(SEM VII) THEORY EXAMINATION 2021-22 CLOUD COMPUTING

CLOUD COMPUTING – KCS 713

B.Tech (Sem VII) – Detailed Exam Answers

SECTION A – Long but Crisp Answers (2 Marks Each)

a) Threat Agents and Their Role in Cloud Security

Threat agents are individuals, groups, or automated systems that attempt to exploit vulnerabilities in cloud environments. These agents may include external attackers such as hackers, cybercriminals, competitors, or internal agents like disgruntled employees. Their role in cloud security is critical because they are responsible for launching attacks such as data breaches, denial of service attacks, malware injection, and unauthorized access. Understanding threat agents helps cloud providers design effective security controls and mitigation strategies.

b) Security Services in Cloud

Security services in cloud computing ensure protection of data, applications, and infrastructure. These services include authentication to verify user identity, authorization to control access rights, confidentiality to protect sensitive data, integrity to prevent unauthorized data modification, availability to ensure services are accessible, non-repudiation to prevent denial of actions, and auditing to track activities. Together, these services create a secure cloud environment.

c) Encryption and Its Types

Encryption is the process of converting readable data (plain text) into an unreadable format (cipher text) to protect information from unauthorized access.
Types of encryption include:

Symmetric encryption, where the same key is used for encryption and decryption (e.g., AES, DES).

Asymmetric encryption, which uses a public key and a private key (e.g., RSA).

Hashing, which converts data into a fixed-length value for integrity verification (e.g., SHA).

d) Utility Computing

Utility computing is a service provisioning model where computing resources such as processing power, storage, and bandwidth are provided on demand and billed based on usage. It is similar to traditional utilities like electricity or water. This model allows organizations to reduce capital expenditure and pay only for what they consume.

e) IaaS, PaaS, and SaaS

Infrastructure as a Service (IaaS) provides virtualized hardware resources such as servers, storage, and networks.

Platform as a Service (PaaS) offers development platforms including operating systems, databases, and tools.

Software as a Service (SaaS) delivers complete software applications over the internet.

f) VM Network Routing

VM network routing refers to the mechanism of directing network traffic between virtual machines using virtual switches, routers, and firewalls. It ensures efficient communication, isolation, and secure data transfer in virtualized environments.

g) Web 2.0 Applications

Web 2.0 applications are interactive, user-driven platforms that allow content creation and sharing. Examples include Facebook, YouTube, Twitter, Wikipedia, and Google Docs.

h) IaaS, PaaS, SaaS

Same explanation as question (e).

i) Security Services in Cloud

Same explanation as question (b).

j) Modules of Hadoop

Hadoop consists of:

HDFS for distributed storage,

MapReduce for parallel processing,

YARN for resource management,

Hadoop Common for shared utilities.

SECTION B – Descriptive Answers (10 Marks Each)

a) Virtual Desktop Infrastructure (VDI)

Virtual Desktop Infrastructure (VDI) is a technology that hosts desktop operating systems on centralized servers and delivers them to users over a network. Instead of running a desktop OS locally, users access virtual desktops through thin clients or web browsers.
VDI improves security since data remains on the server, simplifies management, reduces hardware costs, and allows remote access. Major components include the hypervisor, virtual desktops, client devices, and network infrastructure.

b) Detection of Unauthorized Access Using Virtualization Techniques

Virtualization enables enhanced monitoring and isolation of resources. Unauthorized access can be detected using VM introspection, hypervisor-level monitoring, intrusion detection systems, VM isolation, and snapshot comparison. These techniques help identify abnormal behavior without affecting other virtual machines, making virtualization an effective security layer.

c) MapReduce Concept with Example

MapReduce is a programming model used for processing large datasets in parallel across distributed systems. It consists of two phases:

Map phase, where input data is divided and processed into key-value pairs.

Reduce phase, where values with the same key are aggregated.
For example, in word count, the map function emits (word, 1), and the reduce function sums the values.

d) Cloud Computing Reference Model

The cloud computing reference model defines the layered architecture of cloud systems. It includes the client layer, application layer (SaaS), platform layer (PaaS), infrastructure layer (IaaS), and physical resource layer. This model ensures abstraction, scalability, resource sharing, and efficient service delivery.

e) Difference Between Cloud Computing and Distributed Computing

Cloud computing provides on-demand, scalable resources with pay-per-use pricing, while distributed computing focuses on resource sharing across multiple systems. Cloud systems are virtualized and elastic, whereas distributed systems often rely on fixed physical resources.

SECTION C – Very Long Answers (10 Marks Each)

3(a) Cloud Computing Security Architecture

Cloud security architecture defines policies, technologies, and controls used to protect cloud systems. It includes identity and access management, encryption of data at rest and in transit, network security mechanisms, monitoring, compliance management, backup, and disaster recovery. This layered security approach ensures confidentiality, integrity, and availability of cloud services.

4(a) Hardware Virtualization Techniques

Hardware virtualization allows multiple operating systems to run on a single physical machine. Techniques include full virtualization, para-virtualization, and hardware-assisted virtualization. These methods improve hardware utilization, flexibility, and isolation between virtual machines.

5(a) Security Challenges in Cloud Computing

Major security challenges include data breaches, data loss, account hijacking, insecure APIs, insider threats, shared technology vulnerabilities, and compliance issues. Addressing these challenges requires strong security policies, encryption, and continuous monitoring.

6(b) Major Cloud Features of Google App Engine

Google App Engine provides automatic scaling, load balancing, built-in security, version control, and support for multiple programming languages. It simplifies application deployment and management.

7(a) Cloud Federation Stack

Cloud federation enables interoperability among multiple cloud providers. The federation stack includes infrastructure federation, identity federation, service federation, and data federation, allowing seamless resource sharing and portability.