Pass Cloud Security Knowledge CCSK exam [Nov 22, 2021] Updated 300 Questions [Q105-Q120]

Share

Pass Cloud Security Knowledge CCSK exam [Nov 22, 2021] Updated 300 Questions

Cloud Security Alliance CCSK Actual Questions and 100% Cover Real Exam Questions


How to book the Certificate of Cloud Security Knowledge (CCSK) Exam

Follow the steps mentioned below to book the CCSk exam test:

  • Step 1: Access the Cloud Security Alliance’s website by clicking here
  • Step 2: Click the “Login to buy” button
  • Step 3: On the page that appears, create your account
  • Step 4: Select your exam and purchase the exam token
  • Step 5: After payment, follow the steps to schedule the exam

 

NEW QUESTION 105
One of key focus of ISO 27001 standard is:

  • A. Find the data breaches in the organization
  • B. Develop ISMS (Information Security management system)
  • C. Put security controls in place
  • D. Define organizational structure

Answer: B

Explanation:
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).
An ISMS is a systematic approach to managing sensitive company information so that it remains secure.
It includes people, processes and IT systems by applying a risk management process.

 

NEW QUESTION 106
What is defined as the process by which an opposing party may obtain private documents for use in litigation?

  • A. Scope
  • B. Risk Assessment
  • C. Custody
  • D. Subpoena
  • E. Discovery

Answer: E

 

NEW QUESTION 107
The intermediary that provides connectivity and transport of cloud services between the CSPs and the cloud service consumers is called:

  • A. Cloud Reseller
  • B. Cloud Service Broker
  • C. Cloud Access Service Broker
  • D. Cloud Carrier

Answer: D

Explanation:
All the terms given as options are very important and candidate is expected to know them and differentiate between them

 

NEW QUESTION 108
All of the following are type of access controls except:

  • A. Administrative
  • B. Natural
  • C. Physical
  • D. Technical

Answer: B

Explanation:
There is no control as such for Natural control.
There are three types of controls
1. Physical
2. Technical
3. Administrative

 

NEW QUESTION 109
IT Risk management is best described in:

  • A. ISO 27017
  • B. FIPS 140-2
  • C. NIST SP800-14
  • D. ISO 27005

Answer: D

Explanation:
IS027005 standards describes IT Risk Management process

 

NEW QUESTION 110
The management plane controls and configures the:

  • A. Metastructure
  • B. Infostructure
  • C. Infrastructure
  • D. Applistructure

Answer: A

Explanation:
The management plane controls and configures the metastructure and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets(like networks and processors)and using them to build resource pools. Metastructure is the glue and guts to create, provision, and de-provision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 111
What is the key benefit provided to the customer in Infrastructure as a Service model?

  • A. Reduction of Risk
  • B. Scalability
  • C. Transfer of cost of ownership
  • D. Governance

Answer: C

Explanation:
Transfer of cost of ownership is the key benefit of IaaS model.

 

NEW QUESTION 112
Which of the following Storage type is NOT associated with SaaS solution?

  • A. Content Delivery network
  • B. Volume Storage
  • C. Ephemeral Storage
  • D. Raw Storage

Answer: B

Explanation:
Volume storage is commonly associated with IaaS solutions.
All the other 3 options are related to SaaS solutions

 

NEW QUESTION 113
Use elastic servers when possible and move workloads to new instances.

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 114
A SIEM device should be tuned in regularly to:

  • A. add new rules and remove old rules and thereby Eliminate false positive
  • B. update the device to latest patch by vendor
  • C. to test its scope of functional it
  • D. add new rules on top of existing old rules to enhance its capability

Answer: A

Explanation:
It is necessary to tuned regularly. It is helps in reducing false positives and keep the signatures latest and optimal.

 

NEW QUESTION 115
Which of the following is an effective way of segregating different cloud networks and datacenters in a hybrid cloud environment?

  • A. Bastion Virtual Network
  • B. Dedicated Hosting
  • C. Virtual LANs
  • D. Virtual Private Networks

Answer: A

Explanation:
One emerging architecture for hybrid cloud connectivity is "bastion" or "transit" virtual networks:
. This scenario allows you to connect multiple, different cloud networks to a data center using a single hybrid connection. The cloud user builds a dedicated virtual network for the hybrid connection and then peers any other networks through the designated bastion network.
. Second-level networks connect to the data center through the bastion network, but since they aren't peered to each other they can't talk to each other and are effectively segregated. Also, you can deploy different security tools, firewall rulesets, and Access Control Lists in the bastion network to further protect traffic in and out of the hybrid connection.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 116
ENISA: "VM hopping" is:

  • A. Lack of vulnerability management standards.
  • B. Looping within virtualized routing systems.
  • C. Instability in VM patch management causing VM routing errors.
  • D. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.
  • E. Improper management of VM instances, causing customer VMs to be commingled with other customer systems.

Answer: D

 

NEW QUESTION 117
Who is responsible for Governance, Risk & Compliance in Software as a Service(SaaS) service model?

  • A. Cloud Service Provider
  • B. Cloud Customer
  • C. It's a shared responsibility between Cloud Service Provider and Cloud Customer
  • D. Cloud Carrier

Answer: B

Explanation:
Remember, GRC will always remain responsibility of the cloud customer in all service models

 

NEW QUESTION 118
No policy on resource capping can lead to:

  • A. Resource Exhaustion
  • B. Data disclosure
  • C. Resource manipulation
  • D. Data manipulation

Answer: A

Explanation:
It can lead to resource exhaustion if you do not put upper limit on resource allocation.
Cloud services are on-demand Therefore there is a level of calculated risk in allocating all the resources of a cloud service, because resources are allocated according to statistical projections. In accurate modelling of resources usage- common resources allocation algorithms are vulnerable to distortions of fairness

 

NEW QUESTION 119
Which governance domain deals with evaluating how cloud computing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?

  • A. Governance and Enterprise Risk Management
  • B. Information Governance
  • C. Legal Issues: Contracts and Electronic Discovery
  • D. Compliance and Audit Management
  • E. Infrastructure Security

Answer: D

 

NEW QUESTION 120
......


Cloud Security Alliance CCSK Foundation Exam Syllabus Topics:

SectionObjectives
Application Security-Opportunities and Challenges
-Secure Software Development Lifecycle
-How Cloud Impacts Application Design and Architectures
-The Rise and Role of DevOps
Cloud Computing Concepts and Architectures-Definitions of Cloud Computing
  • Service Models
  • Deployment Models
  • Reference and Architecture Models
  • Logical Model

-Cloud Security Scope, Responsibilities, and Models
-Areas of Critical Focus in Cloud Security

Related Technologies-Big Data
-Internet of Things
-Mobile
-Serverless Computing
Incident Response-Incident Response Lifecycle
-How the Cloud Impacts IR
Security as a Service-Potential Benefits and Concerns of SecaaS
-Major Categories of Security as a Service Offerings
Management Plane and Business Continuity-Business Continuity and Disaster Recovery in the Cloud
-Architect for Failure
-Management Plane Security
Virtualization and Containers-Mayor Virtualizations Categories
-Network
-Storage
-Containers
Compliance and Audit Management-Compliance in the Cloud
  • Compliance impact on cloud contracts
  • Compliance scope
  • Compliance analysis requirements

-Audit Management in the Cloud

  • Right to audit
  • Audit scope
  • Auditor requirements
Legal Issues, Contracts and Electronic Discovery-Legal Frameworks Governing Data Protection and Privacy
  • Cross-Border Data Transfer
  • Regional Considerations

-Contracts and Provider Selection

  • Contracts
  • Due Diligence
  • Third-Party Audits and Attestations

-Electronic Discovery

  • Data Custody
  • Data Preservation
  • Data Collection
  • Response to a Subpoena or Search Warrant
Identity, Entitlement, and Access Management-IAM Standards for Cloud Computing
-Managing Users and Identities
-Authentication and Credentials
-Entitlement and Access Management
Infrastructure Security-Cloud Network Virtualization
-Security Changes With Cloud Networking
-Challenges of Virtual Appliances
-SDN Security Benefits
-Micro-segmentation and the Software Defined Perimeter
-Hybrid Cloud Considerations
-Cloud Compute and Workload Security
Data Security and Encryption-Data Security Controls
-Cloud Data Storage Types
-Managing Data Migrations to the Cloud
-Securing Data in the Cloud
Governance and Enterprise Risk Management-Tools of Cloud Governance
-Enterprise Risk Management in the Cloud
-Effects of various Service and Deployment Models
-Cloud Risk Trade-offs and Tools
Information Governance-Governance Domains
-Six phases of the Data Security Lifecycle and their key elements
-Data Security Functions, Actors and Controls

 

Cloud Security Alliance CCSK Real 2021 Braindumps Mock Exam Dumps: https://www.certkingdompdf.com/CCSK-latest-certkingdom-dumps.html

CCSK Free Exam Questions & Answers PDF Updated on Nov-2021: https://drive.google.com/open?id=1Sl8TnR3trIvU3lrAjLHUbafCOGz6XFpj