Page 1585 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1585
Chapter 9: Security Vulnerabilities, Threats,
and Countermeasures
1. The three standard cloud-based X-as-a-service options are
platform as a service (PaaS), software as a service (SaaS), and
infrastructure as a service (IaaS). PaaS is the concept of providing
a computing platform and software solution stack as a virtual or
cloud-based service. Essentially, this type of cloud solution
provides all the aspects of a platform (that is, the operating system
and complete solution package). The primary attraction of PaaS is
the avoidance of having to purchase and maintain high-end
hardware and software locally. SaaS is a derivative of PaaS. SaaS
provides on-demand online access to specific software applications
or suites without the need for local installation. In many cases,
there are few local hardware and OS limitations. SaaS can be
implemented as a subscription, a pay-as-you-go service, or a free
service. IaaS takes the PaaS model yet another step forward and
provides not just on-demand operating solutions but complete
outsourcing options. This can include utility or metered computing
services, administrative task automation, dynamic scaling,
virtualization services, policy implementation and management
services, and managed/filtered internet connectivity. Ultimately,
IaaS allows an enterprise to scale up new software or data-based
services/solutions through cloud systems quickly and without
having to install massive hardware locally.
2. The four security modes are dedicated, system high,
compartmented, and multilevel.
3. The three pairs of aspects or features used to describe storage are
primary vs. secondary, volatile vs. nonvolatile, and random vs.
sequential.
4. Some vulnerabilities found in distributed architecture include
sensitive data found on desktops/terminals/notebooks, lack of
security understanding among users, greater risk of physical
