CCSK Exam Questions - Real & Updated Questions PDF [Q107-Q125]

Share

CCSK Exam Questions - Real & Updated Questions PDF

Pass Guaranteed Quiz 2022 Realistic Verified Free Cloud Security Alliance

NEW QUESTION 107
Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?

  • A. Authoritative source
  • B. Entitlement
  • C. Federated Identity Management
  • D. Access control
  • E. Authentication

Answer: B

 

NEW QUESTION 108
Which of the following adds abstraction layer on top of networking hardware and decouples network control plane from the data plane?

  • A. Virtual Private Networks
  • B. VLANs
  • C. Software Defined Networks
  • D. Converged Networks

Answer: C

Explanation:
Software Defined Networking(SDN):A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data. This allows us to abstract networking from the traditional limitations of a LAN.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 109
CCM: The following list of controls belong to which domain of the CCM?
GRM 06 - Policy GRM 07 - Policy Enforcement GRM 08 - Policy Impact on Risk Assessments GRM 09 - Policy Reviews GRM 10 - Risk Assessments GRM 11 - Risk Management Framework

  • A. Governing and Risk Metrics
  • B. Governance and Risk Management
  • C. Governance and Retention Management

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 110
When your bank or credit card company sends you a notification of changes in how it collects or shares data, it is sending that notification in compliance with:

  • A. ISO 27001
  • B. GDPR
  • C. HIPAA
  • D. FERPA

Answer: B

Explanation:
Under GDPR. it is mandatory to notify consumers how their data will be used

 

NEW QUESTION 111
Which of the following uses security and encryption as means to prevent unauthorized copying and limitations on distribution to only those who pay?

  • A. Data Encryption
  • B. Data Dispersion
  • C. Digital Rights Management(DRM)
  • D. IPSEC

Answer: C

Explanation:
Digital rights management(DRM)was designed to focus on security and encryption as a means of preventing unauthorized copying and limitations on distribution of content to only those authorized(purchasers).

 

NEW QUESTION 112
The intermediary that provides connectivity and transport of cloud services between the CSPs and the cloud service consumers is called:

  • A. Cloud Carrier
  • B. Cloud Access Service Broker
  • C. Cloud Reseller
  • D. Cloud Service Broker

Answer: A

Explanation:
All the terms given as options are very important and candidate is expected to know them and differentiate between them

 

NEW QUESTION 113
When creating business strategies for cloud migration. which is the most important aspect?

  • A. Valuating current staff for their capabilities
  • B. Hiring a cloud broker
  • C. Due Diligence when inspecting technologies and choosing cloud provider
  • D. Choosing the right auditor

Answer: C

Explanation:
Due Diligence is most important aspect when considering adoption to the cloud

 

NEW QUESTION 114
One of the key technologies that have made cloud computing viable is:

  • A. Virtualization
  • B. Storage controllers
  • C. Distributed networking
  • D. VLANs

Answer: A

Explanation:
Virtualization technologies enable cloud computing to become a real and scalable service offering due to the savings, sharing, and allocations of resources across multiple tenants and environments.

 

NEW QUESTION 115
Where does the encryption engine and key reside when doing file-level encryption?

  • A. On the instance attached to the system
  • B. Encryption engine resides on the server and keys on the client side
  • C. On the client side
  • D. On the KMS attached to the system

Answer: A

Explanation:
File-level encryption: Database servers typically reside on volume storage. For this deployment, you are encrypting the volume or folder of the database, with the encryption engine and keys residing on the instances attached to the volume.
External file system encryption protects from media theft, lost backups, and external attack but does not protect against attacks with access to the application layer, the instances 0S, or the data

 

NEW QUESTION 116
In cloud services. risks and responsibilities are shared between the cloud provider and customer.
however. which of the following holds true?

  • A. Cloud Customer has ultimate legal liability for unauthorised and illicit data disclosures
  • B. Cloud Customer liability is limited to financial responsibility
  • C. Cloud provider has ultimate legal liability for unauthorised and illicit data disclosures
  • D. Cloud Provider liability is limited to financial responsibility

Answer: A

Explanation:
In a shared responsibility model. Data security is responsibility of the cloud consumer and he is legally liable.

 

NEW QUESTION 117
Which of the following is NOT atypical approach of Key Storage in cloud?

  • A. Internally managed
  • B. Managed by the Third part
  • C. Externally managed
  • D. Cloud Service Provider Managed

Answer: D

Explanation:
Remember, two key considerations when doing key management
1) Do not save it alongside data
2) Do not let cloud service provider manage the keys

 

NEW QUESTION 118
Which is the most common control used for Risk Transfer?

  • A. Insurance
  • B. Web Application Firewall
  • C. Contracts
  • D. SLA

Answer: A

Explanation:
Buying insurance is most common method of transferring risk.

 

NEW QUESTION 119
Which of following responsibilities can never be transferred. even during cloud adoption?

  • A. Application Development
  • B. Infrastructure
  • C. Governance
  • D. Security

Answer: C

Explanation:
The primary issue to remember when governing cloud computing is that an organization can never outsource responsibility for governance, even when using external providers. This is always true, cloud or not, but is useful to keep in mind when navigating cloud computing's concepts of shared responsibility models Ref: CSA Security Guidelines V4.0

 

NEW QUESTION 120
Which are the two major categories of network virtualization commonly seen in cloud computing today?

  • A. Virtual Private Networks and Converged Network
  • B. Virtual LANS(VLANs)and Converged Networks
  • C. Software Defined Networks and Virtual LANs(VLANs)
  • D. Software Defined Networks and Virtual Private Networks

Answer: B

Explanation:
There are two major categories of network virtualization commonly seen in cloud computing today:
. Virtual Local Area Networks (VLANs): VLANs leverage existing network technology implemented in most network hardware.
VLANs are extremely common in enterprise networks, even without Management Storage Service Management plane to nodes storage nodes (volumes) to compute nodes (instances) Internet to compute nodes Instances to instance Common networks underlying IaaS. They are designed for use in single-tenant networks (enterprise data centers) to separate different business units, functions, etc. (like guest networks). VLANs are not designed for cloud-scale virtualization or security and shouldn't be considered, on their own, an effective security control for isolating networks. They are also never a substitute for physical network segregation.
. Software Defined Networking(SDN): A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data. This allows us to abstract networking from the traditional limitations of a LAN.
Ref: CSA Security Guidelines V.4 (reproduced here for the educational purpose)

 

NEW QUESTION 121
Which of the following Storage type is NOT associated with SaaS solution?

  • A. Content Delivery network
  • B. Raw Storage
  • C. Ephemeral Storage
  • D. Volume Storage

Answer: D

Explanation:
Volume storage is commonly associated with IaaS solutions.
All the other 3 options are related to SaaS solutions

 

NEW QUESTION 122
On Demand Shelf Service is one of the key characteristics as defined by NIST.

  • A. True
  • B. False

Answer: B

Explanation:
This is false. Please read the question carefully.
Question: is asking
On Demand "Shelf" Service where the correct characteristic is "0n Demand Self Service"

 

NEW QUESTION 123
Which of the following best describes the relationship between a cloud provider and the customer?

  • A. Operational level Agreement
  • B. Service Level Agreement
  • C. Privacy Level Agreement
  • D. Contract

Answer: D

Explanation:
Contract is the most suitable answer here. It can be argued that Service Level Agreement could also be an answer but SLA is a negotiation/agreement for minimum service-levels expected. Contract is the document that defines the relation-ship between Cloud service provider and customer

 

NEW QUESTION 124
What defines easiness to move and reuse application components regardless of the provider, platform,
0S, infrastructure, location, storage, format of data or APIs, how well applications work together, and how well new applications work with other solutions present in the business, organization, or provider's existing architecture?

  • A. Elasticity
  • B. Portability
  • C. Interoperability
  • D. Scalability

Answer: C

Explanation:
Interoperability is an important characteristic.
Definition: Interoperability
Interoperability is the ability of a system or a product to work with other systems or products without special effort on the part of the customer.

 

NEW QUESTION 125
......

Get to the Top with CCSK Practice Exam Questions: https://www.examslabs.com/Cloud-Security-Alliance/Cloud-Security-Knowledge/best-CCSK-exam-dumps.html

Free Cloud Security Knowledge CCSK Ultimate Study Guide: https://drive.google.com/open?id=1a3KSSlYqgpzGO5cIdJnBEkMLlnKaaY-7