CCSP Domain 1: Architectural Concepts and Design Requirements
Which of the following are attributes of cloud computing? A. Minimal management effort and shared resources B. High cost and unique resources C. Rapid provisioning and slow release of resources D. Limited access and service provider interaction
Answer: A Explanation: "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction." —"The NIST Definition of Cloud Computing"
When using a SaaS solution, what is the capability provided to the customer? A. To use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (for example, web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. B. To use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (for example, web-based email), or a program interface. The consumer does manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. C. To use the consumer's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (for example, web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. D. To use the consumer's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (for example, web-based email), or a program interface. The consumer does manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Answer: A Explanation: According to "The NIST Definition of Cloud Computing," in SaaS, "The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based e-mail), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings."
When using an IaaS solution, what is a key benefit provided to the customer? A. Metered and priced on the basis of units consumed B. The ability to scale up infrastructure services based on projected usage C. Increased energy and cooling system efficiencies D. Transferred cost of ownership
Answer: A Explanation: IaaS has a number of key benefits for organizations, which include but are not limited to these: Usage is metered and priced on the basis of units (or instances) consumed. This can also be billed back to specific departments or functions. It has an ability to scale up and down infrastructure services based on actual usage. This is particularly useful and beneficial where there are significant spikes and dips within the usage curve for infrastructure. It has a reduced cost of ownership. There is no need to buy assets for everyday use, no loss of asset value over time, and reduced costs of maintenance and support. It has a reduced energy and cooling costs along with "green IT" environment effect with optimum use of IT resources and systems.
What are the five Trust Services principles? A. Security, Availability, Processing Integrity, Confidentiality, and Privacy B. Security, Auditability, Processing Integrity, Confidentiality, and Privacy C. Security, Availability, Customer Integrity, Confidentiality, and Privacy D. Security, Availability, Processing Integrity, Confidentiality, and Nonrepudiation
Answer: A Explanation: SOC 2 reporting was specifically designed for IT-managed service providers and cloud computing. The report specifically addresses any number of the five so-called Trust Services principles, which follow: Security: The system is protected against unauthorized access, both physical and logical. Availability: The system is available for operation and use as committed or agreed. Processing Integrity: System processing is complete, accurate, timely, and authorized. Confidentiality: Information designated as confidential is protected as committed or agreed. Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the provider's privacy policy.
Which of the following are essential characteristics of cloud computing? (Choose two.) A. On-demand self service B. Unmeasured service C. Resource isolation D. Broad network access
Answer: A and D Explanation: According to "The NIST Definition of Cloud Computing," the essential characteristics of cloud computing are as follows: On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider. Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (such as mobile phones, tablets, laptops, and workstations). Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (such as country, state, or data center). Examples of resources include storage, processing, memory, and network bandwidth. Rapid elasticity: Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time. Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (such as storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and the consumer of the utilized service.
What are the six stages of the cloud secure data life-cycle? A. Create, use, store, share, archive, and destroy B. Create, store, use, share, archive, and destroy D. Create, share, store, archive, use, and destroy D. Create, archive, use, share, store, and destroy
Answer: B Explanation: As with systems and other organizational assets, data should have a defined and managed life-cycle across the following key stages (Figure A.1): Create: Generation of new digital content or modification of existing content Store: Committing data to storage repository; typically occurs directly after creation Use: Data is viewed, processed, or otherwise used in some sort of activity (not including modification) Share: Information made accessible to others—users, partners, customers, and so on Archive: Data leaves active use and enters long-term storage Destroy: Data permanently destroyed using physical or digital means
What is a key capability or characteristic of PaaS? A. Support for a homogenous hosting environment B. Ability to reduce lock-in C. Support for a single programming language D. Ability to manually scale
Answer: B Explanation: PaaS should have the following key capabilities and characteristics: Support multiple languages and frameworks: PaaS should support multiple programming languages and frameworks, thus enabling the developers to code in whichever language they prefer or the design requirements specify. In recent times, significant strides and efforts have been taken to ensure that open source stacks are both supported and utilized, thus reducing "lock-in" or issues with interoperability when changing CSPs. Multiple hosting environments: The ability to support a wide variety of underlying hosting environments for the platform is key to meeting customer requirements and demands. Whether public cloud, private cloud, local hypervisor, or bare metal, supporting multiple hosting environments allows the application developer or administrator to migrate the application when and as required. This can also be used as a form of contingency and continuity and to ensure the ongoing availability. Flexibility: Traditionally, platform providers provided features and requirements that they felt suited the client requirements, along with what suited their service offering and positioned them as the provider of choice, with limited options for the customers to move easily. This has changed drastically, with extensibility and flexibility now afforded to meeting the needs and requirements of developer audiences. This has been heavily influenced by open source, which allows relevant plug-ins to be quickly and efficiently introduced into the platform. Allow choice and reduce lock-in: PaaS learns from previous horror stories and restrictions, proprietary meant red tape, barriers, and restrictions on what developers could do when it came to migration or adding features and components to the platform. Although the requirement to code to specific APIs was made available by the providers, they could run their apps in various environments based on commonality and standard API structures, ensuring a level of consistency and quality for customers and users. Ability to auto-scale: This enables the application to seamlessly scale up and down as required to accommodate the cyclical demands of users. The platform will allocate resources and assign these to the application as required. This serves as a key driver for any seasonal organizations that experience spikes and drops in usage.
Which of the following are cloud computing roles? A. Cloud customer and financial auditor B. CSP and backup service provider C. Cloud service broker and user D. Cloud service auditor and object
Answer: B Explanation: The following groups form the key roles and functions associated with cloud computing. They do not constitute an exhaustive list but highlight the main roles and functions within cloud computing: Cloud customer: An individual or entity that utilizes or subscribes to cloud-based services or resources. CSP: A company that provides cloud-based platform, infrastructure, application, or storage services to other organizations or individuals, usually for a fee; otherwise known to clients "as a service." Cloud backup service provider: A third-party entity that manages and holds operational responsibilities for cloud-baseddata backup services and solutions to customers from a central data center. CSB: Typically a third-party entity or company that looks to extend or enhance value to multiple customers of cloud-based services through relationships with multiple CSPs. It acts as a liaison between cloud services customers and CSPs, selecting the best provider for each customer and monitoring the services. The CSB can be utilized as a "middleman" to broker the best deal and customize services to the customer's requirements. May also resell cloud services. Cloud service auditor: Third-party organization that verifies attainment of SLAs.
When using a PaaS solution, what is the capability provided to the customer? A. To deploy onto the cloud infrastructure provider-created or acquired applications created using programming languages, libraries, services, and tools that the provider supports. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. B. To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools that the provider supports. The provider does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. C. To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools that the provider supports. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. D. To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools that the consumer supports. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
Answer: C Explanation: According to "The NIST Definition of Cloud Computing," in PaaS, "the capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment."
What are SOC 1/SOC 2/SOC 3? A. Risk management frameworks B. Access controls C. Audit reports D. Software development phases
Answer: C Explanation: An SOC 1 is a report on controls at a service organization that may be relevant to a user entity's internal control over financial reporting. An SOC 2 report is based on the existing SysTrust and WebTrust principles. The purpose of an SOC 2 report is to evaluate an organization's information systems relevant to security, availability, processing integrity, confidentiality, or privacy. An SOC 3 report is also based on the existing SysTrust and WebTrust principles, like a SOC 2 report. The difference is that the SOC 3 report does not detail the testing performed.
Which of the following are considered to be the building blocks of cloud computing? A. Data, access control, virtualization, and services B. Storage, networking, printing, and virtualization C. CPU, RAM, storage, and networking D. Data, CPU, RAM, and access control
Answer: C Explanation: The building blocks of cloud computing are composed of RAM, CPU, storage, and networking.
When using an IaaS solution, what is the capability provided to the customer? A. To provision processing, storage, networks, and other fundamental computing resources when the consumer is not able to deploy and run arbitrary software, which can include OSs and applications. B. To provision processing, storage, networks, and other fundamental computing resources when the provider is able to deploy and run arbitrary software, which can include OSs and applications. C. To provision processing, storage, networks, and other fundamental computing resources when the auditor is able to deploy and run arbitrary software, which can include OSs and applications. D. To provision processing, storage, networks, and other fundamental computing resources when the consumer is able to deploy and run arbitrary software, which can include OSs and applications.
Answer: D Explanation: According to "The NIST Definition of Cloud Computing," in IaaS, "the capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls)."
What are the four cloud deployment models? A. Public, internal, hybrid, and community B. External, private, hybrid, and community C. Public, private, joint, and community D. Public, private, hybrid, and community
Answer: D Explanation: According to "The NIST Definition of Cloud Computing," the cloud deployment models are as follows: "Private cloud: The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on- or off-premises. "Community cloud: The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on- or off-premises. "Public cloud: The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the CSP. "Hybrid cloud: The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds)."
Which of the following are distinguishing characteristics of a managed service provider? A. Have some form of a NOC but no help desk. B. Be able to remotely monitor and manage objects for the customer and re-actively maintain these objects under management. C. Have some form of a help desk but no NOC. D. Be able to remotely monitor and manage objects for the customer and proactively maintain these objects under management.
Answer: D Explanation: According to the MSP Alliance, typically MSPs have the following distinguishing characteristics: *Have some form of NOC service *Have some form of help desk service *Can remotely monitor and manage all or a majority of the objects for the customer *Can proactively maintain the objects under management for the customer *Can deliver these solutions with some form of predictable billing model, where the customer knows with great accuracy what her regular IT management expense will be
