CCSP - Domain 1

Daniel is the security architect at VeriSure MedTech, a cloud-based patient data management startup. Daniel discovers that public snapshots of virtual machines were left accessible on a shared infrastructure service. Unauthorized individuals accessed patient health data. Daniel must identify the fundamental issues related to cloud architecture concepts, understand the security considerations of data at rest, and implement a more secure deployment model. What primary remediation aligns with secure cloud design principles? (1.1). Maintain public snapshots for scalability but rely on strong perimeter firewalls in a hybrid model without adjusting encryption strategies. Convert the environment to a SaaS model and trust the provider's default snapshot security features without incorporating additional encryption requirements. Restrict public snapshots; integrate encryption for data at rest; transition to a private cloud model with clearly defined isolation boundaries. Remove encryption altogether as this will improve performance; rely on network security groups in the existing public cloud model.

Emily is the cloud security director at Finora Cloud Banking, a financial services firm. Emily learns that their IaaS platform's storage buckets are unintentionally exposed to the internet. The firm processes sensitive financial data requiring strict confidentiality. Emily must apply the essential characteristics of cloud computing, ensure secure configuration baselines, and consider the cost versus benefit of implementing encryption and access controls. Which action BEST meets these criteria? (1.1). Restrict public access to storage buckets; enable encryption at rest and in transit; apply least privilege IAM policies; accept the minor cost increase for secure configurations. Leave buckets public for operational ease; rely on default credentials; implement only encryption in transit; prioritize and justify cost savings over security measures. Switch to a private cloud model with no encryption to reduce complexity and assume that restricted network access suffices for data protection. Limit encryption to at-rest only and provide broad IAM roles to multiple teams while favoring lower operational costs over fine-grained access controls.

Frank is the security and privacy manager at DataSynth Health Analytics, an analytics platform for clinical data. Frank finds that an API endpoint is publicly accessible due to misconfigurations, and unauthorized entities could access sensitive data feeds. Frank must apply foundational cloud concepts, identify the appropriate reference architecture, and ensure functional security requirements are met. He must also consider ROI and KPI metrics tied to implementing secure API gateways. What is the BEST next step? (1.2). Keep the API publicly accessible to maintain speed; rely on IP whitelisting alone; ignore formal reference models; focus on short-term KPI improvements. Implement an API gateway with proper authentication; align with recommended cloud reference architecture for secure interfaces; justify the ROI by reducing breach-associated costs. Transition to a SaaS model without changing the API configuration; trust the provider's security promises; measure performance KPIs only. Disable the API entirely to avoid management overhead; avoid architectural considerations and guidance; track cost savings from reduced infrastructure usage.

Lisa is the CISO at NovaData Insurance, a cloud-driven claims processing service. Lisa observes open network ports on their PaaS environment. Attackers exploited these ports to intercept claims data. Lisa needs to understand virtualization security concerns, apply security hygiene principles, and consider how properly managed IaaS, PaaS, or SaaS models differ in their responsibilities. Which approach BEST addresses these challenges? (1.4). Shift the environment to IaaS and rely on the provider's network security, using the default port and encryption settings of the provider. Move to a SaaS model, given the provider will handle all security, including managing open ports; do not apply any internal security baselines. Focus on virtual machine-level encryption in the current PaaS model; disregard network-level controls or identity management given the provider default settings will likely be sufficient. Implement stricter access controls on the PaaS; ensure secure baseline configurations; adopt a layered security approach including encryption, identity management, and continuous monitoring.

Michael is the system architect at AeroMax Logistics, a platform leveraging hybrid cloud deployments for cargo tracking. Michael is managing a breach caused by default credentials on management interfaces, with attackers gaining unauthorized access to virtual machines storing routing schedules. Michael must ensure secure life cycle principles, incorporate identity and access controls, understand how private and public cloud models affect these controls, and measure success through KPIs. Which solution is MOST appropriate? (1.3). Keep default credentials for internal machines; bolster network perimeter controls; align KPIs to uptime and availability. Transition all services to a public cloud model; adopt default security settings from the cloud provider; align KPIs to cost savings. Replace default credentials; enable MFA; apply least-privilege IAM in both private and public cloud segments; track reduced unauthorized access events as a KPI. Apply multifactor authentication on public-facing components; maintain default credentials internally; focus KPI measurements on patching speed and intrusion prevention metrics.

Susan is the cloud security engineer at Regal Funds Investment, a company analyzing large financial datasets in a public cloud. Susan discovers that sensitive market data has been inadvertently transferred externally without encryption. She must apply fundamental cloud security concepts, ensure data protection in transit, align with a reference architecture that includes secure communication layers, and justify the slight overhead in cost. What approach should Susan take? (1.1). Continue cleartext transmission to maintain speed; harden perimeter firewalls to compensate. Implement encryption in transit; integrate secure endpoints as per reference guidance; accept latency costs resulting from these changes; monitor traffic for ongoing compliance. Shift all operations to a private cloud relying on the provider's encryption policies; assume reduced external exposure as a result of the shift; monitor for indicators of unauthorized access. Use encryption at rest as in-transit encryption is cost prohibitive; utilize default network security configurations supplied by the provider.

Jonathan is the security architect at CliniData BioServices, a hybrid cloud provider handling genomic data analysis. Jonathan notices that developers have used default credentials on VMs, resulting in attackers gaining root access to sensitive workloads. Jonathan must address identity and access management across the hybrid model, adopt a secure life cycle approach, and consider whether IaaS or PaaS is more controllable. Which solution BEST fits? (1.4). Keep default credentials internally; upgrade the perimeter firewall; maintain IaaS environment and keep IAM separate; incorporate hybrid complexity to deter attackers. Move to SaaS; develop a unique credential policy; rely on the cloud provider's standard security settings; forgo centralized IAM across hybrid boundaries due to cost prohibitions. Apply MFA to external services; develop a unique credential policy; disable IAM for internal nodes due to high management overhead; deploy local user accounts to developers. Enforce unique credentials; enable MFA; integrate centralized IAM tools across hybrid resources; consider PaaS options with built-in identity controls.

Rachel is the cloud compliance manager at TransCom Freight, a transportation analytics firm using a multi-cloud environment. Rachel discovers that containerized workloads lack proper network segmentation. As a result, unauthorized traffic flows between cloud-based services. Rachel must apply cloud reference architecture guidelines, ensure network security principles are followed, and compare IaaS vs. PaaS networking controls. Which action BEST secures the environment? (1.5). Keep all containers in a flat network architecture; minimize firewall rules to avoid complexity; develop a business case for shifting workloads back to on-premises infrastructure. Migrate services to a single public cloud; do not segment workloads as this would introduce latency; adopt the cloud providers default security settings; assume that uniformity equals security. Implement micro-segmentation for containers; use a reference architecture to structure network layers; apply least privilege rules across multiple clouds. Focus on encrypting workloads at rest to meet compliance requirements; segment the network to include a management VLAN and to minimize network latency.

Albert is the CISO at MediTrans Pharma, a medical research firm. Albert discovers that open network ports in a PaaS environment exposed proprietary drug formulas. Albert must ensure that virtualization and network security principles are integrated, and that cost effective measures are being taken. He must also consider hybrid vs. public deployment trade-offs. What's the MOST appropriate solution to meet these goals? (1.3). Close unused ports; adopt encryption in transit and at rest; enforce MFA and role-based access; communicate to management that cost increases are a fraction of the benefit gained from intellectual property protection. Close unused ports; maintain use of default credentials; adopt encryption at rest; enforce MFA for external access only; ensure no cost increases occur given company revenue fell in the previous quarter. Move workloads to a hybrid model; adopt local firewall rules; focus on cost savings given the state of the global economy. Implement encryption at rest; monitor network ports for unauthorized access; incorporate security considerations in service-level agreements; justify minimal cost increases on inflationary pressures and cost of doing business.

Bob is the system architect at FinAx Cloud Brokers, a financial data aggregator. Bob finds that workloads scale dynamically but lack consistent encryption and monitoring. Sensitive payment data sits in memory during scale-ups on a public cloud. Bob must apply building block technologies (e.g., virtualization, storage, network), ensure proper logging, and consider performance versus security costs. Which measure aligns BEST? (1.2). Avoid encryption to maintain performance; enable critical event logging; implement scaling policies aligned to cost-saving auto-scaling scripts. Implement encryption in memory and at rest; enable comprehensive logging and monitoring; adopt scalable IAM policies; accept slight performance impact for robust security. Shift to a private cloud; ensure service level agreements incorporate all costs; adopt default logging policies; adopt private cloud provider's security posture. Encrypt backup files; ignore runtime encryption as this would impact latency and speed; maintain minimal logging to avoid management overhead costs associat.

Paige is the cloud security director at AeroLink Charter, an aviation logistics provider. Paige discovers that configuration baselines were never set for IaaS instances. Virtual machines run with default OS images and no hardening. Paige must incorporate secure life cycle principles, standardize baselines, and consider a cloud reference architecture that includes configuration management. Which steps are the MOST effective to achieve this? (1.1). Retain default OS images to maximize uptime and avoid complexity; undertake annual vulnerability scans; opt out of utilizing standardized configuration baselines. Move to a SaaS solution, which does not require OS management; use a reputable provider; this ensures that no baselines will be required. Develop secure baselines for IaaS VMs; enforce hardened OS images; use automated configuration tools; verify alignment with recognized cloud architecture patterns. Apply baselines to critical VMs only; opt out of implementing configuration management tools due to cost; optimize network firewalls for security.

Linda is the CISO at Genova Analytics, a data analysis startup. Linda determines that the cloud's resource elasticity is not matched by identity controls. Excessive permissions are granted to all users to enable quick scalability. Linda must refine IAM based on cloud computing characteristics, integrate secure design patterns, and weigh the cost of implementing least privilege vs. broad access. What is the BEST approach? (1.2). Implement least privilege IAM policies; adjust roles dynamically as workloads scale; accept the administrative overhead as necessary for strong security. Maintain permissions regime to ensure continued rapid changes; uplift incident response capability; justify to the business that reduced management costs outweigh security risks. Shift to a private cloud to control IAM by restricting external connections; continue internal role structure as is; implement SIEM solution to ensure events and alerts are registered. Use MFA on all accounts keeping existing permissions; ensure cloud account access is logged for at least 180 days in case an incident occurs.

Tom is the security architect at CloudSys Retail, a company processing online orders. Tom observes that data is stored unencrypted in a public cloud IaaS. Attackers obtained sensitive customer data from publicly exposed volumes. Tom must integrate encryption strategies, compare PaaS and IaaS storage security capabilities, and consider ROI metrics for enhanced data protection. Which option aligns BEST with these requirements? (1.3). Keep volumes public to allow better accessibility by customers; ensure default provider-managed keys are fully implemented; measure system uptime as an ROI. Enable server-side encryption; ensure volumes are not publicly exposed; adopt key management best practices; measure reduced breach risk as an ROI. Move to PaaS storage; forgo encryption to reduce latency; rely on the provider's default security settings to address exposure issues. Encrypt backups; keep production volumes public to ensure interoperability; implement basic IAM policies and controls.

Sarah is the cloud risk officer at MediCore Diagnostics, a medical diagnostics provider. Sarah discovers that service integration across hybrid environments lacks standardized cryptography. Sarah must apply recommended cryptographic practices, ensure that keys are managed securely, and understand how service models influence encryption responsibilities. She must also consider the operational cost of proper key rotation. Which measure is BEST? (1.4). Use 3DES encryption to simplify rotation; store keys locally on each VM; justify lower costs by reduced complexity. Utilize the provider's default encryption to ensure interoperability; avoid key rotation to minimize risk and save operational effort; rely on providers' assurances relating to compliance. Encrypt one segment of the environment to test effectiveness; implement firewall controls as a compensating control; implement SHA-1 as the chosen cryptographic hashing function. Implement centrally managed encryption keys; apply recommended cryptographic algorithms across hybrid services; rotate keys regularly; accept that the operational overhead is justified given the sensitivity of the information.

Jane is the cloud security director at AeroVista Airlines, an airline operating an online ticketing platform. The platform stores passenger data in a multi-tenant SaaS model without proper tenant isolation. Jane must align with reference architectures that ensure data segmentation, assess how SaaS differs in responsibilities, and measure how improved isolation affects KPIs. Which action is MOST suitable? (1.5). Enforce tenant isolation through service provider configuration; integrate logical separation of data; track reduced data leakage incidents as a KPI. Accept SaaS providers sometimes mix multi-tenant data as a result of business continuity needs; rely on partial encryption of sensitive records; track platform uptime as a KPI. Shift to IaaS to gain control over data segregation and isolation; opt out of encryption policies and procedures due to processing overhead required; measure KPIs on server load. Implement encryption on company data, relying on unique IAM tokens per tenant; ignore reference architectures as they are cumbersome to implement fully, and the business does not have budget to allocate.

At NetSyn Data Solutions, a hybrid analytics service, Tim, the Cloud Systems Engineer, finds a lack of proper network security tools in place. Inadequate logging and monitoring hinder the detection of unauthorized access. Tim must align with established cloud reference models, ensure security hygiene, and consider how different deployment models affect monitoring costs. Which are the BEST next steps? (1.2). Skip continuous monitoring due to cost overhead; rely on periodic manual checks; assume hybrid complexity masks intrusion attempts. Implement logging on critical servers only; ignore reference models owing to complexity; focus on cost savings by limiting tool adoption. Encrypt data at rest; opt out of real-time monitoring due to operational constraints; renew license on company firewall. Implement continuous monitoring and logging tools; align with known reference architectures for network controls; accept increased operational costs for heightened visibility and security.

Nick is the security architect at CloudAgora Finance, a firm using IaaS for high-volume transactions. Nick notices that key management is scattered and inconsistent. Different teams handle encryption keys with no unified policy. Nick must centralize key management, follow recommended security patterns, and weigh the additional cost of key management systems against reduced breach risks. Which approach would work BEST? (1.4). Let each team manage keys separately according to policy; rely on manual key rotation if a breach should occur; iterate that policy must be followed. Centralize key management with a unified policy; adopt secure generation and rotation practices; accept the tooling cost for stronger data assurance. Move to a SaaS platform on the expectation that the provider will undertake key management; disregard the need for unified policies or secure key life cycle practices given those functions have been outsourced to the provider. Focus on encrypting data not accessed in the last 90 days; make no changes to key rotation practices as the company has not been breached before; justify no tool costs by referencing minimal overhead.

Stephanie is the CISO at MediAlign Health Services, a research platform that processes patient images on PaaS. Stephanie discovers insecure API configurations exposing diagnostic scans. She must apply design principles from cloud architectures, integrate identity controls for APIs, and measure the reduced likelihood of unauthorized access as a KPI. Which steps should she take? (1.5). Secure API endpoints with authentication and authorization controls; follow recommended architecture for API security; track reduced unauthorized access incidents as a success metric. Keep APIs open as access is needed by doctors and specialists; rely on default service credentials; measure performance and financial KPIs. Switch to a private cloud environment retaining existing API configurations; opt out of additional overheads needed to implement identity controls given data is now in a private cloud. Encrypt the data at rest; keep APIs open and unauthenticated; optimize network firewall rules to block attackers.

Carol is the cloud security manager at DataChron Manufacturing, a supply chain analytics platform which uses IaaS for predictive models. Carol identifies that default network configurations expose management interfaces. She must implement network security aligned with reference architectures, use encryption and IAM, and consider the cost of adding intrusion detection tools. Which solution is BEST? (1.1). Keep interfaces public to facilitate maintenance; rely on one account and password for all management interface control owing to simplicity; opt out of encryption given the processing burden that encryption causes; minimize costs by opting out or investing in detection tools. Move to PaaS; do not implement IAM as PaaS will perform this function; retain network settings; trust the provider's default security settings to secure interfaces. Restrict management interface access with IAM and VPNs; apply encryption for sensitive data; follow architectural patterns for network segmentation; invest in detection tools. Encrypt data at rest; leave management interfaces public to avoid introducing maintenance disruption; rely on firewall logs to determine if network intrusion occurs.

Peter is the systems architect at TransGlobal Data, a company using a multi-cloud approach for financial and healthcare data. Peter finds inconsistent storage encryption policies being used across the business. Some regions store data unencrypted in public cloud containers. He must apply consistent encryption, follow reference architectures that recommend uniform policies, and measure how standardization improves compliance KPIs. What is the BEST approach? (1.4). Allow each region to define its own policy based on local compliance needs; allow flexible encryption methods to meet local need; track regulatory action against the company as a KPI. Enforce a uniform encryption policy across all regions and clouds; apply recommended architectural guidelines; track compliance improvements as KPIs. Move all data to a single private cloud region; opt out of encryption given workload overhead; opt against implementing a uniform policy given change in architecture. Encrypt regulated data, leaving other data unencrypted to reduce costs; define an encryption policy applicable to head office staff; track cost reduction as a KPI.

Which of the following terms describes the widespread and universal nature of cloud computing services? (1.1.1). Ubiquitous. Convenient. On-demand. Self-service.

Which of the following is NOT normally a configurable cloud computing resource? (1.1.1). Network. Servers. Application. Storage array.

The cloud service broker is an example of which of these? (1.1.2). Cloud service provider. Cloud service partner. Cloud service customer. Cloud service tenant.

A party that is in a business relationship for the purpose of consuming cloud services is known as which of these? (1.1.2). Cloud service provider. Cloud service partner. Cloud service customer. Cloud service broker.

Which of the following refers to a cloud service that enables the provision of cloud resources on demand (i.e., whenever and wherever they are required)? (1.1.3). Broad network access. On-demand self-service. Multitenancy. Resource pooling.

Which of the following is NOT a building block of cloud computing? (1.1.4). Virtualization. Storage. Network. Containerization.

Which of the following ISO/IEC viewpoints includes the system context, parties, roles, sub-roles, and cloud computing activities? (1.2). Functional view. Implementation view. User view. Deployment view.

The development of new services by combining or modifying one or more existing cloud services is defined by which of these? (1.2.1). Service composition. Service design. Service audit. Service acquisition.

Who is responsible for ensuring appropriate security for data, including data backup and recovery, administering security policies, defining encryption and integrity requirements, and defining personally identifiable information (PII) handling requirements? (1.2.1). Cloud service provider. Cloud service user. Cloud service customer. Cloud service broker.

Which role is responsible for preparing systems, monitoring services, managing assets inventory, and providing audit support? (1.2.1). Cloud service deployment manager. Cloud service business manager. Cloud service security manager. Cloud service operations manager.

Which of the following is NOT a cloud capability type? (1.2.2). Infrastructure capability type. Software capability type. Platform capability type. Application capability type.

Which cloud service capability type permits the cloud service customer to deploy, manage, and run customer-created or customer-acquired applications? (1.2.2). Platform capability type. Application capability type. Infrastructure capability type. Software capability type.

Which cloud service category provides capabilities to the cloud service customer with real-time interaction and collaboration? (1.2.3). Compute as a service. Network as a service. Communications as a service. Software as a service.

Which cloud deployment model is typically only available to the entity or organization and its employees, contractors, and selected third parties? (1.2.4). Public cloud. Private cloud. Community cloud. Hybrid cloud.

Which of the following is a preventive control against vendor lock-in? (1.2.5). Portability. Interoperability. Reliability. Audibility.

Blockchain technologies provide integrity and tamper-resistant capabilities through which built-in functionality? (1.2). Encryption. Dispersion. Bit-splitting. Hashing.

Containers are software bundles that contain all necessary elements EXCEPT which of these? (1.2.6). Code. Operating system. Libraries. Dependencies.

Which of the following is NOT a prerequisite as part of the cloud governance design process? (1.3). Identifying response options for each violation. Identifying desired outcomes. Identifying organizational roles responsible for attaining each outcome. Identifying the relevant metric(s) that indicate attainment of each goal.

Which cloud design principle involves the running and monitoring of systems? Activities supporting this principle include automating changes, defining standards, responding to events, and improving continuously. (1.4.6). Performance optimization. Operational excellence. Cost optimization. Sustainability.

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is a compilation of cloud-relevant security controls that can be related to other control frameworks. CCM is which of the following? (1.5.1). IaaS specific. PaaS specific. Community cloud specific. Relevant for all types of cloud deployment.

What is one key benefit of Software as a Service (SaaS) cloud computing? (1.2. Reduced hardware costs. Increased support costs. Larger upfront investments. More complex licensing.

What is a key benefit of cloud computing for developers? (1.2). Cloud computing eliminates the need for security measures. Cloud computing allows for scalable computing and storage capacity. Cloud computing requires fixed hardware to run applications. Cloud computing restricts developers' access to internet resources.

What are the three network planes that critical Cloud Service Provider (CSP) management functions are conducted over? (1.1). Control, data, and management. Configuration, monitoring, and analytics. Provisioning, orchestration, and troubleshooting. Physical, virtualized, and software-defined.

What does virtualization allow cloud providers to do in terms of managing physical infrastructure? (1.1). Present a consistent service to consumers regardless of changes to the infrastructure. Eliminate the need for any physical infrastructure. Automatically deploy new physical servers as needed. Restrict consumers' access to the physical infrastructure.

Which element of a feasibility study helps an organization determine if transitioning to a cloud service would be beneficial? (1.4). Business Impact Analysis. Cost Benefit Analysis. Infrastructure Analysis. Workforce Analysis.

What Business Continuity Planning (BCP) methodology helps predict disruptions to business functions? (1.4). Business Impact Analysis. Infrastructure Analysis. Cost Analysis. Cloud Readiness Assessment.

Which activity involves examining cloud offerings to see if they meet business needs? (1.2). Monitoring service. Performing a service trial. Selecting and purchasing service. Performing business administration.

When integrating existing systems with cloud services, what responsibility solely falls on the customer? (1.2). Handling problem reports. Connecting information and communication technology (ICT) systems. Administering tenancies. Requesting audit reports.

What does a Cloud Service Partner do to create new services that meet specific customer requirements? (1.2). Combine or modify existing cloud services. Design and create software components. Process problem reports. Enhance service implementations.

What is the Cloud Service Partner's responsibility regarding audits? (1.2). Performing audits and reporting audit results. Requesting audit evidence from customers. Defining the technical environment for audits. Establishing agreements for audits.

Which of the following is a cloud service provider's responsibility in preparing systems for new deployment? (1.2). Buying new hardware. Preparing infrastructure. Installing software. Hiring staff.

What aspect of service delivery does a cloud provider monitor to ensure compliance with Service Level Agreements (SLAs)? (1.2). Security. Continuity. Connectivity. Performance.

What is one type of measure that the target of key performance indicators (KPIs) should address? (1.4). Impact measures. Revenue efficiencies. Intelligent automation. Optimizing time to deliver.

What is a key performance indicator that can help measure cloud economic savings? (1.4). Revenue efficiencies. Instance to asset ratio. Intelligent automation. Optimizing time to deliver.

What privacy issue arises from the global nature of cloud computing data centers? (1.2). Performance degradation. Data residing in multiple international locations. Increased costs. More complex disaster recovery.

What aspect of cloud computing helps prevent vendor lock-in, in which a customer becomes dependent on a specific cloud provider's tools, technologies, and infrastructure? (1.2). Performance. Portability. Privacy. Resiliency.

What is the MOST prevalent concern that prevents business users from adopting cloud services? (1.2). Cost. Security. Reversibility. Service levels.

When outsourcing cloud services, which of the following is MOST critical to consider because it directly impacts the security, reliability, and compliance of the outsourced service? (1.2). Understanding the supply chain. Negotiating service levels. Ensuring reversibility. Implementing security controls.

Which of these is the key component needed for auditability in the cloud? (1.2). Checklists. Evidence. Regulations. Reports.

What aspect of the shared responsibility model is the customer's responsibility in a cloud environment? (1.2). Security of the cloud infrastructure. Security of data, applications, and systems. Physical protection of facilities. Configuration of firewalls.

What is a key benefit of cloud-based services that can enhance governance activities? (1.2). Access to metrics and usage statistics. Automated patching and upgrades. Centralized access controls. Standardized APIs.

What does interoperability in cloud computing refer to? (1.2). The ability to move data between cloud services. Common APIs between cloud providers. Replacing components while maintaining availability. Standardized virtual machine formats.

What type of cloud deployment model allows for the use of services from more than one cloud service provider? (1.2). Private cloud. Public cloud. Hybrid Cloud. Multi-cloud.

Which type of cloud deployment model allows an organization to retain control and ownership while taking advantage of public cloud services? (1.2). Private cloud. Public cloud. Hybrid cloud. Community cloud.

What kind of attack targets exposed interfaces in the cloud? (1.3). Cryptographic attacks. Injection attacks. Data breaches. Application flaws.

What is a major threat that exists because of poor security implementation in cloud computing? (1.3). Data encryption. Resource misconfiguration. Identity management. Cryptographic flaws.

What is the primary goal of cloud interoperability? (1.4). To ensure different cloud services can work together seamlessly. To understand data models. To match expected outcomes. To exchange information formats.

What aspect of portability focuses on understanding the meaning of data across different systems, platforms, or environments? (1.4). Syntactic. Semantic. Policy. Transport.

Which ISO cloud capability type allows a customer to provision fundamental computing resources such as processing, storage, or networking? (1.2). Application capabilities type. Platform capabilities type. Infrastructure capabilities type. Communications capabilities type.

What are the three cloud capability types defined in the ISO cloud model? (1.2). IaaS, PaaS, SaaS. Application, Platform, Infrastructure. CaaS, DSaaS, NaaS. Compute, Network, Storage.

What process determines which users or digital identities should be granted access privileges to specific resources or data? (1.3). Authentication. Authorization. Accounting. Identity provisioning.

What is the process that tracks and records information about all attempts by all identities to access any resources of the system? (1.3). Accounting. Authentication. Authorization. Identity provisioning.

Which technology enables fractional ownership and tokenization of assets? (1.2). Machine learning. Quantum computing. Blockchain. Edge computing.

Which key feature of blockchain provides real-time data and elimination of fraud? (1.2). Decentralized data storage. Time-stamped transaction verification. Proof of work consensus. Immutable ledger.

What capability makes machine learning and AI economically viable? (1.2). Commodity infrastructure. Quantum computing. Blockchain. Edge computing.

Which Infrastructure-as-a-Service (IaaS) characteristic allows the provision of services without regard to network boundaries? (1.2). Infrastructure capabilities. Automation and tools. Customer portal. Converged network.

What capability of Infrastructure-as-a-Service (IaaS) allows customers to add or remove infrastructure components as needed? (1.2). Infrastructure capabilities. Automation and tools. Customer portal. Scale.

What is an example of a basic network security protection a cloud provider may offer? (1.3). Virtual firewalls. Traffic monitoring. Encrypted storage. Identity management.

What is one way that using a Virtual Private Network (VPN) can improve cloud network security? (1.3). By hiding traffic patterns. By increasing WiFi range. By preventing Distributed Denial-of-Service (DDoS) attacks. By authenticating users.

What feature of Platform as a Service (PaaS) enables seamless migration of applications across different cloud environments or on-premises hypervisors? (1.2). Support for open-source frameworks. Choice of multiple languages. Autoscaling. Portability.

What allows a Platform as a Service (PaaS) platform to automatically adjust system resources based on workload fluctuations? (1.2). Portability. Language choice. Open-source frameworks. Autoscaling.

What issue related to data policies needs to be addressed during initial cloud design? (1.4). Encrypting data at rest. Limiting concurrent connections. Patching virtual network software. Ensuring regulatory compliance.

What is an example of a hypervisor attack where an attacker installs a rogue hypervisor under the legitimate one? (1.4). Hyperjacking. DDoS attack. Data leakage exploitation. Virtual network misconfiguration.

Which of the following best describes the PRIMARY challenge in securely deleting sensitive data from cloud storage? (1.3). Data may remain recoverable due to replication across multiple locations. Data deletion is automatically handled by the cloud service provide. Cloud providers guarantee that data is permanently deleted within 24 hours. Data is always physically destroyed when deleted from cloud storage.

What cryptographic method can cloud customers use to delete data themselves? (1.3). Cryptographic erasure. Degaussing. Overwriting. Physical destruction.

What is one of the main reasons an organization might adopt DevOps? (1.4). A desire for more rapid software delivery. A need for continuous security testing. A lack of automation in deployments. Deficiencies in legacy IT practices.

What aspect of DevOps requires special organizational investment? (1.4). Technology. Processes. People. Testing.

What are design patterns in software? (1.4). Perfect implementations guaranteed to have no issues. Standardized ways of implementing capabilities that have been tested over time. Unique custom implementations for each use case. Experimental new code with no testing.

How can the use of secure cloud design patterns impact cloud implementations? (1.4). It guarantees complete security. It increases the likelihood of misconfigurations. It limits unique custom implementations that are hard to evaluate. It makes installations and maintenance more complex.

What is the key difference between a cloud consumer using an alternative cloud provider for disaster recovery versus using the same provider? (1.4). Virtualization capabilities. Load balancing functionality. Available bandwidth. Data portability.

What should be done when moving from an on-premises infrastructure to the cloud for disaster recovery? (1.4). Nothing; the cloud is inherently more resilient. Virtualization and resource provisioning capabilities should be reviewed. A secondary cloud provider should be selected. Business users should be involved in planning.

What aspect of cloud computing facilitates awareness and control of costs? (1.1). Broad network access. Resource pooling. Self service. Measured service.

What is the key benefit of rapid elasticity in cloud computing? (1.1). The ability to access resources from any location. The pooling of resources across multiple users. The ability to scale resources up and down quickly. Widespread network access.

Why is ongoing security hygiene important? (1.3). Because systems naturally degrade over time. To track patch deployment status. To conduct disaster recovery. To enable threat hunting.

Which of the following is a proactive key activity in security operations? (1.3). Patching systems. Monitoring system configurations. Incident response. Threat hunting.

Why should cloud services be periodically reviewed by customers? (1.5). To check if contractual requirements are still met. To understand changes in policies. To analyze service level agreements. To verify contractual obligations.

What is the responsibility of cloud customers when evaluating providers? (1.5). To ensure providers meet legal requirements. To periodically review providers. To define and verify their own requirements. To review provider's technical elements.

What aspect of cloud security does virtualization security primarily relate to? (1.3). Identity and access management. The security of customer data and applications. The security of the cloud infrastructure. Business continuity and disaster recovery.

When does a cloud consumer have direct control or responsibility for virtualization security? (1.3). Never, it is always the cloud service provider's responsibility. When using IaaS offerings where they configure virtual components. When using PaaS offerings where they can configure platform settings. When using SaaS offerings where they access virtualized applications.

As the cloud security lead for your organization, you have been asked to mentor Hector, a trainee. Hector asks you what the cloud service characteristics are as defined in NIST SP 800-145. Which of the responses below BEST answers Hector's question? (1.1). The cloud characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. The cloud characteristics are broad network access, instant deployment, resource pooling, rapid elasticity, and measured service. The cloud characteristics are broad network access, instant deployment, resource pooling, rapid elasticity, and metered service. The cloud characteristics are on-demand self-service, broad network access, instant deployment, and metered service.

As the security officer for a federal agency, you have been asked to advise on different cloud service models. Which of the following indicates the recognized service models as defined in NIST SP 800-145? (1.1). The cloud characteristics have been withdrawn by NIST with the creation of the FedRamp initiative. Public Cloud, Private Cloud, Community Cloud, and Hybrid Cloud. Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). On-demand self-service, broad network access, resource pooling, rapid elasticity, and a measured service.

NIST defines a number of cloud deployment models. Which of the descriptions below correctly matches the deployment type? (1.1). Hybrid Cloud: The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Public Cloud: The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns. It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises. Community Cloud: The cloud infrastructure is a composition of two or more distinct cloud infrastructures (e.g., private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability. Hybrid Cloud: The cloud infrastructure is a composition of two or more distinct cloud infrastructures (e.g., private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

Which of the following terms BEST describes the role of a Cloud Service Broker (CSB)? (1.1). The CSB is a reseller of cloud solutions. The CSB is an intermediary between the cloud provider and the customer. The CSB is the metering agency commissioned by the cloud provider to collect payments from the customer. The CSB is responsible for negotiating and managing both the contract and service level agreement on behalf of the cloud provider.

As the cloud services manager for a mid-size online e-commerce retailer, you have been asked by a trainee to describe the role orchestration plays in cloud services. How would you respond? (1.1). Orchestration is the service running between the bare metal and the different virtual machines operating cloud services. Orchestration is the accepted best practice approach to managing the different cloud service model types, SaaS, PaaS, and IaaS, to provide an integrated and cohesive service offer. Orchestration is the method of coordinating cloud service provision from different providers to effectively meet the needs of an organization. Orchestration is the method of managing cloud services that usually involves some form of automation to simplify their management overhead and maintenance.

Cloud bursting is a capability offered by many cloud service providers. Which of the following BEST describes this term? (1.1). Cloud bursting is a security breach containment strategy occurring in a multi-tenant environment. Cloud bursting is seamless movement from one cloud service type to another without requiring intervention. An example is moving from SaaS to a PaaS deployment. Cloud bursting is the capability to utilize public cloud resources dynamically when existing resources in a private cloud or on-premises infrastructure are exhausted. Cloudbursting is the unauthorized transfer of workloads to a cloud service within an organization—for example, the commissioning of a SaaS application by a shadow IT function without approval.

Jacob, a research analyst for your company, has been investigating new cloud services and asks you what the term 'serverless computing' means. From the options below, which response BEST answers Jacob's question? (1.1). Serverless computing still involves using server infrastructure, but it is abstracted from the cloud customer / implementer view. Serverless computing involves accessing raw services, such as storage, directly and does not involve the service provider offering an operating system. Serverless computing is a form of cloud offering that does not involve virtualization. Serverless computing is a commercial approach that removes the role of the cloud service broker from any contractual arrangement.

Which of the responses below BEST describes the cloud computing term 'multicloud'? (1.1). Multicloud involves the use of multiple cloud deployment types (e.g., public, private, community and hybrid). Multicloud involves the use of multiple cloud service providers. Multicloud involves the use of multiple cloud service types such as SaaS, PaaS, and IaaS. Multicloud is the mixed provision of on-premise and cloud-based service provision.

Which voluntary regulation relating to financial services is the MOST widely adopted globally? (1.1/1.5). Gramm-Leach-Bliley. SWIFT. PCI-DSS. Sarbanes-Oxley.

Which international standard specifically addresses controls for cloud-based services? (1.5). SO/IEC 27001. ISO/IEC 27005. ISO/IEC 27017. ISO/IEC 27035.

Which organization created and maintains the FIPS140-3 standard? (1.5). BSI. ISO. NCSC. NIST.

What is the correct term for malware that can escape from a virtual environment and adversely impact the hypervisor and potentially other virtual instances including virtual environments of other tenants? (1.3). VM pivot attack. VM escape attack. VM hypervisor attack. VM virtual-physical attack.

Which of the responses below BEST describes the constituent elements of a digital signature? (1.3). A message digest is hashed, and the output is encrypted with the public key of the sender. Source input is hashed, and the output is encrypted with the public key of the sender. Source input is hashed, and the output is encrypted with the private key of the sender. Source input is hashed, and the output is encrypted with the public key of the recipient.

Aresh works within your organization as a data steward. He is concerned that big data analysis of cloud service application data may contain PII/PHI. He has been told by a vendor that tokenization offers a way to ensure the data remains accessible while allowing for anonymized access. He wants to understand how this works. Which of the responses below BEST describes how tokenization works in practice? (1.3). Tokenization deploys a token to clients, helping to ensure that any sensitive information can be removed by the application server prior to transmission. Tokenization deploys a token to servers, helping to ensure that any sensitive information can be removed by the database server prior to transmission. Tokenization breaks datasets up into separate tables that are linked by foreign keys; this allows one table to hold non-sensitive information and be used for purposes such as analytics. Tokenization unifies disparate datasets, allowing for granular control over what the DBMS presents to the web application.

What is a PRIMARY goal of provisioning and deprovisioning in access management within cloud environments? (1.3). To ensure that all users have unrestricted access to all cloud resources. To standardize access processes, prevent "authorization creep," and mitigate risks. To allow nonperson entities unlimited access to cloud services for efficiency. To disable user accounts only when they leave the organization.

You have asked the executive board of your organization to provide a mandate for creating business continuity (BC) and disaster recovery (DR) plans for your organization. A member of the board has asked why two plans are necessary and the key difference between BC and DR. What is the BEST response? (1.4). Business continuity is the function of ensuring critical functions remain available during a contingency event. Disaster recovery is the function of moving from a contingency state to a stable position of operation. Business continuity is the function of moving from a contingency state to a stable position of operation. Disaster recovery is the function of ensuring critical functions remain available during a contingency event. Business continuity is the function of ensuring all functions remain available during a contingency event. Disaster recovery is the function of moving from an operational state to an optimal position of operation. Business continuity is the function of ensuring all functions remain available during a contingency event. Disaster recovery is the function of moving from a contingency state to a stable position of operation.

Which of the following is the correct order of cloud data? (1.4). Create, Use, Store, Share, Archive, Destroy. Create, Store, Use, Share, Archive, Destroy. Create, Use, Save, Share, Archive, Destroy. Create, Use, Store, Share, Backup, Destroy.

The Common Criteria (CC) is an international set of guidelines and specifications formalized in which ISO standard? (1.5). ISO/IEC 27008. ISO/IEC 27408. ISO/IEC 15008. ISO/IEC 15408.

The Common Criteria (CC) framework defined under ISO/IEC 15408 is used to offer function assurance as to a product's security capabilities. Which response BEST describes the approach of the CC? (1.5). The CC uses security functional and assurance requirements to form a security target profile. The target of evaluation is the product to be evaluated. The CC uses security technical and assurance requirements to form a security threat profile. The protection profile represents the product to be evaluated. The CC uses security functional and assurance requirements to form a security target profile. The protection profile represents the product to be evaluated. The CC uses security technical and assurance requirements to form a security threat profile. The target of evaluation is the product to be evaluated.

Which description BEST explains the term 'vendor lock-in'? (1.2). Vendors lock in customers through a long-term contract—customers achieve lower costs and manage risk with a service level agreement. Vendors lock in customers through a long-term contract-customers achieve lower costs and manage risk with a service level agreement. Clients are forced to continue using a supplier solution, regardless of price or quality, often due to lack of data portability. Clients are forced to continue using a vendor solution owing to contractual obligations, often where SLAs have been poorly described within a contract.

Which characteristic of cloud computing ensures that services can be accessed over the internet from a wide range of devices, such as smartphones, tablets, and laptops? (1.1.3). Elasticity. Broad network access. Resource pooling. On-demand self-service.

What concept enables multiple customers to securely share physical and virtual resources in a cloud environment? (1.1.3). Broad network access. Elasticity. Resource pooling. High availability.

Which key characteristic of cloud computing allows users to provision resources without manual intervention? (1.1.3). On-demand self-service. Elasticity. Scalability. Portability.

Which of the following is a foundational technology enabling the abstraction of physical resources in cloud computing? (1.1.4). Load balancing. Virtualization. Cryptography. Data dispersion.

Which architectural component is responsible for automating cloud resource provisioning? (1.2.1). Orchestration layer. Network layer. Service layer. Application layer.

Which deployment model is designed for exclusive use by a single organization? (1.2.4). Hybrid cloud. Public cloud. Community cloud. Private cloud.

Which cloud service model gives customers the most control over the environment? (1.2.3). PaaS. SaaS. IaaS. FaaS.

What cloud architecture component enables interoperability between services? (1.2.1). Application Programming Interfaces (API). Hypervisors. Load balancers. Encryption algorithms.

What ensures that cloud services remain operational during hardware failures? (1.3.1). Elasticity. High availability. Portability. Multitenancy.

Which mechanism directly enforces isolation and prevents unauthorized access to virtualized workloads in a multitenant cloud environment? (1.3.5). Perimeter firewall policies. VPN encryption. Network segmentation. Hypervisor-based access controls.

Which type of network security focuses on monitoring and inspecting internal traffic between cloud resources? (1.3.4). East-west traffic inspection. Perimeter security. North-south traffic filtering. VPN monitoring.

What is a key risk of shared infrastructure in multitenant environments? (1.3.3). Limited scalability. Vendor lock-in. Data isolation breaches. Service unavailability.

Which principle allows organizations to avoid dependency on a single cloud service provider? (1.4.1). Resource pooling. Portability. Elasticity. Encryption.

A multinational organization regularly transfers sensitive customer data between its primary cloud provider and a secondary provider for redundancy. To ensure the data is protected from interception or tampering during these transfers, which mechanism provides encryption of both data payload and routing information? (1.4.2). Transport mode encryption. Tunnel mode encryption. Data deduplication. Resource pooling.

Which cloud design pattern supports modular application development and deployment? (1.4.6). Microservices. Monolithic architecture. Legacy systems. Centralized control.

A financial services company processes highly sensitive customer data in a cloud environment. To protect this data from being fully exposed in the event of a breach or unauthorized access at a single location, which security mechanism should the company implement? (1.4.5). Enforcing encryption policies and storing in one data center. Replicating data across multiple data centers. Enabling centralized storage of critical data. Splitting data into fragments and storing them across multiple locations.

Which certification ensures that cloud providers follow data privacy standards? (1.5.2). SOC 2. PCI DSS. ISO/IEC 27018. FIPS 140-2.

What is a critical factor in evaluating a cloud provider's reliability? (1.5.1). Backup frequency. Encryption algorithms. Number of data centers. Uptime percentage.

A multinational organization is evaluating cloud providers to ensure their platform adheres to globally recognized cloud-specific security standards. Which certification should they prioritize? (1.5.2). SOC. ISO/IEC 27017. ISO 9001. NIST 800-53.

Which process enables a cloud provider to achieve CSA STAR Level 2 certification, ensuring compliance with both cloud-specific and general security standards? (1.5.2). Third-party audits. Continuous risk assessments. Internal compliance reviews. Vendor self-assessments.

ISO/IEC 17789 and its successor, ISO/IEC 22123:2023, define three main roles for cloud computing. Which of the following is NOT a role? (1.1). Cloud Service Partner (CSN). Cloud Service Provider (CSP). Cloud Service Customer (CSC). Cloud Service Regulator (CSR).

A key characteristic of cloud computing is Broad Network Access. Which of the following is the correct definition of Broad Network Access? (1.1). Broad Network Access means that cloud capabilities are accessible over the network and can be used through standard mechanisms by a wide variety of devices such as laptops, smartphones, and tablets. Broad Network Access refers to the ability to deploy applications across multiple cloud service providers without modification. Broad Network Access ensures that cloud services are accessible from a wide geographical region to enhance availability. Broad Network Access refers to the fact that the cloud is serviced by high-speed broadband network services.

Which of the following scenarios BEST demonstrates Rapid Elasticity in a cloud environment? (1.1). A cloud service automatically scales up resources during a spike in resource demand and scales down during low usage periods without requiring manual intervention from the administrator. A cloud provider offers a fixed amount of resources that must be upgraded manually if additional capacity is needed. A system administrator sets up a cloud server with a pre-defined capacity that remains constant, regardless of usage patterns. A company reserves additional cloud resources in advance for an anticipated increase in traffic during a seasonal sale.

Which of the following BEST describes the role of virtualization in cloud computing? (1.1). Virtualization separates the presentation of a service or capability from the underlying physical infrastructure, enabling dynamic provisioning, scalability, and consistent service delivery to cloud consumers. Virtualization eliminates the need for physical infrastructure in cloud computing, allowing cloud services to operate entirely in software environments. Virtualization only applies to computing resources and does not involve storage or network services. Virtualization ensures that cloud services remain static, preventing dynamic changes to workloads or infrastructure.

Which of the following is NOT the responsibility of a Cloud Service Partner (CSN)? (1.2). Designing, creating, and maintaining service components, including providing fixes and enhancements. Developing and composing new services by combining or modifying existing cloud services. Testing services and components to ensure they meet functional requirements. Directly managing the physical infrastructure of data centers hosting cloud services.

Which of the following is NOT a cloud capability type according to ISO/IEC 17788 and its successor, ISO/IEC 22123:2023? (1.2). Infrastructure as a Service (IaaS). Platform as a Service (PaaS). Software as a Service (SaaS). Encryption as a Service (EaaS).

According to ISO/IEC 17788 and its successor, ISO/IEC 22123:2023, which of the following statements is correct regarding cloud service categories? (1.2). IaaS, PaaS, and SaaS are defined strictly as capability types and not as service categories. The ISO standard differentiates between capability types and service categories, but IaaS, PaaS, and SaaS overlap as both. The CCSP standard eliminates the need to differentiate between capability types and service categories entirely. IaaS, PaaS, and SaaS are not included in the ISO-defined cloud service categories.

Alice, a cloud security specialist, is analyzing risks associated with a new company acquired by her organization. The newly acquired company operates in the financial services industry and currently relies on an enterprise network. Management insists on moving the company's data to the cloud as soon as possible to improve scalability and cost efficiency, but Alice is concerned that potential public cloud providers may lack sufficient controls to address the regulatory and compliance risks posed by the new dataset. Which cloud deployment model would be most suitable for Alice to recommend to BEST balance regulatory compliance, security, and cost efficiency for the financial services industry? (1.2). Community Cloud. Public Cloud. Hybrid Cloud. Private Cloud.

Alice, a cloud security specialist, is analyzing risks associated with a new company acquired by her organization. The newly acquired company operates in the financial services industry and currently relies on an enterprise network. Management insists on moving the company's data to the cloud as soon as possible to improve scalability and cost efficiency, but Alice is concerned that potential public cloud providers may lack sufficient controls to address the regulatory and compliance risks posed by the new dataset. During negotiations with a potential Cloud Service Provider, Alice realizes that the company does not currently have the skillet required to build the required infrastructure. What would be a good course of action to recommend to management? (1.2). Platform as a Service (PaaS). Infrastructure as a Service (IaaS). Software as a Service (SaaS). Delay Migration until in-house skills improve.

Which of the following BEST defines cloud resiliency? (1.2). The ability of a cloud services data center and its components to continue operating during a disruption, such as equipment failure or a natural disaster. The capacity of a cloud provider to automatically scale resources based on fluctuating demand. The process of replicating data across multiple regions to ensure high availability for users worldwide. The implementation of advanced security measures to protect against unauthorized access and cyberattacks.

Which of the following correctly defines reversibility as it refers to a Cloud Services Provider (CSP)? (1.2). A contractual clause allowing reversal of charges for services by a CSP. The process whereby a Cloud Services Customer (CSC) removes all its data from a CSP. A term that refers to Virtual Machine snapshotting. The process whereby a CSP removes controls applied by a Cloud Services Customer (CSC).

Which of the following is NOT a capability of blockchain? (1.2). Blockchain increases security through its decentralized nature, avoiding a central point of failure. Blockchain verifies transactions using proof of work consensus and hashing algorithms. Blockchain ensures an immutable ledger, making data alteration or falsification impossible without detection. Blockchain eliminates the need for hashing algorithms by relying solely on centralized verification.

Which of the following statements accurately describes the differences and capabilities of Virtual Machines (VMs) and Containers? (1.2). Containers are more lightweight than VMs, using fewer resources and starting or stopping more quickly. Containers include only the code and dependencies required for the software to run, unlike VMs, which include a full operating system. Containers support cloud elasticity by enabling rapid scaling of instances, unlike traditional VMs. Containers provide a full virtualized operating system, making them as resource intensive as VMs.

What is the main goal of Edge Computing Technology? (1.2). To create common controls utilized by both data sources and service requesters. To isolate service requesters from data sources to increase security. To reduce latency experienced by service requesters. To comply with international privacy laws.

What is the definition of Availability with respect to the CIA triad? (1.3). 99.999% uptime is the standard calculation uptime. Availability is defined by whatever is contractually agreed upon by the Service Provider and Service Consumer. Whenever someone with the right to access a system wants to access it, they are able to. Availability is defined by regulatory requirements specified by appropriate agencies.

Which of the following BEST defines governance within the context of governance, risk management, and compliance (GRC)? (1.3). Governance ensures the business focuses on core activities, defines decision-making authority, clarifies accountability, and evaluates performance within a specific context. Governance ensures compliance with all industry regulations, focusing primarily on adherence to external standards and minimizing legal risks. Governance focuses on managing day-to-day operational tasks and ensuring teams meet project deadlines efficiently. Governance prioritizes the implementation of technical solutions to mitigate cybersecurity threats across the organization.

What is NOT true about effectively implementing Geofencing? (1.3). Geofencing depends on accurate physical location information, but IP-based geolocation is imprecise and can be easily spoofed using methods like VPNs or compromised systems. High-quality geofencing requires hardware trust mechanisms, secure boot, and device management tools, which can be complex and costly to deploy. The effectiveness of geofencing relies on the degree of confidence in the location data, which varies widely depending on device controls and configuration. Geofencing works effortlessly and seamlessly with all devices and network connections without requiring additional security measures or hardware assurances.

Which of the following is NOT a correct facet of cloud data portability? (1.4). Syntactic: Transferring data using formats like XML or OVF that can be decoded on the target system. Semantic: Transferring data so the target system understands the data model in the context of the subject area. Policy: Transferring data to ensure compliance with laws, regulations, and organizational mandates. Physical: Transferring data by manually delivering hardware storage devices between systems.

Why would a cloud architect rely on design patterns? (1.4). To implement a known good approach that reduces the likelihood of errors or misconfigurations. To ensure high levels of security and future-proof the effectiveness of cloud implementations. To simplify installation, maintenance, and monitoring of cloud services by using standardized solutions. To gain confidence in a solution by leveraging tested and widely implemented configurations.

DevOps has often been described as: (1.4). A framework to implement Waterfall development. A logical extension of Agile. Classic enterprise development methodology. The simplest way to develop software.