Which is the primary tool used to manage identity and access management of resources spread across hundreds of different clouds and resources?
Correct Answer: B
In cloud computing, the fundamental problem is that multiple organizations are now managing the identity and access management to resources, which can greatly complicate the process. For example, imagine having to provision the same user on dozens-or hundreds-of different cloud services. Federation is the primary tool used to manage this problem, by building trust relationships between organizations and enforcing them through standards-based technologies. Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)
Question 42
Which of the following is NOT a characteristic of cloud computing?
Correct Answer: D
The characteristics of cloud computing are 1. 0n-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. 2. Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms(e.g, mobile phones, tablets, laptops and workstations). 3. Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction(e.g, country, state or datacenter). Examples of resources include storage, processing, memory and network bandwidth. 4. Rapid elasticity: Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at anytime. 5. Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service(e.g, storage, processing, bandwidth and active user accounts). Resource usage can be monitored, controlled and reported, providing transparency for the provider and consumer.
Question 43
Which one of the following is the key tool of Cloud Governance?
Correct Answer: B
The primary tool of governance is the contract between a cloud provider and a cloud customer (this is true for public and private cloud). The contract is your only guarantee of any level of service or commitment Ref: CSA Security Guidance V4.0
Question 44
ANF and ONF are referred in which of the following ISO standards?
Correct Answer: C
ISO/ IEC 27034-1, "Information Technology - Security Techniques - Application Security," provides one of the most widely accepted set of standards and guidelines for secure application development. IS0/ IEC27034-1 is a comprehensive set of standards that cover many aspects of application development. A few of the key elements include the organizational normative framework (ONF), the application normative framework (ANF), and the application security management process (APSM).
Question 45
NIST defines five characteristics of cloud computing- Rapid Elasticity, Broad Network Access, 0n demand self-service, Metered Usage & Resource pooling. However, IS0/lEC17788 mentions one more characteristic in addition is those 5. Which of the following is that characterstic?
Correct Answer: A
IS0/lEC17788 lists six key characteristics. the first five of which are identical to the NIST characteristics. The only addition is multitenancy. which is distinct from resource pooling. Ref: CSA Security Guidelines V4.0
