIST? - 1) Public 2) Private 3) Hybrid 4) Community What is a cloud broker? - Entity that manages the use, performance, and delivery of cloud services (and negotiates relationship with customer) What is the Jericho Cloud Cube Model? - Four dimensions to differentiate cloud (or IT) formations: 1) External/Internal (physical location) 2) Proprietary/Open (technology) 3) Perimiterized/De-perimiterized (within firewall) 4) Outsourced/Insourced What is the CSA Cloud Reference Model? - The service models fit in an architectural framework (where APIs are an important access mechanism) What is Multi-tenancy (in the ISO definition) - The characteristic of multiple independent consumers sharing resources, which implies a need for certain controls. What are SLAs for? - Important control to allocate responsibility between consumer and provider. Shared responsibility model.How do characteristics introduce risk? - Broad network access introduces the client device and the network as new sources of risk. Rapid Elasticity brings availability risks. Measured service can bring licensing risk. Resource pooling brings isolation related risks. On-demand self service introduces risks around who can control what. What are Security concerns for hypervisor architecture? - VM hosts and guests need to be hardened; Hypervisor software and provenance is highest risk area. What do you need to know about AV? - Don't run AV scan inside VM; use hypervisor aware products. What are blind spots? - Inter VM communication may not be visible in the physical network (i.e. through virtual switch or side channel) leading to blind spots. What are VM isolation (compartmentalization) techniques? - LANs, IDS/IPS, Firewalls, zoning (combinations may be required for compliance)