Cloud Fundamentals
This four-part advantage structure in Module 1 links reduced CAPEX/TCO to fewer training demands and better baseline patching.
What are economic, operational, staffing, and security benefits?
The model where developers deploy code without touching OS or VM layers, exemplified by Google App Engine.
What is PaaS ?
This model is explicitly defined in Module 1 as multi-organization infrastructure for shared regulatory or jurisdictional needs.
What is a Community Cloud?
Module 1’s list of core threats includes this attack where credentials or sessions are illicitly taken over.
What is account or service hijacking?
This system manages digital identities and their entitlements throughout their lifecycle, including creation, authorization, and de-provisioning.
What is Identity and Access Management (IAM)?
Name the single attribute of NIST’s essential cloud characteristics not present by default in public cloud multi-tenancy.
What is single-tenant exclusivity?
Which model gives raw virtual machines, storage, and networking APIs and is exemplified by Amazon EC2?
What is IaaS?
The mixture of multiple deployment models, often used during migrations, is called what?
What is Hybrid Cloud?
Strong passwords, robust key management, and local encryption before upload are all controls for which cloud security domain?
What is Cloud Data Storage Security?
Name two key areas explicitly listed under consumer responsibilities beyond IAM and encryption.
What are application-level security and storage security (or monitoring/logging/compliance)?
Which model describes the dynamic division of security obligations that changes across IaaS, PaaS, and SaaS but never fully disappears for the customer?
What is the Shared Responsibility Model?
Module 1 labels S3, DynamoDB, Glacier, and SQS as this type of AWS service category under shared responsibility.
What are Abstract Services?
Under NIST actors, which role evaluates and monitors the provider’s controls on behalf of the consumer or regul
Who is the Auditor?
Using DMZs, subnet isolation, restricted ingress/egress, secure DNS, and IDS/IPS plus encryption-in-transit and DLP are all recommended under which area?
What is Cloud Network Security?
According to Module 1, cloud security controls aren’t “completely different” from on-prem—but what does change for the consumer?
What is the focus area of controls and risk mitigation shifts?
Identify all five NIST reference-architecture actors, including the one that mediates between provider and consumer.
Who are the Consumer, Provider, Carrier, Broker, and Auditor?
Name the service model that shifts the largest proportion of security tasks to the provider yet still requires consumer identity and data controls.
What is SaaS?
When conducting a CSP gap analysis, you’re told to examine maturity, transparency, architecture automation, governance, and compliance frameworks such as ISO 27001, PCI DSS, HIPAA, and SOX. What process are you performing?
What is Cloud Security Due Diligence / CSP Evaluation?
Consolidating metrics, fees, and abnormal-activity alerts into a single reporting system is the module’s prescription for which practice?
What is Cloud Monitoring?
Physical security of data centers belongs to the provider; identify three other responsibilities that the consumer must still perform under SaaS?
What are IAM, data encryption & key management, and compliance monitoring (or application security)?
This essential characteristic of cloud computing ties directly to its measured service model, enabling automatic scaling up or down based on demand while the customer pays only for what they consume.
What is Rapid Elasticity (or Elastic Scaling)?
Clue: In Module 1’s examples, AWS OpsWorks manages applications with Chef/Puppet, but which template-driven service is recommended for provisioning complex, multi-region stacks including IAM roles, VPCs, and multi-tier apps?
What is AWS CloudFormation?
Before choosing a CSP you must not only assess maturity and compliance but also verify this attribute — evidence of how open and forthcoming the provider is with customers about its security architecture.
What is Transparency?
Module 1 lists this threat alongside insecure APIs and insider misuse: it involves attackers exploiting vulnerabilities in shared underlying resources (hypervisor, CPU, etc.) to affect multiple tenants.
What are Shared Technology Vulnerabilities?
Module 1 instructs customers to use one platform for logs and metrics, but also stresses controlling two aspects of collection to keep the system scalable and efficient. Name both.
What are Data Selection (capturing who/what/where/when/permissions) and Collection/Distribution Frequency?