CCSK Pre-Exam Practice Tests (Updated 112 Questions) [Q57-Q81]

Share

CCSK Pre-Exam Practice Tests | (Updated 112 Questions)

Valid CCSK Exam Q&A PDF - One Year Free Update


Introduction to Certificate of Cloud Security Knowledge (CCSK) Exam

Learn the core concepts, best practices, and recommendations for securing an organization on the cloud regardless of the provider or platform. Covering all the 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage the information from CSA's vendor-neutral research to keep data secure on the cloud.

They need information security experts who are cloud-savvy as companies move to the cloud. The CCSK certificate is generally accepted as the cloud protection standard of expertise and gives you the foundations you need to protect data in the cloud. It is your decision on how you choose to draw on that experience.

The certification has the following objectives. These objectives can be fulfilled by carefully studying the CCSk exam dumps:

  • Using the cloud-specific governance & enforcement tool, how to determine the protection of cloud providers and your organization: Cloud Controls Matrix
  • An in-depth understanding of cloud computing's full capabilities
  • Recommendations from the cloud guidelines of the European Union Agency for Network and Information Security (ENISA)
  • Compared to internationally agreed requirements, the knowledge to build a comprehensive cloud protection program effectively

 

NEW QUESTION 57
According to Cloud Security Alliance logical model of cloud computing, which of the following defines the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers.

  • A. Applistructure
  • B. Metastructure
  • C. Infostructure
  • D. Infrastructure

Answer: B

Explanation:
According to CSA Securityguidelines4.0. Metastucture is defined as the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration.

 

NEW QUESTION 58
If there are gaps in network logging data, what can you do?

  • A. You can instrument the technology stack with your own logging.
  • B. Nothing. The cloud provider must make the information available.
  • C. Nothing. There are simply limitations around the data that can be logged in the cloud.
  • D. Ask the cloud provider to open more ports.
  • E. Ask the cloud provider to close more ports.

Answer: A

 

NEW QUESTION 59
Which of the following is NOT atypical approach of Key Storage in cloud?

  • A. Cloud Service Provider Managed
  • B. Externally managed
  • C. Internally managed
  • D. Managed by the Third part

Answer: A

Explanation:
Remember, two key considerations when doing key management
1) Do not save it alongside data
2) Do not let cloud service provider manage the keys

 

NEW QUESTION 60
What is the main driver for decision to deploy cloud solutions?

  • A. Its business driven
  • B. Cloud has less risks and costs associated
  • C. It's a financial decision
  • D. None of the above

Answer: A

Explanation:
All the decisions related to cloud migration are driven by business requirements and effective Business Impact Analysis(BIA)and cost-benefit analysis

 

NEW QUESTION 61
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?

  • A. Provider run audits and reports
  • B. Provider and consumer contracts
  • C. Provider documentation
  • D. EDiscovery tools
  • E. Third-party attestations

Answer: E

 

NEW QUESTION 62
Which of the following will not be provided by cloud services when requested by the customer?

  • A. Details of security controls
  • B. Geographical locations of the datacentre
  • C. DLP solution results
  • D. SIEM logs

Answer: A

Explanation:
The cloud service provider will not provide the details of security controls as it will harm the security of its infrastructure if the adversaries knows the details.

 

NEW QUESTION 63
Which of the following type of risk assessment most effectively supports cost-benefit analyses of alternative risk responses or courses of action?

  • A. Third party Risk Analysis
  • B. Outsourced risk analysis
  • C. Quantitative Analysis
  • D. Qualitative Analysis

Answer: C

Explanation:
Quantitative assessments typically employ a set of methods, principles, or rules for assessing risk based on the use of numbers This type of assessment most effectively supports cost-benefit analyses of alternative risk responses or courses of action.

 

NEW QUESTION 64
How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?

  • A. Stipulate encryption in contract language
  • B. Select cloud providers within the same country as customer
  • C. Use strong multi-factor authentication
  • D. Segregate keys from the provider hosting data
  • E. Secure backup processes for key management systems

Answer: D

 

NEW QUESTION 65
In a cloud scenario. who is the data processor and who is the data controller?

  • A. Cloud Service Provider is the data processor and its customer is the data controller
  • B. Cloud Service Provider is the data controller and its customer is the data processor
  • C. Neither cloud service provider nor customer is data processor or data controller.
  • D. Database admin is the data controller and application owner is the data processor

Answer: A

Explanation:
The customer determines the ultimate purpose of the processing and decides on the outsourcing or the delegation of all or part of the concerned activities to external organizations. Therefore, the customer acts as a controller.
When the service provider supplies the means and the platform, acting on behalf of the customer, it is considered to be a data processor.

 

NEW QUESTION 66
Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub.

  • A. True
  • B. False

Answer: A

Explanation:
This is true. Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub, because there is a significant chance of discovery and misuse.
Keys need to be appropriately secured and a well- secured public key infrastructure (PKI) is needed to ensure key-management activities are carried out.

 

NEW QUESTION 67
Which of the following controls and configures the metastructure, and is also part of the metastructure itself?

  • A. Management Plance
  • B. Network Firewall
  • C. Web Application Firewall
  • D. API Gateway

Answer: A

Explanation:
The management plane controls and configures the metastructure, and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets (like networks and processors) and using them to build resource pools. Meta structure is the glue and guts to create, provision, and deprovision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud.
Ref: CSA Security Guidelines v4.0

 

NEW QUESTION 68
Lack of CPU or network bandwidth and intermittent access to provisioned resources are examples of which of the following cloud risk?

  • A. Isolation failure
  • B. Resource Exhaustion
  • C. API vulnerabilities
  • D. Software vulnerabilities

Answer: B

Explanation:
They are all examples of resource exhaustion

 

NEW QUESTION 69
Which of the following can result in vendor lock-in?

  • A. technology
  • B. Favourable contract in favour of customer
  • C. Proprietary data formats
  • D. Large datasets

Answer: C

Explanation:
Proprietary data formats should be avoided. This can result in vendor lock-in.

 

NEW QUESTION 70
What is the process to determine any weaknesses in the application and the potential ingress, egress, and actors involved before the weakness is introduced to production?

  • A. STRIDE
  • B. Threat Detection
  • C. Threat Modelling
  • D. Vulnerability Assessment

Answer: C

Explanation:
Threat modelling is performed once an application design is created. The goal of threat modelling is to determine any weaknesses in the application and the potential ingress, egress, and actors involved before the weakness is introduced to production. It is the overall attack surface that is amplified by the cloud, and the threat model has to take that into account.

 

NEW QUESTION 71
CCM: The Cloud Service Delivery Model Applicability column in the CCM indicates the applicability of the cloud security control to which of the following elements?

  • A. Physical, Network, Compute, Storage, Application or Data
  • B. SaaS, PaaS or IaaS
  • C. Mappings to well-known standards and frameworks
  • D. Service Provider or Tenant/Consumer

Answer: B

 

NEW QUESTION 72
Which of the following is true after your organization migrates the data to the cloud?

  • A. Cloud service provider will be legally liable for any data breach.
  • B. It is totally secure because cloud service providers have more security.
  • C. In case of data breach, you as a customer, will be still legally liable.
  • D. Breaches will be termed as loss of Intellectual property.

Answer: C

Explanation:
Even after cloud migration. cloud customer is responsible for the data and ultimately liable for any data loss or breaches.

 

NEW QUESTION 73
What is true of security as it relates to cloud network infrastructure?

  • A. You should deploy your cloud firewalls identical to the existing firewalls.
  • B. You should implement a default deny with cloud firewalls.
  • C. You should always open traffic between workloads in the same virtual subnet for better visibility.
  • D. You should implement a default allow with cloud firewalls and then restrict as necessary.
  • E. You should apply cloud firewalls on a per-network basis.

Answer: B

 

NEW QUESTION 74
Which of the following is one of the five essential characteristics of cloud computing as defined by NIST?

  • A. Measured service
  • B. Unlimited bandwidth
  • C. Nation-state boundaries
  • D. Hybrid clouds
  • E. Multi-tenancy

Answer: A

 

NEW QUESTION 75
Which attack surfaces, if any, does virtualization technology introduce?

  • A. All of the above
  • B. Configuration and VM sprawl issues
  • C. The hypervisor
  • D. Virtualization management components apart from the hypervisor

Answer: A

 

NEW QUESTION 76
Which of the following reports the cloud service provide normally share with customer WITHOUT any non-disclosure agreement and is in the public domain?

  • A. SOC1 Type1
  • B. SOC2 Type1
  • C. SOC2 Type2
  • D. SOC3

Answer: D

Explanation:
A Soc3 reports on the same information as a Soc2 report. The main difference between the two is that a Soc3 is intended fora general audience. These reports are shorter and do not include the same details as a Soc2 report, which is distributed to an informed audience of stakeholders. Due to their more general nature, Soc3 reports can be shared openly and posted on a company's website with a seal indicating their compliance

 

NEW QUESTION 77
How does running applications on distinct virtual networks and only connecting networks as needed help?

  • A. It reduces the blast radius of a compromised system
  • B. It reduces hardware costs
  • C. It provides dynamic and granular policies with less management overhead
  • D. It enables you to configure applications around business groups
  • E. It locks down access and provides stronger data security

Answer: A

 

NEW QUESTION 78
Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

  • A. Resiliency Planning
  • B. Chaos Engineering
  • C. Planned Outages
  • D. Organized Downtime
  • E. Expected Engineering

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 79
Which of the following is NOT a characteristic of Object Storage?

  • A. Accessed through web interface
  • B. Cannot be accessed through web interface
  • C. Stored in cloud
  • D. Has additional Metadata

Answer: B

Explanation:
Object storage: Similar to a file share accessed via APIs or a web interface. Examples include Amazon S3 and Rackspace cloud files.

 

NEW QUESTION 80
Which of the following is NOT a component of Software Defined Perimeter as defined by Cloud Security Alliance Working group on SDP?

  • A. SDP Client
  • B. SDP Host
  • C. SDP Gateway
  • D. SDP Controller

Answer: B

Explanation:
The CSA Software Defined Perimeter Working Group has developed a model and specification that combines device and user authentication to dynamically provision network access to resources and enhance security. SDP includes three components:
An SDP client on the connecting asset (e.g. a laptop).
* The SDP controller for authenticating and authorizing SDP clients and configuring the connections to SDP gateways.
* The SDP gateway for terminating SDP client network traffic and enforcing policies in communication with the SDP controller. Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 81
......

Certificate of Cloud Security Knowledge (v4.0) Exam Free Update Certification Sample Questions: https://www.prep4sures.top/CCSK-exam-dumps-torrent.html

Trend for Cloud Security Alliance CCSK pdf dumps before actual exam: https://drive.google.com/open?id=1eAJvF3546hZJdad_t77ywx7Eqsoaaq_m