GU D320 MANAGING CLOUD
W
SECURITY | 80 Question Version JYO2 |
Latest January 2025-2026 | Already Passed
| Cloud Security Exam | Pass Guaranteed -
A+ Graded
**[DOMAIN 1: CLOUD COMPUTING CONCEPTS & ARCHITECTURE - 12 Questions]**
* *Question 1**
In the shared responsibility model for Infrastructure as a Service (IaaS), which security
responsibility falls primarily on the customer?
) Physical data center security and hypervisor maintenance
A
B) Network infrastructure and storage virtualization
C) Operating system patching and application security
D) Power supply and cooling systems
**[CORRECT]** C) Operating system patching and application security
* *Rationale:** In the IaaS shared responsibility model, the cloud provider manages the physical
infrastructure, network, and virtualization layer (hypervisor). The customer is responsible for the
guest operating system, middleware, applications, data, and access management. This
represents the highest level of customer responsibility among cloud service models. Options A,
B, and D describe provider responsibilities.
* *Question 2**
Which cloud deployment model provides dedicated infrastructure for a single organization while
still leveraging cloud computing characteristics?
) Public cloud
A
B) Private cloud
C) Community cloud
D) Hybrid cloud
**[CORRECT]** B) Private cloud
,* *Rationale:** A private cloud is provisioned for exclusive use by a single organization. It offers
greater control, customization, and security compared to public cloud while maintaining cloud
characteristics like self-service and elasticity. Public cloud (A) is shared infrastructure,
community cloud (C) is shared by organizations with common concerns, and hybrid cloud (D)
combines multiple deployment models.
* *Question 3**
A company wants to deploy a web application without managing the underlying infrastructure,
operating system, or middleware. They need to focus solely on application configuration and
data. Which cloud service model best fits this requirement?
) Infrastructure as a Service (IaaS)
A
B) Platform as a Service (PaaS)
C) Software as a Service (SaaS)
D) Function as a Service (FaaS)
**[CORRECT]** C) Software as a Service (SaaS)
* *Rationale:** SaaS provides fully functional applications where the provider manages
everything except customer data and access. The customer simply configures and uses the
application. IaaS (A) requires OS and application management, PaaS (B) requires application
development and deployment management, and FaaS/D (serverless) still requires code
deployment though infrastructure is abstracted.
* *Question 4**
According to the Cloud Security Alliance (CSA) Top Threats, which of the following represents
the highest risk to cloud environments?
) Natural disasters affecting data center locations
A
B) Misconfiguration and inadequate change control
C) Hardware failure of storage devices
D) Insufficient bandwidth for cloud connectivity
**[CORRECT]** B) Misconfiguration and inadequate change control
* *Rationale:** CSA consistently ranks misconfiguration and inadequate change control as the
top cloud security threat. This includes exposed storage buckets, improper security group rules,
and lack of change management. Cloud providers handle physical risks (A, C) through
redundancy, and bandwidth (D) is an operational rather than security concern.
* *Question 5**
What is the primary security risk associated with VM escape attacks?
A) Unauthorized access to the hypervisor and other VMs on the same host
, ) Data corruption within the virtual machine's own storage
B
C) Network latency between virtual machines
D) Inability to migrate VMs between physical hosts
**[CORRECT]** A) Unauthorized access to the hypervisor and other VMs on the same host
* *Rationale:** VM escape is an attack where a malicious VM breaks out of its isolated
environment to access the host hypervisor, potentially compromising all other VMs on that host.
This violates the fundamental isolation guarantee of virtualization. Options B, C, and D describe
issues that do not represent the critical security impact of hypervisor compromise.
* *Question 6**
Which characteristic of cloud computing enables rapid elasticity and appears to provide
unlimited resources to the consumer?
) Resource pooling
A
B) Broad network access
C) Measured service
D) On-demand self-service
**[CORRECT]** A) Resource pooling
* *Rationale:** Resource pooling allows the provider's computing resources to serve multiple
consumers using a multi-tenant model, with resources dynamically assigned and reassigned
according to demand. This pooling enables the illusion of infinite capacity and supports rapid
elasticity. While D enables provisioning, A specifically enables the scalability characteristic.
* *Question 7**
In a Platform as a Service (PaaS) model, which component is the cloud provider responsible for
securing?
) Customer-developed applications
A
B) Customer data stored in the application
C) Operating system and runtime environment
D) User access credentials and authentication methods
**[CORRECT]** C) Operating system and runtime environment
* *Rationale:** In PaaS, the provider manages the underlying infrastructure, operating system,
middleware, and runtime environment. The customer manages their applications (A), data (B),
and access control (D). This intermediate shared responsibility model reduces customer burden
compared to IaaS while offering more control than SaaS.
**Question 8**
, What is "VM sprawl" and why is it a security concern?
) The uncontrolled proliferation of virtual machines leading to management and security gaps
A
B) The physical spreading of virtual machines across multiple data centers
C) The rapid scaling of a single virtual machine to consume excessive resources
D) The migration of virtual machines between hypervisors without authorization
* *[CORRECT]** A) The uncontrolled proliferation of virtual machines leading to management
and security gaps
* *Rationale:** VM sprawl occurs when VMs are created without proper lifecycle management,
leading to orphaned instances, outdated patches, unknown configurations, and security blind
spots. Unlike physical servers, VMs are easily created, making governance essential. Options
B, C, and D describe different virtualization phenomena.
* *Question 9**
Which cloud computing essential characteristic allows consumers to unilaterally provision
computing capabilities without requiring human interaction with service providers?
) Broad network access
A
B) On-demand self-service
C) Rapid elasticity
D) Measured service
**[CORRECT]** B) On-demand self-service
* *Rationale:** On-demand self-service is the essential characteristic that enables consumers to
automatically provision resources (servers, storage, network) as needed without human
provider interaction. This distinguishes cloud from traditional IT provisioning. While A refers to
accessibility, C to scaling, and D to metering, B specifically addresses automatic provisioning
capability.
* *Question 10**
A multinational corporation wants to maintain sensitive data on-premises while leveraging public
cloud for less sensitive workloads. Which deployment model should they implement?
) Private cloud only
A
B) Public cloud only
C) Hybrid cloud
D) Community cloud
**[CORRECT]** C) Hybrid cloud
W
SECURITY | 80 Question Version JYO2 |
Latest January 2025-2026 | Already Passed
| Cloud Security Exam | Pass Guaranteed -
A+ Graded
**[DOMAIN 1: CLOUD COMPUTING CONCEPTS & ARCHITECTURE - 12 Questions]**
* *Question 1**
In the shared responsibility model for Infrastructure as a Service (IaaS), which security
responsibility falls primarily on the customer?
) Physical data center security and hypervisor maintenance
A
B) Network infrastructure and storage virtualization
C) Operating system patching and application security
D) Power supply and cooling systems
**[CORRECT]** C) Operating system patching and application security
* *Rationale:** In the IaaS shared responsibility model, the cloud provider manages the physical
infrastructure, network, and virtualization layer (hypervisor). The customer is responsible for the
guest operating system, middleware, applications, data, and access management. This
represents the highest level of customer responsibility among cloud service models. Options A,
B, and D describe provider responsibilities.
* *Question 2**
Which cloud deployment model provides dedicated infrastructure for a single organization while
still leveraging cloud computing characteristics?
) Public cloud
A
B) Private cloud
C) Community cloud
D) Hybrid cloud
**[CORRECT]** B) Private cloud
,* *Rationale:** A private cloud is provisioned for exclusive use by a single organization. It offers
greater control, customization, and security compared to public cloud while maintaining cloud
characteristics like self-service and elasticity. Public cloud (A) is shared infrastructure,
community cloud (C) is shared by organizations with common concerns, and hybrid cloud (D)
combines multiple deployment models.
* *Question 3**
A company wants to deploy a web application without managing the underlying infrastructure,
operating system, or middleware. They need to focus solely on application configuration and
data. Which cloud service model best fits this requirement?
) Infrastructure as a Service (IaaS)
A
B) Platform as a Service (PaaS)
C) Software as a Service (SaaS)
D) Function as a Service (FaaS)
**[CORRECT]** C) Software as a Service (SaaS)
* *Rationale:** SaaS provides fully functional applications where the provider manages
everything except customer data and access. The customer simply configures and uses the
application. IaaS (A) requires OS and application management, PaaS (B) requires application
development and deployment management, and FaaS/D (serverless) still requires code
deployment though infrastructure is abstracted.
* *Question 4**
According to the Cloud Security Alliance (CSA) Top Threats, which of the following represents
the highest risk to cloud environments?
) Natural disasters affecting data center locations
A
B) Misconfiguration and inadequate change control
C) Hardware failure of storage devices
D) Insufficient bandwidth for cloud connectivity
**[CORRECT]** B) Misconfiguration and inadequate change control
* *Rationale:** CSA consistently ranks misconfiguration and inadequate change control as the
top cloud security threat. This includes exposed storage buckets, improper security group rules,
and lack of change management. Cloud providers handle physical risks (A, C) through
redundancy, and bandwidth (D) is an operational rather than security concern.
* *Question 5**
What is the primary security risk associated with VM escape attacks?
A) Unauthorized access to the hypervisor and other VMs on the same host
, ) Data corruption within the virtual machine's own storage
B
C) Network latency between virtual machines
D) Inability to migrate VMs between physical hosts
**[CORRECT]** A) Unauthorized access to the hypervisor and other VMs on the same host
* *Rationale:** VM escape is an attack where a malicious VM breaks out of its isolated
environment to access the host hypervisor, potentially compromising all other VMs on that host.
This violates the fundamental isolation guarantee of virtualization. Options B, C, and D describe
issues that do not represent the critical security impact of hypervisor compromise.
* *Question 6**
Which characteristic of cloud computing enables rapid elasticity and appears to provide
unlimited resources to the consumer?
) Resource pooling
A
B) Broad network access
C) Measured service
D) On-demand self-service
**[CORRECT]** A) Resource pooling
* *Rationale:** Resource pooling allows the provider's computing resources to serve multiple
consumers using a multi-tenant model, with resources dynamically assigned and reassigned
according to demand. This pooling enables the illusion of infinite capacity and supports rapid
elasticity. While D enables provisioning, A specifically enables the scalability characteristic.
* *Question 7**
In a Platform as a Service (PaaS) model, which component is the cloud provider responsible for
securing?
) Customer-developed applications
A
B) Customer data stored in the application
C) Operating system and runtime environment
D) User access credentials and authentication methods
**[CORRECT]** C) Operating system and runtime environment
* *Rationale:** In PaaS, the provider manages the underlying infrastructure, operating system,
middleware, and runtime environment. The customer manages their applications (A), data (B),
and access control (D). This intermediate shared responsibility model reduces customer burden
compared to IaaS while offering more control than SaaS.
**Question 8**
, What is "VM sprawl" and why is it a security concern?
) The uncontrolled proliferation of virtual machines leading to management and security gaps
A
B) The physical spreading of virtual machines across multiple data centers
C) The rapid scaling of a single virtual machine to consume excessive resources
D) The migration of virtual machines between hypervisors without authorization
* *[CORRECT]** A) The uncontrolled proliferation of virtual machines leading to management
and security gaps
* *Rationale:** VM sprawl occurs when VMs are created without proper lifecycle management,
leading to orphaned instances, outdated patches, unknown configurations, and security blind
spots. Unlike physical servers, VMs are easily created, making governance essential. Options
B, C, and D describe different virtualization phenomena.
* *Question 9**
Which cloud computing essential characteristic allows consumers to unilaterally provision
computing capabilities without requiring human interaction with service providers?
) Broad network access
A
B) On-demand self-service
C) Rapid elasticity
D) Measured service
**[CORRECT]** B) On-demand self-service
* *Rationale:** On-demand self-service is the essential characteristic that enables consumers to
automatically provision resources (servers, storage, network) as needed without human
provider interaction. This distinguishes cloud from traditional IT provisioning. While A refers to
accessibility, C to scaling, and D to metering, B specifically addresses automatic provisioning
capability.
* *Question 10**
A multinational corporation wants to maintain sensitive data on-premises while leveraging public
cloud for less sensitive workloads. Which deployment model should they implement?
) Private cloud only
A
B) Public cloud only
C) Hybrid cloud
D) Community cloud
**[CORRECT]** C) Hybrid cloud
