Free Cloud Security Alliance CCSK Practice Exam with Questions & Answers | Set: 4

InInfrastructure as a Service (IaaS), the customer has themost control and security responsibilitybecause:

The provider only secures physical infrastructure (data centers, networking, hardware).

Customers must configure and manage firewalls, network security, operating system patches, and IAM.

Data security, encryption, and application security are entirely the customer's responsibility.

In contrast:

PaaS (Platform as a Service)places some security responsibility on the provider (e.g., runtime environments, managed databases).

SaaS (Software as a Service)places most security responsibility on the provider, with customers mainly managingidentity and access controls.

This is extensively discussed in:

CCSK v5 - Security Guidance v4.0, Domain 1 (Cloud Computing Concepts and Architectures)

Cloud Controls Matrix (CCM) - Infrastructure and Application Security Controls​.

Infrastructure as a Service (IaaS) primarily provides users with storage, computing resources, and networking capabilities. In the IaaS model, cloud providers offer virtualized computing resources over the internet. Users can rent servers, storage, and networking equipment without needing to manage the physical hardware themselves. This allows for flexible scaling and resource management according to the users' needs.

FaaS focuses on serverless computing where users run code in response to events. PaaS provides a platform that allows users to develop, run, and manage applications without worrying about the underlying infrastructure. SaaS delivers fully managed applications over the internet, where users access software without managing the infrastructure.

The key characteristic that differentiates cloud networks from traditional networks is that cloud networks are often software-defined networks (SDNs). This means that network management, configuration, and provisioning in the cloud are handled through software, rather than relying on traditional hardware-based network components. SDNs allow for greater flexibility, scalability, and automation, enabling cloud providers to dynamically adjust resources to meet changing demands.

Infrastructure as Code (IaC)allows organizations toautomate cloud infrastructure managementusingcode-based templatesinstead of manual configuration.

Key Benefits of IaC:

Version Control & Automation

IaC uses version control systems (e.g., Git) to track changes in infrastructure.

Developers can quickly deploy infrastructure updates, reducing human errors.

Ensuresconsistent, repeatable deploymentsacross environments.

Rapid & Scalable Deployments

EnablesCI/CD (Continuous Integration/Continuous Deployment)pipelines.

Automates infrastructure provisioning, reducingdeployment time from hours to minutes.

Works withTerraform, AWS CloudFormation, Ansible, and Kubernetes manifests.

Security & Compliance Enhancements

Policies as Code (PaC) & Security as Code (SaC) enforce security best practices.

Cloud Security Posture Management (CSPM)scans IaC for misconfigurations.

Reducesshadow IT risksby enforcingpre-approved infrastructure templates.

Prevents Configuration Drift

RegularIaC re-application (desired state enforcement)ensuresconsistent infrastructure settings.

Eliminatesmanual misconfigurations that lead to security vulnerabilities.

This is extensively covered in:

CCSK v5 - Security Guidance v4.0, Domain 6 (Management Plane and Business Continuity)

Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) - Infrastructure and Configuration Management Controls​.

Platform as a Service (PaaS) provides a development and deployment environment with resources that enable users to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.

According to CSA Security Guidance v4.0 – Domain 1: Cloud Computing Concepts and Architectures:

“PaaS adds an additional layer of integration with application development frameworks, middleware capabilities, and functions such as databases, messaging, and queuing. These services allow developers to build applications on the platform with programming languages and tools that are supported by the stack.”

(CSA Security Guidance v4.0, Domain 1)

This integration with app development and middleware is the key defining feature of PaaS.

Enforcing the principle of least privilege is the practice of granting users and systems the minimum level of access necessary to perform their tasks. By limiting root or core access and restricting the creation of deployments to onlythose who absolutely need it, the risk of unauthorized access, misuse, or damage is minimized. This helps ensure that critical systems and sensitive data are protected by reducing the number of people or services with high-level access.

Trust and verify on demand is not a standard security practice and could create security gaps. Disabling multi-factor authentication is a poor security practice, as multi-factor authentication (MFA) enhances security by adding an additional layer of verification. Deploying applications with full access) contradicts the principle of least privilege and could expose the system to unnecessary risks.

Cloud computing is adopted mainly for its cost-effectiveness and the ability to accelerate time-to-market, enhancing business agility. Reference: [Security Guidance v5, Domain 1 - Cloud Benefits]