QUESTIONS WITH SOLUTIONS GRADED A+
✔✔EAR (Export Administration Regulations) - ✔✔Department of Commerce
prohibitions on dual-use items (commercial/military)
✔✔The Wassaneer Agreement - ✔✔A group of 41 countries that inform each other
about conventional military shipments to non-member countries. Not a treaty so non-
enforsable
✔✔Private Cloud - ✔✔A private cloud configuration is a legacy configuration of a
datacenter, often with distributed computing and BYOD capabilities
✔✔External Threat - ✔✔A type of risk that includes malware, hacking, DoS/DDoS, MiM
attacks and so on
✔✔Community Cloud - ✔✔In a community cloud configuration, resources are shared
and dispersed among an affinity group
✔✔Personnel threat - ✔✔A malicious or negligent insider who can cause significant
negative impact, as they have physical access to resources
✔✔Resource Sharing - ✔✔Refers to a method in which the programs and instances run
by the customer that will operate on the same devices used by other customers,
sometimes simultaneously
✔✔Interoperability Issues - ✔✔An issue in which the customer's software may not
function properly with each new adjustment in the environment if the OS is updated by
the provider
✔✔Data seizure - ✔✔A legal activity that might result in a host machine being
confiscated or inspected by LEO or plaintiffs' attorneys
✔✔Guest Escape - ✔✔An improperly designed or poorly configured hypervisor might
allow for abuser to leave the confines of their own virtualized instance
✔✔Information Bleed - ✔✔Refers to the possibility that processing performed on one
virtualized instance may be detected by other instances on the same host
✔✔SOC1 - ✔✔A type of report which are for auditing the financial reporting instruments
of a corporation. Has Type1 & Type2 reports but has nothing to do with Cloud
Computing
, ✔✔SOC2 - ✔✔A type of report which is intended to report audits of controls on an
organization's security, availability, processing integrity, and privacy. Type 1 (only
reviews design controls) Type 2 (how sec controls are implemented) detailed report
never to be released
✔✔SOC3 - ✔✔Contains no actual data about the security controls of the audit target
and is also known as the "seal of approval"
✔✔Shared policy - ✔✔Helps the customer to seek financial restitution for damages
caused to them, that occurred because of negligence or malfeasance on the part of the
provider
✔✔Deployment Model - ✔✔Removes or reduces the authority and executing of security
controls in the environment
✔✔Third party administrator (TPA) - ✔✔A cloud provider who manages the
administration of a user's system and who is not under the user's control
✔✔Policy Management - ✔✔Serves as the enforcement arm of authentication and
authorization and is established based on business needs and senior management
decisions.
✔✔Volume Encryption - ✔✔Encrypts only a part of a hard drive instead of the entire
disk.
✔✔Authentication - ✔✔Establishes identity by asking who you are and determining
whether you are a legitimate user
✔✔Federation - ✔✔An association of organizations that facilitate the exchange of
information and access to resources.
✔✔Identity repositories - ✔✔The directory services for the administration of user
accounts and their associated attributes
✔✔IAM (Identity & Access Management) - ✔✔Is about the people, processes, and
procedures used to create, manage, and destroy identities.
(Authentication/Authorization/Central User Repository/User Management).
✔✔Personnel redundancy - ✔✔Provides increased level of robustness among
personnel resources who administer and support the IT components
✔✔Power line redundancy - ✔✔Behooves the cloud provider to ensure that all
communication lines are replicated on both sides of the building