PDF Managing-Cloud-Security Study Guide

Continuous auditingin the context of Information Rights Management (IRM) allows organizations to monitor access events in real time. It records who accessed a file, when, and how often. This enables organizations to enforce accountability and detect unusual access patterns, which are crucial for both security monitoring and compliance reporting.

Automatic expiration sets a time limit on file availability, while dynamic policy control adjusts permissions based on context (such as location or device). Persistent protection ensures files remain encrypted and controlled wherever they travel. While each feature is valuable, only continuous auditing provides the tracking and visibility into usage required by the scenario.

This approach aligns with governance requirements, providing an audit trail that supports incident response and compliance with data protection regulations. Continuous auditing strengthens both operational security and accountability.

WithSaaS, applications are delivered entirely by the provider, and customers have little to no control over the underlying platform or data portability. This creates a higher risk ofvendor lock-in, as migrating away from one SaaS provider to another may require reworking applications or losing features.

In contrast,PaaSgives customers more flexibility by allowing them to build, deploy, and manage their own applications while relying on standardized frameworks and platforms. Because applications are customer-managed, switching providers or migrating workloads can be easier compared to SaaS.

Vendor lock-out, personnel threats, and natural disasters are risks in any service model. The key differentiator here is portability and flexibility. Choosing PaaS reduces dependence on a single provider’s application features, thereby lowering vendor lock-in risk while still offloading infrastructure management.

Asandboxis a controlled, isolated environment used to safely run, observe, and analyze potentially malicious code. In cybersecurity, sandboxes allow analysts to execute malware samples without risking contamination of production systems. This enables identification of malware behavior, persistence techniques, and indicators of compromise.

Encryption protects confidentiality, but does not allow safe execution. Gateways control traffic flow, and controllers manage devices or workloads. Only a sandbox provides the dedicated containment required for malware analysis.

In cloud environments, sandboxing is often implemented at scale to analyze suspicious files or traffic automatically. This practice enhances defenses against zero-day exploits, advanced persistent threats, and polymorphic malware. By preventing malware from escaping, sandboxes provide essential forensic and detection insights without endangering the wider environment.

The STRIDE threat model identifies six categories: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. In this scenario, the accountant modified data they were not authorized to change. This is an act ofTampering, which refers to unauthorized alteration of data or systems.

Spoofing would involve impersonating another identity, denial of service would block availability, and elevation of privilege would involve gaining higher access rights. The accountant already had legitimate access but misused it to alter data outside their scope of responsibility.

Tampering compromises data integrity, one of the pillars of the CIA triad. In cloud and enterprise systems, safeguards against tampering include role-based access control, least privilege, and auditing to detect unauthorized changes. Recognizing this as tampering helps in identifying insider misuse and implementing compensating controls.