Answers:

a1 i) Cloud storage may be broadly categorized into two major classes of storage:
unmanaged and managed storage. In unmanaged storage, the storage service provider
makes storage capacity available
to users, but defines the nature of the storage, how it may be used, and by what
applications. The
options a user has to manage this category of storage are severely limited. However,
unmanaged
storage is reliable, relatively cheap to use, and particularly easy to work with. Most of the
userbased applications that work with cloud storage are of this type.

a1ii) Instead, most users

interact with cloud storage using backup, synchronization, archiving, staging, caching, or
some
other sort of software. The addition of a software package on top of a cloud storage volume
makes
most cloud storage offerings conform to a Software as a Service model.

a2 i ) Cloud Data Management Interface (CDMI).

CDMI works with the storage domain model shown in Figure 15.8 to allow for interoperation
between different cloud systems, whether on public, private, or hybrid cloud systems. CDMI
includes commands that allow applications to access cloud storage and create, retrieve,
update,
and delete data objects; provides for data object discovery; enables storage data systems to
communicate with one another; and provides for security using standard storage protocols,
monitoring
and billing, and authentication methods. CDMI uses the same authorization and
authentication
mechanism as NFS (Network File System) does.

a2 ii) incremental backup

reverse delta backup
comtinuous data protection
openfile backup

a3 i )SNIA cloud storage management model. In the figure, XAM stands for the
eXtensible Access Method, a storage API developed by SNIA for accessing content on
storage
devices. VIM stands for Vendor Interface Modules, which is an interface that converts XAM
requests into native commands that are supported by the storage hardware operating
systems

a3 ii )CDMI uses metadata for HTTP, system, user, and storage media attributes accessing
them through
a standard interface using a schema that is known as the Resource Oriented Architecture
(ROA). In
this architecture, every resource is identified by a standardized URI (Uniform Resource
Identifier)
that may be translated into both hypertext (HTTP) and other forms. CDMI uses the SNIA
eXtensible Access Method (XAM) to discover and access metadata associated with each
data object.

B1) i)
Interior security threats that may occur. However, some common interior security threats that
can occur in any cloud environment include insider threats, data breaches,
misconfigurations, and unauthorized access. It is important for organizations to implement
appropriate security controls and best practices to mitigate these risks.

ii)
Cloud information interoperability refers to the ability of different cloud services and systems
to communicate and share data securely. In a multi-cloud environment, where organizations
use multiple cloud providers and services, ensuring interoperability is crucial for maintaining
a secure and efficient system. By ensuring cloud information interoperability, organizations
can improve their security posture by enabling better visibility, control, and compliance
across their entire cloud ecosystem.

iii)
Yes, reliability and scalability are essential for any cloud environment. Reliability ensures that
the cloud infrastructure and services are available and functioning as expected, while
scalability allows the cloud environment to handle increasing workloads and traffic. Without
reliability and scalability, cloud services may experience downtime, service disruptions, and
performance issues, which can lead to financial losses, damage to reputation, and increased
security risks. Therefore, it is crucial to design and implement reliable and scalable cloud
architectures and solutions that can meet the needs of the organization and its users.

B2)
i)
The diagram illustrates the steps involved in a cloud audit, which includes specifying the
records of cloud data that are maintained to trace duplicate transactions forwarded from
cloud storage. This is important to ensure the integrity and accuracy of data in the cloud
environment, as duplicate transactions can result in data inconsistencies and errors. By
maintaining records of all transactions in the cloud storage, it is possible to trace and identify
any duplicate transactions and take appropriate corrective actions.

ii)
Cloud secure development involves implementing security controls at multiple layers of the
cloud architecture to protect against security threats. This includes analyzing the
intermediate actions of each layer to ensure that the previous layer is adequately protected
in case of a breach. For example, if the application layer is breached, the data layer should
still be protected by access controls, encryption, and other security measures.

iii)
Authorization is a critical aspect of cloud security, and it is essential to ensure that every
request by a subject to access an object in a computer system undergoes a valid and
effective authorization procedure. In the context of a cloud audit, authorization procedures
should be implemented to ensure that auditors have access to the relevant cloud data for
auditing purposes. This may involve implementing appropriate access controls, such as IAM
policies, to ensure that auditors have the necessary permissions to access the cloud data.

B3 i
Non-functional requirements are concerned with the non-functional aspects of the
software such as usability, security, availability, capacity, reliability and compliance1.
These requirements are important because they help ensure that the software is
secure and reliable. For example, security requirements ensure that the software is
protected against unauthorized access and data breaches.

ii)
In Business Continuity Planning (BCP), the senior management plays a critical role in
ensuring that the plan is incorporated into the organization’s culture and that it is
followed during a disaster
All four steps of the Business Continuity Planning (BCP) lifecycle are important and
should be incorporated into the organization’s culture.

iii)
In order to strengthen information backup in cloud platforms, it is important to have
an effective Business Continuity and Disaster Recovery (BC/DR) plan in place1. This
plan should include specific considerations for the cloud, such as capturing platform
disaster recovery requirements and designing BCDR capabilities

Section C

C1)
i)

ii. Determine the sensitivity

iii. Determine the risk
i. Determine resources
iv. Choose the service model
v. Evaluate the system.

ii)
IaaS model provides the social media network to
represent the security boundary for the vendor because it is responsible for security
of the physical data centers and other hardware that power the infrastructure —
including VMs, disks and networks.

iii)
Reasons for website hacking and virus attack on social media networks:

● Large user base and attractive target for cybercriminals.

● Open platform and potential vulnerabilities.
● Third-party applications and risk of malicious applications.

Steps to overcome website hacking and virus attack on social media networks:

● Use strong passwords and enable two-factor authentication.

● Keep software and antivirus programs up-to-date.
● Be cautious of suspicious links and attachments.
● Limit sharing of personal information.
● Use privacy settings.
● Regularly monitor accounts.
● Educate employees on cyber threat prevention.

C2)
i)

Consecutive elements used to ensure CIA triad by considering the organization'S

security.
● Identification of assets
● Risk assessment
● Risk management
● Access control
● Data protection
● Availability management
● Incident response
● Continual improvement

ii)
iii)
Threats evicted in public attributes in Access Control:

● Unauthorized Access
● Data Breaches
● Data Modification
● System Overload
● Malware Infection
C3)
i) The encounters to deploy cloud security on a banking system application:

● Data Breaches
● Compliance and Regulatory Issues
● Service Availability
● Vendor Lock-In
● Cloud Service Management
● Identity and Access Management
● Cloud Security Architecture
(For this ques , better choose the points from the diagram)

ii)
Shifting from AWS cloud to Google Cloud Services can be challenging as both cloud
services have different techniques and functions. An organization may face
problems such as shifting all data, compatibility issues, performance disruptions,
long cutover windows or long-distance data transfers. To overcome these
challenges, it is important to set up a secure site-to-site connection between AWS
and Google Cloud using VPNs (Virtual Private Networks)