Non-Functional Requirements for Cloud Security and Compliance | Exam CV0-002

The Company's Approach to Cloud Security and Compliance

Question

A company wants to take advantage of cloud benefits while retaining control of and maintaining compliance with all its security policy obligations.

Based on the non-functional requirements, which of the following should the company use?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

The company wants to enjoy the benefits of cloud computing while maintaining control over their security policies and remaining compliant. This implies that the company is looking for a cloud solution that can offer them a higher degree of control over their security while still benefiting from cloud services.

Non-functional requirements refer to the attributes of the system, such as security, scalability, and availability, rather than the functionality of the system. In this case, the non-functional requirement is security.

Let's analyze the given options one by one:

A. Hybrid cloud, as use is restricted to trusted customers: A hybrid cloud solution combines both private and public cloud infrastructures, allowing the company to retain control over its sensitive data while benefiting from the scalability and flexibility of the public cloud. This solution is suitable for organizations that want to maintain high security and compliance levels while still utilizing cloud services. It can be a good option for companies that need to store sensitive information, such as customer data or financial information, in-house, while using the public cloud for non-sensitive applications. Therefore, option A seems to be a suitable choice.

B. IaaS, as the cloud provider has a minimal level of security responsibility: Infrastructure as a Service (IaaS) is a cloud computing model that provides virtualized computing resources such as servers, storage, and networking. With IaaS, the cloud provider is responsible for the security of the physical infrastructure and the virtualization layer, while the customer is responsible for securing the operating systems, applications, and data. Although IaaS provides more control over security than other cloud models, it still requires a significant amount of security management by the customer. Therefore, option B is not the best choice for the company's requirements.

C. PaaS, as the cloud customer has the most security responsibility: Platform as a Service (PaaS) provides a platform for the development, testing, and deployment of applications. With PaaS, the cloud provider is responsible for securing the infrastructure, runtime, and middleware, while the customer is responsible for securing the application and data. This solution provides a higher level of abstraction than IaaS and requires less security management from the customer. However, the company wants to maintain control over their security policies, which may not be possible with PaaS. Therefore, option C is not the best choice for the company's requirements.

D. SaaS, as the cloud provider has less security responsibility: Software as a Service (SaaS) provides applications that are accessible over the internet. With SaaS, the cloud provider is responsible for securing the application and the infrastructure, while the customer is responsible for securing their data. This solution provides the least amount of control over security compared to other cloud models, which may not be suitable for the company's requirements. Therefore, option D is not the best choice for the company's requirements.

In conclusion, option A (Hybrid cloud) seems to be the most suitable choice for the company's requirements.