A software company recently entered into a cooperative development agreement with four global
companies to develop control software for a manufacturing business. The software development
team will use a development environment that includes ADA compilers and MySQL hosted by the
manufacturer.
Which service delivery model should the manufacturing company use?

A small company has been using a public cloud IaaS provider for several months. During this time
the company has seen significant growth in revenue. This growth has triggered a surge in hiring,
which has forced the company to repeatedly purchase additional services at premium cost from
their CSP.
The company has leased a data center and started designing a cloud infrastructure to deploy a
private cloud environment. The underlying hypervisor technology they chose is different than that
of the CSP. Once the initial infrastructure has been implemented, they will transition to a hybrid
cloud model. New services will only be deployed in the private cloud.
A new CIO has just been hired, but has little experience with cloud computing. You are a Cloud
Architect who has been asked to consult on several areas of concern.
The first service must be deployed in the private cloud within the next month. The CIO does not
want to rely solely on the existing single sign-on solution hosted in the public cloud, because
network disruption between the clouds would impact user access.
What is the best option for an interim single sign-on solution that can be replaced once the private
cloud is fully implemented?

An IT group within an organization is transforming their virtualized data center to ITaaS. They plan
to implement a chargeback method to appropriately bill the lines of business for the resources
consumed. IT will initially offer a Windows platform for the QA personnel to perform end user
testing on the application developed by the engineering group.
How would they effectively determine the cost of a service instance?

Which risk domain(s) is a concern when end users independently leverage the public cloud
outside the management of corporate IT?

An enterprise has decided to implement a new service that will process credit card information.
They will deploy this service within a hybrid cloud.
Their public cloud provider claims to be PCI DSS compliant. The enterprise wishes to implement a
service that is PCI compliant with the least amount of effort. The service is protected by a policy
based intrusion detection system. Cardholder data is securely transmitted to the web interface.
Which additional design elements would best be suited for this implementation?

The CEO of a company states that the IT department has serious problems to solve:
There have been several breaches of company confidential data over the years.
IT budgets are frequently over- or under-estimated
The IT organization might not meet regulatory compliance requirements for the several countries
in which they operate.
There is a lack of alignment of IT activities with the organization as a whole.
Which action should be taken by the board of directors and senior executives to most quickly and
effectively resolve all of these issues and concerns?

Which solution would the RSA Cloud Trust Authority recommend to monitor corporate compliance
for a hybrid cloud infrastructure?

A company is deploying a major new business application. The application development has been
outsourced to several organizations.
The company has conducted several workshops with all suppliers and the testing team. The
outcome of their efforts is a streamlined process that has dramatically reduced the cycle time from
development to test, improved communications between all groups, and implemented common
standards and objectives.
What have they achieved?

You are a Cloud Architect working with a large financial services company. They currently have a
large, hybrid cloud that includes multiple CSPs. The company recently suffered a breach on some
of their web servers hosted at one of the CSPs and were not alerted to it.
Which product would you recommend to help the company improve their response to threats such
as this, and why?

An organization wishes to move toward a full ITaaS implementation. They have a good
understanding of Service Oriented Architecture (SOA), but have not established the needed
education, teamwork, and discipline to take them to full ITaaS implementation.
As their ITaaS consultant, you need to take them to the next level in the service orientation
maturity model. What is the next level?