New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Cloud Security Alliance
  3. Cloud Security Knowledge
  4. CCSK - Certificate of Cloud Security Knowledge (v5.0)

Cloud Security Alliance CCSK Certificate of Cloud Security Knowledge (v5.0) Exam Practice Test

Page: 1 / 18
Total 177 questions
Get CCSK Full Access Download CCSK PDF

Certificate of Cloud Security Knowledge (v5.0) Questions and Answers

Question 1

Use elastic servers when possible and move workloads to new instances.

Options:

A.

False

B.

True

Question 2

Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?

Options:

A.

Inspect and account for risks inherited from other members of the cloud supply chain and take active measures to mitigate and contain risks through operational resiliency.

B.

Respect the interdependency of the risks inherent in the cloud supply chain and communicate the corporate risk posture and readiness to consumers and dependent parties.

C.

Negotiate long-term contracts with companies who use well-vetted software application to avoid the transient nature of the cloud environment.

D.

Provide transparency to stakeholders and shareholders demonstrating fiscal solvency and organizational transparency.

E.

Both B and C.

Question 3

Network logs from cloud providers are typically flow records, not full packet captures.

Options:

A.

False

B.

True

Question 4

Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?

Options:

A.

Platform-as-a-service (PaaS)

B.

Desktop-as-a-service (DaaS)

C.

Infrastructure-as-a-service (IaaS)

D.

Identity-as-a-service (IDaaS)

E.

Software-as-a-service (SaaS)

Question 5

Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.

Options:

A.

Rapid elasticity

B.

Resource pooling

C.

Broad network access

D.

Measured service

E.

On-demand self-service

Question 6

Which opportunity helps reduce common application security issues?

Options:

A.

Elastic infrastructure

B.

Default deny

C.

Decreased use of micro-services

D.

Segregation by default

E.

Fewer serverless configurations

Question 7

Which data security control is the LEAST likely to be assigned to an IaaS provider?

Options:

A.

Application logic

B.

Access controls

C.

Encryption solutions

D.

Physical destruction

E.

Asset management and tracking

Question 8

What is true of security as it relates to cloud network infrastructure?

Options:

A.

You should apply cloud firewalls on a per-network basis.

B.

You should deploy your cloud firewalls identical to the existing firewalls.

C.

You should always open traffic between workloads in the same virtual subnet for better visibility.

D.

You should implement a default allow with cloud firewalls and then restrict as necessary.

E.

You should implement a default deny with cloud firewalls.

Question 9

Which of the following statements is true in regards to Data Loss Prevention (DLP)?

Options:

A.

DLP can provide options for quickly deleting all of the data stored in a cloud environment.

B.

DLP can classify all data in a storage repository.

C.

DLP never provides options for how data found in violation of a policy can be handled.

D.

DLP can provide options for where data is stored.

E.

DLP can provide options for how data found in violation of a policy can be handled.

Question 10

A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?

Options:

A.

An entitlement matrix

B.

A support table

C.

An entry log

D.

A validation process

E.

An access log

Question 11

Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?

Options:

A.

Infrastructure

B.

Datastructure

C.

Infostructure

D.

Applistructure

E.

Metastructure

Question 12

What is known as the interface used to connect with the metastructure and configure the cloud environment?

Options:

A.

Administrative access

B.

Management plane

C.

Identity and Access Management

D.

Single sign-on

E.

Cloud dashboard

Question 13

Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?

Options:

A.

Code Review

B.

Static Application Security Testing (SAST)

C.

Unit Testing

D.

Functional Testing

E.

Dynamic Application Security Testing (DAST)

Question 14

CCM: A hypothetical start-up company called "ABC" provides a cloud based IT management solution. They are growing rapidly and therefore need to put controls in place in order to manage any changes in

their production environment. Which of the following Change Control & Configuration Management production environment specific control should they implement in this scenario?

Options:

A.

Policies and procedures shall be established for managing the risks associated with applying changes to business-critical or customer (tenant)-impacting (physical and virtual) applications and system-

system interface (API) designs and configurations, infrastructure network and systems components.

B.

Policies and procedures shall be established, and supporting business processes and technical measures implemented, to restrict the installation of unauthorized software on organizationally-owned or

managed user end-point devices (e.g. issued workstations, laptops, and mobile devices) and IT infrastructure network and systems components.

C.

All cloud-based services used by the company's mobile devices or BYOD shall be pre-approved for usage and the storage of company business data.

D.

None of the above

Question 15

ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:

Options:

A.

Lack of completeness and transparency in terms of use

B.

Lack of information on jurisdictions

C.

No source escrow agreement

D.

Unclear asset ownership

E.

Audit or certification not available to customers

Question 16

How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?

Options:

A.

Use strong multi-factor authentication

B.

Secure backup processes for key management systems

C.

Segregate keys from the provider hosting data

D.

Stipulate encryption in contract language

E.

Select cloud providers within the same country as customer

Question 17

Which concept provides the abstraction needed for resource pools?

Options:

A.

Virtualization

B.

Applistructure

C.

Hypervisor

D.

Metastructure

E.

Orchestration

Question 18

When designing an encryption system, you should start with a threat model.

Options:

A.

False

B.

True

Question 19

If the management plane has been breached, you should confirm the templates/configurations for your infrastructure or applications have not also been compromised.

Options:

A.

False

B.

True

Question 20

Cloud applications can use virtual networks and other structures, for hyper-segregated environments.

Options:

A.

False

B.

True

Question 21

Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?

Options:

A.

Access control

B.

Federated Identity Management

C.

Authoritative source

D.

Entitlement

E.

Authentication

Question 22

Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

Options:

A.

Planned Outages

B.

Resiliency Planning

C.

Expected Engineering

D.

Chaos Engineering

E.

Organized Downtime

Question 23

Which of the following encryption methods would be utilized when object storage is used as the back-end for an application?

Options:

A.

Database encryption

B.

Media encryption

C.

Asymmetric encryption

D.

Object encryption

E.

Client/application encryption

Question 24

ENISA: A reason for risk concerns of a cloud provider being acquired is:

Options:

A.

Arbitrary contract termination by acquiring company

B.

Resource isolation may fail

C.

Provider may change physical location

D.

Mass layoffs may occur

E.

Non-binding agreements put at risk

Question 25

What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?

Options:

A.

The physical location of the data and how it is accessed

B.

The fragmentation and encryption algorithms employed

C.

The language of the data and how it affects the user

D.

The implications of storing complex information on simple storage systems

E.

The actual size of the data and the storage format

Question 26

How can web security as a service be deployed for a cloud consumer?

Options:

A.

By proxying or redirecting web traffic to the cloud provider

B.

By utilizing a partitioned network drive

C.

On the premise through a software or appliance installation

D.

Both A and C

E.

None of the above

Question 27

When investigating an incident in an Infrastructure as a Service (IaaS) environment, what can the user investigate on their own?

Options:

A.

The CSP server facility

B.

The logs of all customers in a multi-tenant cloud

C.

The network components controlled by the CSP

D.

The CSP office spaces

E.

Their own virtual instances in the cloud

Question 28

What is an advantage of using Kubernetes for container orchestration?

Options:

A.

Limited deployment options

B.

Manual management of resources

C.

Automation of deployment and scaling

D.

Increased hardware dependency

Question 29

Which best practice is recommended when securing object repositories in a cloud environment?

Options:

A.

Using access controls as the sole security measure

B.

Encrypting all objects in the repository

C.

Encrypting the access paths only

D.

Encrypting only sensitive objects

Question 30

When designing a cloud-native application that requires scalable and durable data storage, which storage option should be primarily considered?

Options:

A.

Network Attached Storage (NAS)

B.

Block storage

C.

File storage

D.

Object storage

Question 31

Why is snapshot management crucial for the virtual machine (VM) lifecycle?

Options:

A.

It allows for quick restoration points during updates or changes

B.

It is used for load balancing VMs

C.

It enhances VM performance significantly

D.

It provides real-time analytics on VM applications

Question 32

Which activity is a critical part of the Post-Incident Analysis phase in cybersecurity incident response?

Options:

A.

Notifying affected parties

B.

Isolating affected systems

C.

Restoring services to normal operations

D.

Documenting lessons learned and improving future responses

Question 33

Which of the following is a common security issue associated with serverless computing environments?

Options:

A.

High operational costs

B.

Misconfigurations

C.

Limited scalability

D.

Complex deployment pipelines

Question 34

What goal is most directly achieved by implementing controls and policies that aim to provide a complete view of data use and exposure in a cloud environment?

Options:

A.

Enhancing data governance and compliance

B.

Simplifying cloud service integrations

C.

Increasing cloud data processing speed

D.

Reducing the cost of cloud storage

Question 35

What is a key advantage of using Policy-Based Access Control (PBAC) for cloud-based access management?

Options:

A.

PBAC eliminates the need for defining and managing user roles and permissions.

B.

PBAC is easier to implement and manage compared to Role-Based Access Control (RBAC).

C.

PBAC allows enforcement of granular, context-aware security policies using multiple attributes.

D.

PBAC ensures that access policies are consistent across all cloud providers and platforms.

Question 36

Which approach creates a secure network, invisible to unauthorized users?

Options:

A.

Firewalls

B.

Software-Defined Perimeter (SDP)

C.

Virtual Private Network (VPN)

D.

Intrusion Detection System (IDS)

Question 37

According to NIST, what is cloud computing defined as?

Options:

A.

A shared set of resources delivered over the Internet

B.

A model for more-efficient use of network-based resources

C.

A model for on-demand network access to a shared pool of configurable resources

D.

Services that are delivered over the Internet to customers

Question 38

Which of the following BEST describes a benefit of Infrastructure as Code (IaC) in cybersecurity contexts?

Options:

A.

Reduces the need for security auditing

B.

Enables consistent security configurations through automation

C.

Increases manual control over security settings

D.

Increases scalability of cloud resources

Question 39

What is the primary purpose of secrets management in cloud environments?

Options:

A.

Optimizing cloud infrastructure performance

B.

Managing user authentication for human access

C.

Securely handling stored authentication credentials

D.

Monitoring network traffic for security threats

Question 40

What is the primary reason dynamic and expansive cloud environments require agile security approaches?

Options:

A.

To reduce costs associated with physical hardware

B.

To simplify the deployment of virtual machines

C.

To quickly respond to evolving threats and changing infrastructure

D.

To ensure high availability and load balancing

Question 41

What is the primary goal of implementing DevOps in a software development lifecycle?

Options:

A.

To create a separation between development and operations

B.

To eliminate the need for IT operations by automating all tasks

C.

To enhance collaboration between development and IT operations for efficient delivery

D.

To reduce the development team size by merging roles

Question 42

Which factors primarily drive organizations to adopt cloud computing solutions?

Options:

A.

Scalability and redundancy

B.

Improved software development methodologies

C.

Enhanced security and compliance

D.

Cost efficiency and speed to market

Question 43

Which areas should be initially prioritized for hybrid cloud security?

Options:

A.

Cloud storage management and governance

B.

Data center infrastructure and architecture

C.

IAM and networking

D.

Application development and deployment

Question 44

In the context of cloud security, what is the primary benefit of implementing Identity and Access Management (IAM) with attributes and user context for access decisions?

Options:

A.

Enhances security by supporting authorizations based on the current context and status

B.

Reduces log analysis requirements

C.

Simplifies regulatory compliance by using a single sign-on mechanism

D.

These are required for proper implementation of RBAC

Question 45

How does the variability in Identity and Access Management (IAM) systems across cloud providers impact a multi-cloud strategy?

Options:

A.

Adds complexity by requiring separate configurations and integrations.

B.

Ensures better security by offering diverse IAM models.

C.

Reduces costs by leveraging different pricing models.

D.

Simplifies the management by providing standardized IAM protocols.

Question 46

How can Identity and Access Management (IAM) policies on keys ensure adherence to the principle of least privilege?

Options:

A.

By rotating keys on a regular basis

B.

By using default policies for all keys

C.

By specifying fine-grained permissions

D.

By granting root access to administrators

Question 47

How does centralized logging simplify security monitoring and compliance?

Options:

A.

It consolidates logs into a single location.

B.

It decreases the amount of data that needs to be reviewed.

C.

It encrypts all logs to prevent unauthorized access.

D.

It automatically resolves all detected security threats.

Question 48

In a containerized environment, what is fundamental to ensuring runtime protection for deployed containers?

Options:

A.

Implementing real-time visibility

B.

Deploying container-specific antivirus scanning

C.

Using static code analysis tools in the pipeline

D.

Full packet network monitoring

Question 49

Which principle reduces security risk by granting users only the permissions essential for their role?

Options:

A.

Role-Based Access Control

B.

Unlimited Access

C.

Mandatory Access Control

D.

Least-Privileged Access

Question 50

Which approach is essential in identifying compromised identities in cloud environments where attackers utilize automated methods?

Options:

A.

Focusing exclusively on signature-based detection for known malware

B.

Deploying behavioral detectors for IAM and management plane activities

C.

Implementing full packet capture and monitoring

D.

Relying on IP address and connection header monitoring

Question 51

What's the difference between DNS Logs and Flow Logs?

Options:

A.

They represent the logging of different networking solutions, and DNS Logs are more suitable for a ZTA implementation

B.

DNS Logs record domain name resolution requests and responses, while Flow Logs record info on source, destination, protocol

C.

They play identical functions and can be used interchangeably

D.

DNS Logs record all the information about the network behavior, including source, destination, and protocol, while Flow Logs record users' applications behavior

Question 52

Which of the following best describes how cloud computing manages shared resources?

Options:

A.

Through virtualization, with administrators allocating resources based on SLAs

B.

Through abstraction and automation to distribute resources to customers

C.

By allocating physical systems to a single customer at a time

D.

Through manual configuration of resources for each user need

Question 53

How does network segmentation primarily contribute to limiting the impact of a security breach?

Options:

A.

By reducing the threat of breaches and vulnerabilities

B.

Confining breaches to a smaller portion of the network

C.

Allowing faster data recovery and response

D.

Monitoring and detecting unauthorized access attempts

Load More CCSK Questions 
Page: 1 / 18
Total 177 questions
Get CCSK Full Access Download CCSK PDF