[Dec 31, 2021] Passing Key To Getting CCSK Certified Exam Engine PDF [Q150-Q173]

Share

[Dec 31, 2021] Passing Key To Getting CCSK Certified Exam Engine PDF

CCSK Exam Dumps Pass with Updated Dec-2021 Tests Dumps


Cloud Security Alliance CCSK Exam Syllabus Topics:

TopicDetails
Topic 1
  • Cloud Security Lexicon
  • Governance and Enterprise Risk Management
Topic 2
  • Compliance and Audit Management
  • Cloud Computing Concepts and Architectures
Topic 3
  • ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
Topic 4
  • Infrastructure Security
  • Security as a Service
Topic 5
  • Data Security and Encryption
  • Legal Issues, Contracts, and Electronic Discovery
Topic 6
  • Identity, Entitlement, and Access Management
  • Sample Cloud Policy
Topic 7
  • Cloud Security Standards and Certifications
  • Information Governance
Topic 8
  • Management Plan E and Business Continuity
  • Virtualization and Containers
Topic 9
  • Application Security
  • Incident Response
  • Related Technologies


What is the duration, language, and format of the Certificate of Cloud Security Knowledge (CCSK) Exam

  • Language of Exam: English, Spanish
  • Format: Multiple Choice Questions
  • Passing score: 80%
  • Number of questions: 60
  • Time Allowed: 90 minutes

Introduction to Certificate of Cloud Security Knowledge (CCSK) Exam

Learn the core concepts, best practices, and recommendations for securing an organization on the cloud regardless of the provider or platform. Covering all the 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage the information from CSA’s vendor-neutral research to keep data secure on the cloud.

They need information security experts who are cloud-savvy as companies move to the cloud. The CCSK certificate is generally accepted as the cloud protection standard of expertise and gives you the foundations you need to protect data in the cloud. It is your decision on how you choose to draw on that experience.

The certification has the following objectives. These objectives can be fulfilled by carefully studying the CCSk dumps:

  • Recommendations from the cloud guidelines of the European Union Agency for Network and Information Security (ENISA)
  • An in-depth understanding of cloud computing’s full capabilities
  • Using the cloud-specific governance & enforcement tool, how to determine the protection of cloud providers and your organization: Cloud Controls Matrix
  • Compared to internationally agreed requirements, the knowledge to build a comprehensive cloud protection program effectively

 

NEW QUESTION 150
"Cloud provider acquisition" as a risk fall under which of the following categories?

  • A. Legal Risk
  • B. Technical risk
  • C. Policy and Organizational Risk
  • D. Environmental Risk

Answer: C

Explanation:
Cloud provider acquisition comes under Policy and Organizational Risk and can be categorised as follows.
As in any new IT market, competitive pressure, an inadequate business strategy, lack of financial support, etc, could lead some providers to go out of business or at least to force them to restructure their service portfolio offering. In other words, it is possible that in the short or medium term some cloud computing services could be terminated.

 

NEW QUESTION 151
Which is the key technology that enables the sharing of resources and makes cloud computing most viable in terms of cost savings?

  • A. Software Defined Networking(SDN)
  • B. Scalability
  • C. Content Delivery Networks(CDN)
  • D. Virtualization

Answer: D

Explanation:
Virtualization is the foundational technology that underlies and makes cloud computing possible.
Virtualization is based on the use of powerful host computers to provide a shared resource pool that can be managed to maximize the number of guest operating systems(OSs) running on each host.

 

NEW QUESTION 152
Ben was working on a project and hosted all its data on a public cloud. The project is now complete and he wants to remove the data Which of the following is best option for him in order to leave no remanence?

  • A. Data-overwriting
  • B. Physically destroy the media
  • C. Cryptographic erasure
  • D. Zeroing

Answer: C

Explanation:
All the options given are correct methods of destroying data but when it comes to data in cloud. the most suitable method is cryptographic erasure.
Definition: Cryptographic Erasure
Cryptographic erasure is the process of using encryption software (either built-in or deployed) on the entire data storage device. and erasing the key used to decrypt the data.

 

NEW QUESTION 153
Containers can be implemented without the use of VMs at all and run directly on hardware.

  • A. False
  • B. True

Answer: B

Explanation:
Multiple containers can run on the same virtual machine or be implemented without the use of VMs at all and run directly on hardware. The container provides code running inside a restricted environment with only access to the processes and capabilities defined in the container configuration. This allows containers to launch incredibly rapidly. since they don't need to boot an operating system or launch many(sometimes any) new services; the container only needs access to already-running services in the host 0S and some can launch in milliseconds.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

 

NEW QUESTION 154
Which of the following is true after your organization migrates the data to the cloud?

  • A. It is totally secure because cloud service providers have more security.
  • B. Cloud service provider will be legally liable for any data breach.
  • C. In case of data breach, you as a customer, will be still legally liable.
  • D. Breaches will be termed as loss of Intellectual property.

Answer: C

Explanation:
Even after cloud migration. cloud customer is responsible for the data and ultimately liable for any data loss or breaches.

 

NEW QUESTION 155
Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?

  • A. Software Development Kits (SDKs)
  • B. Application Binary Interface (ABI)
  • C. Extensible Markup Language (XML)
  • D. Application Programming Interface (API)
  • E. Resource Description Framework (RDF)

Answer: D

 

NEW QUESTION 156
APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 157
Use elastic servers when possible and move workloads to new instances.

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 158
Which is the primary tool used to manage identity and access management of resources spread across hundreds of different clouds and resources?

  • A. Entitlement Matrix
  • B. Federation
  • C. Active Directory
  • D. SAML 2.0

Answer: B

Explanation:
In cloud computing, the fundamental problem is that multiple organizations are now managing the identity and access management to resources, which can greatly complicate the process. For example, imagine having to provision the same user on dozens-or hundreds-of different cloud services.
Federation is the primary tool used to manage this problem, by building trust relationships between organizations and enforcing them through standards-based technologies.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 159
In 2015, 4 million records were stolen from telecom company, XYZ ltd, and later this information was used for scam calls to get bank information from the customers of XYZ. Which was of the following protection would have helped in minimising impact of the theft?

  • A. Repudiation
  • B. Firewall
  • C. Use of VPN
  • D. Encryption

Answer: D

Explanation:
Encryption of Data would have minimised the impact of the incident and it would have prevented data being used for scam calls.

 

NEW QUESTION 160
Which of the following decouples the network control plane from the data plane and allows to abstract networking from the tradition a limitations of a LAN?

  • A. Converged Networking
  • B. Traditional Networking
  • C. VLANS
  • D. Software defined networking

Answer: D

Explanation:
Software Defined Networking(SDN):A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data plane(you can read more on SDN principles at this Wikipedia entry).This allows us to abstract networking from the traditional limitations of a LAN.
Reference: CSA Security Guidelines V4.0

 

NEW QUESTION 161
Which of the following help to intermediate IAM between an organization's existing identity providers and many different cloud services used by the organization?

  • A. Federated Identity Provider
  • B. Relying Party
  • C. Active Director
  • D. Cloud Access Security Broker

Answer: A

Explanation:
One of the better-known categories heavily used in cloud security is Federated Identity Brokers. These services help intermediate IAM between an organization's existing identity providers(internal Security Guidance v4.0 Copyright2017. Cloud Security Alliance. All rights reserved or cloud-hosted directories) and the many different cloud services used by the organization. They can provide web-based Single Sign
0n(SS0). helping ease some of the complexity of connecting to a wide range of external services that use different federation configurations.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

 

NEW QUESTION 162
Private cloud model can be managed by third party who may not be part of the organization served by that private cloud.

  • A. False
  • B. True

Answer: B

Explanation:
This is true
This is a tricky question that you should look into carefully. Main purpose of private cloud is usage by one organization (use) but it can be managed by third party as well.
Definition: Private cloud
According to NIST, "the cloud infrastructure is provisioned for exclusive use by a single organisation comprising multiple consumers (e.g, business units). It may be owned, managed, and operated by the organisation, a third party or some combination of them, and it may exist on or off premises. "

 

NEW QUESTION 163
One of the key technologies that have made cloud computing viable is:

  • A. VLANs
  • B. Storage controllers
  • C. Distributed networking
  • D. Virtualization

Answer: D

Explanation:
Virtualization technologies enable cloud computing to become a real and scalable service offering due to the savings, sharing, and allocations of resources across multiple tenants and environments.

 

NEW QUESTION 164
In a cloud environment, "unclear roles& responsibilities" and "no control over vulnerability process" on part of cloud customer can lead to:

  • A. Lack of Disaster Recovery
  • B. Loss of Governance
  • C. Poor management of cloud Infrastructure
  • D. Denial of Service Attacks

Answer: B

Explanation:
It can lead to loss of governance.
In using cloud infrastructures, the client necessarily cedes control to the cloud service provider(CSP) on several issues which may affect security.
The loss of governance and control could have a potentially severe impact on the organization's strategy and therefore on the capacity to meet its mission and goals. The loss of control and governance could lead to the impossibility of complying with the security requirements, a lack of confidentiality, integrity and availability of data, and a deterioration of performance and quality of service, not to mention the introduction of compliance challenges.
Source: ENISA- Security Risk and Benefits

 

NEW QUESTION 165
What is it called when you lose control of the amount of content on your image store?

  • A. Media Contention
  • B. Media Sanitization
  • C. Data Loss
  • D. Sprawl

Answer: D

Explanation:
Sprawl occurs when you lose control of the amount of content on your image store.
Unnecessary images may be created and run. Each additional image running is another potential point of compromise for an attacker.

 

NEW QUESTION 166
Which of the following is not a common cloud service model?

  • A. Software as a Service
  • B. Infrastructure as a Service
  • C. Programming as a Service
  • D. Platform as a Service

Answer: C

Explanation:
Programming as a Service is not a common offering; the others are ubiquitous through out the industry.

 

NEW QUESTION 167
Which of the following is the correct pair of risk management standards?

  • A. ISO27001 & ISO27018
  • B. ISO27005 & ISO31000
  • C. ISO27002 & ISO27005
  • D. ISO31000 & ISO27017

Answer: B

Explanation:
IS027005 refers to processes for IT Risk Management whereas ISO31000 refers to Enterprise Risk Management

 

NEW QUESTION 168
ENISA: A reason for risk concerns of a cloud provider being acquired is:

  • A. Mass layoffs may occur
  • B. Provider may change physical location
  • C. Resource isolation may fail
  • D. Non-binding agreements put at risk
  • E. Arbitrary contract termination by acquiring company

Answer: D

 

NEW QUESTION 169
On Demand Shelf Service is one of the key characteristics as defined by NIST.

  • A. False
  • B. True

Answer: A

Explanation:
This is false. Please read the question carefully.
Question: is asking
On Demand "Shelf" Service where the correct characteristic is "0n Demand Self Service"

 

NEW QUESTION 170
Which is the core technology for enabling cloud computing and used to convert fixed infrastructure into pooled resources?

  • A. Application Programming Interfaces
  • B. Software Defined Networking
  • C. Auto-Scaling
  • D. Virtualization

Answer: D

Explanation:
Virtualization isn't merely a tool for creating virtual machines-it's the core technology for enabling cloud computing. We use virtualization all throughout computing, from full operating virtual machines to virtual execution environments like the Java Virtual Machine, as well as in storage, networking, and beyond.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

 

NEW QUESTION 171
Which of the following authentication is most secured?

  • A. Username and encrypted password
  • B. Active Directory
  • C. Bio metric Access
  • D. Multi-factor Authentication

Answer: D

Explanation:
All privileged user accounts should use multi-factor authentication(MFA). If possible, all cloud accounts(even individual user accounts) should use MFA. It's one of the single most effective security controls to defend against a wide range of attacks. This is also true regardless of the service model: MFA is just as important for SaaS as it is for IaaS.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 172
What would you call logic/procedures running on a shared database platform as?

  • A. Serverless Computing
  • B. Virtual Machine
  • C. Container
  • D. Platform-based Workload

Answer: D

Explanation:
Platform-based workloads: This is a more complex category that covers workloads running on a shared platform that aren't virtual machines or containers, such as logic/procedures running on a shared database platform. Imagine a stored procedure running inside a multitenant database, or a machine- learning job running on a machine-learning Platform as a Service. Isolation and security are totally the responsibility of the platform provider, although the provider may expose certain security options and controls.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 173
......

CCSK exam questions for practice in 2021 Updated 300 Questions: https://www.exam4labs.com/CCSK-practice-torrent.html

Updated Premium CCSK Exam Engine pdf: https://drive.google.com/open?id=1q782VvYpHxOIeh__CmEX0MJuzsy7RsMB