In the context of IaaS, what are the primary components included in infrastructure?
Correct Answer: B
Correct Option: B. Compute, network, and storage resource pools In the Infrastructure as a Service (IaaS) model, the term "infrastructure" refers to the core physical and virtualized building blocks that form the basis of a cloud environment. These components are abstracted and pooled to offer on-demand provisioning to cloud consumers. From the CSA Security Guidance v4.0 - Domain 1: Cloud Computing Concepts and Architectures: "Infrastructure: The core components of a computing system: compute, network, and storage. The foundation that everything else is built on. The moving parts." - Section 1.1.4 Logical Model, CSA Security Guidance v4.0 Furthermore: "IaaS consists of a facility, hardware, an abstraction layer, an orchestration (core connectivity and delivery) layer to tie together the abstracted resources, and APIs to remotely manage the resources and deliver them to consumers." - Section 1.1.3.1 Infrastructure as a Service, CSA Security Guidance v4.0 These are commonly referred to as resource pools, and form the foundation of what IaaS delivers: virtual machines (compute), virtual networks (networking), and object/block storage systems (storage). Why the Other Options Are Incorrect: A . Network configuration tools, storage encryption, and virtualization platforms ➤ These are supporting technologies and security tools, not the actual infrastructure components that make up IaaS. C . User authentication systems, application deployment services, and database management ➤ These fall under PaaS (Platform as a Service) and SaaS. IaaS does not manage applications or authentication; it provides the foundation upon which these services run. D . Load balancers, firewalls, and backup solutions ➤ These are add-on services or features, not the core infrastructure components of IaaS. While often used alongside IaaS, they are not the essential building blocks of infrastructure. Main Topic: Cloud Computing Concepts and Architectures Source: CSA Security Guidance v4.0, Domain 1, Sections 1.1.3.1 & 1.1.4
Question 102
What is an essential security characteristic required when using multi-tenant technologies?
Correct Answer: A
In multi-tenant technologies, the fundamental security requirement is segmented and segregated customer environments. Multi-tenancy means that multiple customers (tenants) share the same physical or virtual infrastructure while maintaining logical separation to prevent data leakage and unauthorized access between tenants. To ensure security and compliance in multi-tenant environments, providers implement: * Network segmentation (VLANs, Virtual Private Clouds) * Isolation mechanisms (such as virtual firewalls and access control lists) * Data isolation through encryption and access controls * Hypervisor-based isolation in virtualized environments The goal is to create strong logical isolation between tenants to mitigate risks like data leakage, guest- hopping attacks, and unauthorized access. Why Other Options Are Incorrect: * B. Limited resource allocation: While resource limits may help performance management, they do not inherently ensure security in multi-tenant settings. * C. Resource pooling: Though fundamental to cloud computing, it does not address the isolation needed for secure multi-tenancy. * D. Abstraction and automation: These are key elements in cloud computing but do not directly address multi-tenant security. References: CSA Security Guidance v4.0, Domain 7: Infrastructure Security Cloud Computing Security Risk Assessment (ENISA) - Isolation Failure Cloud Controls Matrix (CCM) v3.0.1 - Infrastructure and Virtualization Security Domain
Question 103
The management plane controls and configures the:
Correct Answer: B
The management plane controls and configures the metastructure and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets(like networks and processors)and using them to build resource pools. Metastructure is the glue and guts to create, provision, and de-provision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud. Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)
Question 104
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?
Correct Answer: D
Question 105
In a containerized environment, what is fundamental to ensuring runtime protection for deployed containers?
Correct Answer: A
Real-time visibility allows for monitoring container behavior during runtime, helping to identify and respond to security incidents as they occur. Reference: [Security Guidance v5, Domain 8 - Cloud Workload Security]
