CCSK
Free trial
Verified
Question 1
All cloud services utilize virtualization technologies.
- A: False
- B: True
Question 2
Which of the following is NOT a cloud computing characteristic that impacts incidence response?
- A: The on demand self-service nature of cloud computing environments.
- B: Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.
- C: The possibility of data crossing geographic or jurisdictional boundaries.
- D: Object-based storage in a private cloud.
- E: The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.
Question 3
How can web security as a service be deployed for a cloud consumer?
- A: By proxying or redirecting web traffic to the cloud provider
- B: By utilizing a partitioned network drive
- C: On the premise through a software or appliance installation
- D: Both A and C
- E: None of the above
Question 4
When configured properly, logs can track every code, infrastructure, and configuration change and connect it back to the submitter and approver, including the test results.
- A: False
- B: True
Question 5
What of the following is NOT an essential characteristic of cloud computing?
- A: Broad Network Access
- B: Measured Service
- C: Third Party Service
- D: Rapid Elasticity
- E: Resource Pooling
Question 6
Without virtualization, there is no cloud.
- A: False
- B: True
Question 7
All assets require the same continuity in the cloud.
- A: False
- B: True
Question 8
Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?
- A: Code Review
- B: Static Application Security Testing (SAST)
- C: Unit Testing
- D: Functional Testing
- E: Dynamic Application Security Testing (DAST)
Question 9
CCM: The Cloud Service Delivery Model Applicability column in the CCM indicates the applicability of the cloud security control to which of the following elements?
- A: Mappings to well-known standards and frameworks
- B: Service Provider or Tenant/Consumer
- C: Physical, Network, Compute, Storage, Application or Data
- D: SaaS, PaaS or IaaS
Question 10
Any given processor and memory will nearly always be running multiple workloads, often from different tenants.
- A: False
- B: True
Question 11
In which deployment model should the governance strategy consider the minimum common set of controls comprised of the Cloud Service Provider contract and the organization's internal governance agreements?
- A: Public
- B: PaaS
- C: Private
- D: IaaS
- E: Hybrid
Question 12
What is known as the interface used to connect with the metastructure and configure the cloud environment?
- A: Administrative access
- B: Management plane
- C: Identity and Access Management
- D: Single sign-on
- E: Cloud dashboard
Question 13
Big data includes high volume, high variety, and high velocity.
- A: False
- B: True
Question 14
What does it mean if the system or environment is built automatically from a template?
- A: Nothing.
- B: It depends on how the automation is configured.
- C: Changes made in production are overwritten by the next code or template change.
- D: Changes made in test are overwritten by the next code or template change.
- E: Changes made in production are untouched by the next code or template change.
Question 15
Which type of application security testing involves manual activity that is not necessarily integrated into automated testing?
- A: Code Review
- B: Static Application Security Testing (SAST)
- C: Unit Testing
- D: Functional Testing
- E: Dynamic Application Security Testing (DAST)
Question 16
Which meta-phase does the Cloud Security Alliance use to focus on the security and testing activities when moving code from an isolated development environment to production?
- A: Secure Networking
- B: Secure Scaling
- C: Secure Deployment
- D: Secure Operations
- E: Secure Design and Development
Question 17
Even with immutable infrastructures, the production environment, should be actively monitored for changes and deviations from approved baselines.
- A: False
- B: True
Question 18
ENISA: Licensing Risks refer to:
- A: Use of country-issued drivers licenses for user identification
- B: Cloud provider employees not maintaining operating system license files
- C: Risk that software company may go out of business, leading to expiration of licenses for mission critical software
- D: A traditional software licensing scheme may lead to high costs or lack of compliance in cloud systems
- E: Cloud provider may not have all appropriate government operating licenses
Question 19
Which architecture for hybrid cloud connectivity allows you to connect multiple, different cloud networks to a data center using a single hybrid connection?
- A: Dataconnect
- B: Multiconnect
- C: Transitional
- D: Bastion
- E: Hybrid
Question 20
CCM: Which of the following statement about CSA's CCM and Security Guidance is False?
- A: CSA's CCM provides a set of control objective against which an organization should assess cloud security
- B: CSA's Security Guidance tells you WHAT to do, the CCM tells you HOW to do it
- C: CSAs Security Guidance provides a set of best practices and recommendations
- D: CSA's CCM tells you WHAT to do, the Guidance tells you HOW to do it
Question 21
What are the barriers to developing full confidence in security as a service (SecaaS)?
- A: Federation bridges, software compatibility, and implementation
- B: Delegations, bipartisan tenancy, and implementation
- C: Single tenancy and vendor lock-in
- D: Provisioning, federation, and compliance
- E: Compliance, multi-tenancy, and vendor lock-in
Question 22
CCM: A hypothetical company called: Health4Sure is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?
- A: The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.
- B: The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company's overall security posture in an efficient manner.
- C: The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.
Question 23
Of the choices below which option allows for the most interoperability in security authentication in a cloud environment?
- A: XHTML
- B: SAML
- C: SCORM
- D: WEP
- E: WPA or WPA2
Question 24
The key concern of data backup and recovery schemes is:
- A: Data aggregation should not cause breaches
- B: They must prevent data loss, unwanted data overwrite and destruction
- C: Assurance that cloud provider has multiple data centers for disaster recover
- D: Assurance that deleted data is in fact unrecoverable
- E: Data should not be commingled with other customers
Question 25
Which regulation affects data controllers with business in Japan?
- A: Personal Information Protection and Electronic Documents Act (PIPEDA)
- B: General Data Protection Regulation (GDPR)
- C: 1995 Data Protection Directive
- D: Privacy Act 1988
- E: Act on the Protection of Personal Information
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!