Managing Cloud Security - C838 QUESTIONS WITH COMPLETE SOLUTIONS

Eucalyptus correct answer: Open source cloud computing and IaaS platform for enabling private clouds Apache Cloud Stack correct answer: Open source cloud computing and IaaS platform developed to help make creating, deploying, and managing cloud services easier by providing a complete "stack" of features and components for cloud environments FIPS 140-2 correct answer: NIST document that lists accredited and outmoded cryptosystems NIST 800-53 correct answer: Guidance document with the primary goal of ensuring that appropriate security requirements and controls are applied to all U.S. federal government information in information management systems Four Steps of a Business Requirements Analysis correct answer: 1. inventory of all assets (#) 2. valuation of each asset ($) 3. determination of critical paths, processes, and assets 4. clear understanding of risk appetite Cloud Provider Defense Roles correct answer: - strong personnel controls (background checks, and continual monitoring) - technological controls (encryption, event logging, and access control enforcement) - physical controls - governance mechanisms and enforcement (policies and audits) Cloud Customer Defense Roles correct answer: - training programs for staff and users - contractual enforcement of policy requirements - use of encryption and logical isolation mechanisms - strong access control methods Key Components of Strong Data Retention Policies correct answer: 1. Retention periods