Exam 22: Cloud Security

three areas of support can be offered by a cloud broker: service intermediation, service aggregation, and __________ .

System vulnerabilities can be exploited by hackers and malicious software across a shared cloud environment.

NISt defines SecaaS as the provision of security applications and services via the cloud either to cloud-based infrastructure and software or from the cloud to the customers' on-premise systems.

there is an increasingly prominent trend in many organizations to move a substantial portion or even all It operations to an Internet-connected infrastructure known as an enterprise community cloud. .

A __________ is an entity that manages the use, performance, and delivery of cloud services, and negotiates relationships between CPs and cloud consumers.

A hybrid cloud infrastructure offers tighter controls over the geographic location of data storage and other aspects of security.

In effect, PaaS is an operating system in the cloud.

NISt defines three service models, which can be viewed as nested service alternatives: software as a service, platform as a service, and __________ .

the use of __________ avoids the complexity of software installation, maintenance, upgrades, and patches.

A _________ is an incident in which sensitive, protected, or confidential information is released, viewed, stolen, or used by an individual who is not authorized to do so.

the cloud computing model promotes availability and is composed of three essential characteristics, four service models, and three deployment models.

__________ is the monitoring, protecting, and verifying the security of data at rest, in motion, and in use.

On-demand self-service is an essential characteristic of cloud computing.

__________ includes people, processes, and systems that are used to manage access to enterprise resources by assuring that the identity of an entity is verified, and then granting the correct level of access based on this assured identity.

the intention of an advanced persistent threat is to steal data rather than to cause damage to the network or organization.

A __________ is a person or organization that maintains a business relationship with, and uses service from, cloud providers.

A cloud broker can evaluate the services provided by a CP in terms of security controls, privacy impact, and performance.

the __________ cloud infrastructure is a composition of two or more clouds that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

the two most significant developments in computing in recent years are cloud computing and the __________ .

A __________ is a party that can conduct independent assessment of cloud services, information system operations, performance, and security of the cloud implementation.