Free Cloud Security Alliance CCSK Study Guides Exam Questions & Answer
CCSK Exam Dumps, CCSK Practice Test Questions
NEW QUESTION 135
Which of the following is NOT true about CSA Cloud control metrix (CCM)?
- A. Maps controls to existing standards like ISO 27001
- B. Define the Cloud Audit Methodolog
- C. Also includes controls related to processing of personal data.
- D. Contains security controls divided in several domains
Answer: B
Explanation:
Remember that CCM is a security framework and does not include any methodology The Cloud Security Alliance Cloud Controls Matrix(CCM) is an essential and up-to-date security controls framework that is addressed to the cloud community and stakeholders. A fundamental richness of the CCM is its ability to provide mapping and cross relationships with the main industry-accepted security
NEW QUESTION 136
Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.
- A. Measured service
- B. On-demand self-service
- C. Resource pooling
- D. Rapid elasticity
- E. Broad network access
Answer: B
NEW QUESTION 137
The management plane controls and configures the:
- A. Infostructure
- B. Metastructure
- C. Infrastructure
- D. Applistructure
Answer: B
Explanation:
The management plane controls and configures the metastructure and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets(like networks and processors)and using them to build resource pools. Metastructure is the glue and guts to create, provision, and de-provision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)
NEW QUESTION 138
Which data security control is the LEAST likely to be assigned to an IaaS provider?
- A. Encryption solutions
- B. Physical destruction
- C. Application logic
- D. Access controls
- E. Asset management and tracking
Answer: C
NEW QUESTION 139
An adversary stole1 million username and passwords of Pass4test LLCs customers. They took advantage of a security vulnerability in the publically accessible application hosted on the cloud. This is an example of:
- A. Abuse of Cloud Services
- B. Data Dispersion
- C. Data breach
- D. Malicious Insider
Answer: C
Explanation:
This is an example of Data Breach. Username and passwords were stolen which were stored as Data.
NEW QUESTION 140
Containers can be implemented without the use of VMs at all and run directly on hardware.
- A. True
- B. False
Answer: A
Explanation:
Multiple containers can run on the same virtual machine or be implemented without the use of VMs at all and run directly on hardware. The container provides code running inside a restricted environment with only access to the processes and capabilities defined in the container configuration. This allows containers to launch incredibly rapidly. since they don't need to boot an operating system or launch many(sometimes any) new services; the container only needs access to already-running services in the host 0S and some can launch in milliseconds.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)
NEW QUESTION 141
Operating System management is done by customer in which service model of cloud computing?
- A. SaaS
- B. XaaS
- C. IaaS
- D. PaaS
Answer: C
Explanation:
In IaaS model. operating system is managed by the customer
NEW QUESTION 142
Where does the encryption engine and key reside when doing file-level encryption?
- A. On the instance attached to the system
- B. Encryption engine resides on the server and keys on the client side
- C. On the client side
- D. On the KMS attached to the system
Answer: A
Explanation:
File-level encryption: Database servers typically reside on volume storage. For this deployment, you are encrypting the volume or folder of the database, with the encryption engine and keys residing on the instances attached to the volume.
External file system encryption protects from media theft, lost backups, and external attack but does not protect against attacks with access to the application layer, the instances 0S, or the data
NEW QUESTION 143
According to Cloud Security Alliance logical model of cloud computing, which of the following defines the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers.
- A. Infostructure
- B. Metastructure
- C. Infrastructure
- D. Applistructure
Answer: B
Explanation:
According to CSA Securityguidelines4.0. Metastucture is defined as the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration.
NEW QUESTION 144
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:
- A. Lack of information on jurisdictions
- B. No source escrow agreement
- C. Audit or certification not available to customers
- D. Unclear asset ownership
- E. Lack of completeness and transparency in terms of use
Answer: E
NEW QUESTION 145
Which of the following is not an abuse or misuse of cloud services?
- A. Data Deletion
- B. Launching DDoS Attacks
- C. Email Spam
- D. Phishing campaigns
Answer: A
Explanation:
Please note here and understand the meaning of phrase "abuse or misuse of cloud Services". This phrase means to launch attacks or campaign by using cloud as a platform, mostly, public cloud.
NEW QUESTION 146
Which of the following is NOT atypical approach of Key Storage in cloud?
- A. Internally managed
- B. Managed by the Third part
- C. Externally managed
- D. Cloud Service Provider Managed
Answer: D
Explanation:
Remember, two key considerations when doing key management
1) Do not save it alongside data
2) Do not let cloud service provider manage the keys
NEW QUESTION 147
Which of the following best describes the relationship between a cloud provider and the customer?
- A. Operational level Agreement
- B. Service Level Agreement
- C. Privacy Level Agreement
- D. Contract
Answer: D
Explanation:
Contract is the most suitable answer here. It can be argued that Service Level Agreement could also be an answer but SLA is a negotiation/agreement for minimum service-levels expected. Contract is the document that defines the relation-ship between Cloud service provider and customer
NEW QUESTION 148
Which governance domain deals with evaluating how cloud computing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?
- A. Information Governance
- B. Compliance and Audit Management
- C. Legal Issues: Contracts and Electronic Discovery
- D. Infrastructure Security
- E. Governance and Enterprise Risk Management
Answer: B
NEW QUESTION 149
Which of the following are key Data functions?
- A. Access, Procure & Store
- B. Access, Procure & Save
- C. Access, Process & Store
- D. Access, Process & Save
Answer: C
Explanation:
The key data functions are Access, process & Store
NEW QUESTION 150
As with security. compliance in the cloud is a shared responsibility model.
- A. True
- B. False
Answer: A
Explanation:
As with security. compliance in the cloud is a shared responsibility model. Both the cloud provider and customer have responsibilities. But the customer is always ultimately responsible for their own compliance. These responsibilities are defined through contracts, audits/assessments. and specifics of the compliance requirements.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)
NEW QUESTION 151
......
Latest CCSK Actual Free Exam Questions Updated 300 Questions: https://evedumps.testkingpass.com/CCSK-testking-dumps.html