Sharad Institute of Technology Polytechnic, Yadrav.

CSIT Department
Model Answer Sheet of Test II
Summer 2023- 24
Course & Year code: IH4I Sem : IV
Class: SY CSIT Div: -
Subject Name: Cloud System & service Sub. Code:22497
Faculty Name:Mrs V.S.Mali Marks: 20

Que Sub Total

Answer Marks
No. Que. Mark

a List key components of cloud Security Architecture

2M
1 IAM
Correct
2.Encryption
answer
3.Network Security 2M
4.Data Loss Prevention
Q.1 Security Monitoring & Lagging
(A)

b Enlist Key points of Data Classification

2M
* Identification Correct
answer
* Categorization
2M
* Documentation
* Training

a Define Edge Computing With its benefits

A Edge computing ia the network Paradigm Which arrange the network near the
User.
Or 2M
Edge computing is a distributed information technology (IT) architecture in 8
Correct
which client data is processed at the periphery of the network, as close to the answer
originating source as possible. 2M
Benefits :
Reduced delay and Improved Performance
Improved Security and Data Privacy
High Resiliency
Q.1 Increased Scalability
(B) Operational Cost Savings

b Define RESTFUL API with its Benefits

Representational State Transfer (REST) is an architectural style that defines a set
of constraints to be used for creating web services.
Benefits 2M
Client server architecture Correct
Statelessness answer
uniform interface 2M
cacheablity

Q.2
(A) a. Draw and explain Cloud Database Architecture

2M
for
 Client level application- explana
tion of
client application interact with the cloud database through API OR Each
database driver. This applications can be web application, mobile app of Compon
ent and
other services accessing for the db for data storage & manipulation.
2M for
Diagra
 End user m

End users are used in product development for accessing database to store
data
 Administrative level-

Administrator level is also called as cloud service provider level.

Administrator provides secure access to db & manage backup solution to
prevent data loss in system failure.
It also help to develop the database system level stages
 Security level-

Security level give protection over the human's error in db.

 Data centre level-

Data centre levels are used by data centre programmer & it is used to store
& manage data.
It also used to store critical application level data.
Data centre level is design is based on a network of computing & storage
resources.
client level application send a request to data centre level to access data of
load balancing & high availability of an application.
  server-

It is used to store & manage databases that are stored on server & to
provide data access for authorized users.

 Management & monitoring -

Management & monitoring tools provided by the cloud provider enable

administrators to configure, monitor & manage & optimize the db
infrastructure.

b
Explain Cloud Identity & access management IAM Policies in Details

There are several types of IAM policies in AWS that you can use to
control access to AWS resources. Here are some of the most common
types of IAM policies:

1. Identity-Based Policies Explain

These policies are attached to individual IAM users, groups, or roles Each
and define what actions they can perform on which AWS resources. Policies
These policies are the most granular and can be tailored to specific 4M
entities. 12

2. Resource-Based Policies
These policies are attached directly to AWS resources such as S3
buckets, SQS queues, or SNS topics. They define which principals
(users, roles, accounts) can access the resource and what actions they
can perform.

3. Organization Policies (Service Control Policies - SCPs)

SCPs are used in AWS Organizations to set permissions across all
accounts within an organization. They allow you to set restrictions on
which services and actions can be used within member accounts.

4. Permission Boundaries
Permission boundaries are an advanced feature in IAM that allow you
to control the maximum permissions that a user or role can have. This
is useful in scenarios where you want to limit the permissions that can
be attached to a user or role.

5. Managed Policies
AWS provides a set of managed policies that define common sets of
permissions. These policies can be attached to multiple users, groups,
or roles. Examples include Administrator Access, PowerUserAccess,
and ReadOnlyAccess.

6. Inline Policies
Inline policies are policies that are embedded directly into a user,
group, or role. These policies are defined and managed within the
identity they are attached to and are useful for providing specific
permissions to a single entity.
 7. Session Policies
Session policies are temporary policies that are passed when an IAM
user assumes a role. These policies can further restrict the permissions
that the user has while assuming the role.

8. Cross-Account IAM Roles

IAM roles allow you to delegate access to users in another AWS
account. By establishing trust relationships and defining permissions
in the role's policies, you can grant users from another account access
to your resources.
a Explain different types of cloud data backup & recovery Explain
Each
There are several types of cloud data backup and recovery solutions, each Types
with its own characteristics and advantages. Here are some common types: with
pros
and
1. Full Backup: cons 4M
A full backup involves making a complete copy of all data stored in a
system or application. This type of backup captures every file, folder, or
database in its entirety.
• Pros
1. Quick restore time
2. Storage management is easy since all the data is stored on a single
version
3. Easy version control allows you to maintain and restore different
versions without breaking a sweat
4. File search is easy as it gets
• Cons
1. Demands the most storage space comparatively
Q.2 2. Depending on their size, it takes a long time to back up files
(B) 3. The need for additional storage space makes it the most expensive
backup method
4. The risk of data loss is high since all the data is stored in one place

2. Incremental Backup:
Incremental backups only capture changes made to the data since the last
backup, reducing the amount of data transferred and stored compared to
full backups.
• Pros
1. Efficient use of storage space since files are not duplicated in their
entirety
2. Lightning-fast backups
3. Can be run as often as desired, with each increment being an
individual recovery point
• Cons
1. Time-consuming restoration since data must be pieced together
from multiple backups
2. Successful recovery is only possible if all the backup files are
damage-proof
3. File search is cumbersome – you need to scout more than one
backup set to restore a specific file
 3. Differential Backup:
Differential backups capture all changes made since the last full backup.
Unlike incremental backups, they do not rely on previous backup sets to
restore data.
• Pros
1. Takes less space than full backups
2. Faster restoration than incremental backups
3. Much faster backups than full backups
• Cons
1. Potential for failed recovery if any of the backup sets are incomplete
2. Compared to incremental backups, the backup takes longer and
requires more storage space
3. Compared to full backups, restoration is slow and complex

4.Snapshot Backup
- *Explanation:* Snapshot backups capture the state of a system or
dataset at a specific point in time. They create a read-only copy of the
data, allowing users to revert to that state if needed.
- *Advantages:* Snapshot backups are instantaneous and provide a
consistent view of data at the time of backup. They are commonly used for
virtual machines and databases.

5. Cloud-to-Cloud Backup:
- *Explanation:* Cloud-to-cloud backup involves backing up data from
one cloud service to another cloud provider's infrastructure. This is often
used to protect data stored in Software-as-a-Service (SaaS) applications
like Microsoft 365 or Google Workspace.
- *Advantages:* Cloud-to-cloud backup ensures data redundancy and
protection against data loss due to cloud service outages, accidental
deletions, or malicious activities.

6. Disaster Recovery as a Service (DRaaS):

- *Explanation:* D RaaS solutions provide automated failover and
recovery capabilities in the event of a disaster or outage. They replicate
critical systems and data to a secondary location or cloud environment,
allowing for rapid recovery and minimal downtime.
- *Advantages:* DRaaS offers high availability and business continuity
by enabling quick recovery of IT infrastructure and data in case of
disasters such as hardware failures, natural disasters, or cyber attacks.

B List & explain cloud network security Threats

1.Data Breaches:
Unauthorized access to sensitive data stored in cloud databases, file
storage services, or applications can lead to data breaches. Attackers may
exploit misconfigurations, weak authentication mechanisms, or insecure
APIs to gain access to confidential information.

2. Denial of Service (DoS) Attacks:

DoS attacks aim to disrupt cloud services by overwhelming network
resources, servers, or applications with a high volume of traffic or
requests. Distributed Denial of Service (DDoS) attacks, orchestrated from
multiple sources, can cause service downtime and impact the availability
of cloud-based applications.
4. Man-in-the-Middle (MitM) Attacks:
In MitM attacks, attackers intercept and eavesdrop on
communication between cloud users and services, enabling them to
steal sensitive information, manipulate data, or inject malicious
content into network traffic. Weak encryption, unsecured Wi-Fi
networks, or compromised network devices can facilitate MitM
attacks.

5. Insider Threats:
Malicious or negligent insiders with privileged access to cloud
resources may intentionally or accidentally misuse their privileges to
steal data, sabotage systems, or compromise network security. Insider
threats can result from disgruntled employees, contractors, or partners
with access to sensitive information.
Explain
Each
6. Account Compromise: threats
Attackers may compromise user accounts or credentials through in
phishing attacks, password guessing, or credential stuffing, gaining details
unauthorized access to cloud services and data. Once inside, attackers 4M
can escalate privileges, exfiltrate data, or launch further attacks within
the cloud environment.

7. Malware and Ransomware:

Malicious software, including viruses, worms, and ransomware, can
infect cloud infrastructure, servers, or client devices, causing data loss,
system downtime, or financial extortion. Malware may be distributed
via email attachments, malicious links, or compromised applications.

8. Data Interception and Leakage:

Insecure transmission of data over the network or storage of sensitive
information without encryption can expose data to interception or
leakage. Attackers may exploit vulnerabilities in network protocols,
APIs, or cloud storage configurations to intercept or exfiltrate sensitive
data.

9. Insecure APIs and Integrations:

Insecure application programming interfaces (APIs) used to access
cloud services or integrate with third-party applications may expose
sensitive data or functionality to unauthorized access or manipulation.
API vulnerabilities can be exploited to bypass authentication, execute
arbitrary code, or access privileged resources.
a Differentiate between Edge-computing & Cloud computing

Differen
tiate
each
points
4M
b Explain main Cloud API Models.

• Infrastructure level:
Infrastructure-level APIs, also called infrastructure-as-a-service
(IaaS) APIs, help provision and manage cloud-hosted infrastructure.
IaaS APIs may be used to streamline the management of virtual
servers, cloud storage, cloud security, and other infrastructure-level
software and services.
• Service level:
Service-level APIs, or platform-as-a-service (PaaS) APIs, connect this
infrastructure to third-party platforms for developing applications.
PaaS APIs allow developers to access development tools, operating Explain
systems, software, and databases so they can build their own Each
applications. API
• Application level: Models
4M
Application-level APIs, or software-as-a-service (SaaS) APIs, connect
infrastructure to cloud-based applications that are managed by third-party
providers. SaaS APIs enable users to access fully-built cloud applications
(e.g. Gmail) from a client.

Incharge HOD