[Dec-2023] Cloud Security Alliance CCSK DUMPS WITH REAL EXAM QUESTIONS
2023 New Prep4King CCSK PDF Recently Updated Questions
Cloud Security Alliance CCSK Foundation Exam Syllabus Topics:
| Section | Objectives |
|---|---|
| Security as a Service | -Potential Benefits and Concerns of SecaaS -Major Categories of Security as a Service Offerings |
| Compliance and Audit Management | -Compliance in the Cloud
-Audit Management in the Cloud
|
| Legal Issues, Contracts and Electronic Discovery | -Legal Frameworks Governing Data Protection and Privacy
-Contracts and Provider Selection
-Electronic Discovery
|
| Related Technologies | -Big Data -Internet of Things -Mobile -Serverless Computing |
| Management Plane and Business Continuity | -Business Continuity and Disaster Recovery in the Cloud -Architect for Failure -Management Plane Security |
| Application Security | -Opportunities and Challenges -Secure Software Development Lifecycle -How Cloud Impacts Application Design and Architectures -The Rise and Role of DevOps |
| Governance and Enterprise Risk Management | -Tools of Cloud Governance -Enterprise Risk Management in the Cloud -Effects of various Service and Deployment Models -Cloud Risk Trade-offs and Tools |
| Identity, Entitlement, and Access Management | -IAM Standards for Cloud Computing -Managing Users and Identities -Authentication and Credentials -Entitlement and Access Management |
| Incident Response | -Incident Response Lifecycle -How the Cloud Impacts IR |
The CCSK exam is delivered online and consists of 60 multiple-choice questions. Candidates have 90 minutes to complete the exam, and a passing score of 80% is required to earn the certification. CCSK exam is available in English, Japanese, and Spanish, and can be taken from anywhere in the world.
The CCSK certification exam has been developed by the Cloud Security Alliance (CSA), a non-profit organization that is dedicated to promoting the use of best practices for providing security assurance in cloud computing. The CSA has been working with industry experts and academics to develop a comprehensive body of knowledge that covers all aspects of cloud security. The CCSK certification exam is based on this body of knowledge and is designed to test a professional’s knowledge and skills in cloud security.
NEW QUESTION # 57
Which of the following document includes responsibilities and mechanisms for governance in cloud environment?
- A. Governance memo
- B. Contract
- C. Service Level Agreement
- D. Operational level Agreement
Answer: B
Explanation:
Cloud computing changes the responsibilities and mechanisms for implementing and managing governance. Responsibilities and mechanisms for governance are defined in the contract. as with any business relationship. If the area of concern isnt in the contract. there are no mechanisms available to enforce. and there is a governance gap. Governance gaps dont necessarily exclude using the provider, but they do require the customer to adjust their own processes to close the gaps or accept the associated risks.
Ref: Security Guidance v4.0 Copyright2017, Cloud Security Alliance (used for educational purpose here)
NEW QUESTION # 58
What is resource pooling?
- A. Internet-based CPUs are pooled to enable multi-threading.
- B. Placing Internet ("cloud") data centers near multiple sources of energy, such as hydroelectric dams.
- C. The dedicated computing resources of each client are pooled together in a colocation facility.
- D. The provider's computing resources are pooled to serve multiple consumers.
- E. None of the above.
Answer: D
NEW QUESTION # 59
Cloud applications can use virtual networks and other structures, for hyper-segregated environments.
- A. False
- B. True
Answer: B
NEW QUESTION # 60
Which of the following is not part of STRIDE model?
- A. Distributed Denial of Service
- B. Spoofing
- C. Denial of Service
- D. Elevation of Privilege
Answer: A
Explanation:
The letters in STRIDE threat model represent Spoofing of identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. The other options are simply mixed up or incorrect versions of the same.
NEW QUESTION # 61
ENISA: A reason for risk concerns of a cloud provider being acquired is:
- A. Resource isolation may fail
- B. Non-binding agreements put at risk
- C. Mass layoffs may occur
- D. Provider may change physical location
- E. Arbitrary contract termination by acquiring company
Answer: B
Explanation:
Explanation/Reference:
NEW QUESTION # 62
Which of the authentication is more secured?
- A. Multifactor Authentication
- B. Single Sign-on
- C. Biometric Authentication
- D. Password Authentication
Answer: A
Explanation:
Multifactor authentication is more secured than the rest because it has more than one aspect to authentication Multifactor authentication is composed of, at a minimum, two of the following aspects- something you know, something you are, or something you have. Something you know can be a password, passphrase, and so on. Something you have can be something like a number-generating transmit a number or fob, a smartphone capable of receiving text messages, or even a phone that can receive a call and then to the individual but that is only accessible from a very specific phone number.
Something you are is a biometric trait of yourself, as a living creature. This could be as unique and specific as your DNA fingerprint, or as cursorily general as a photograph.
NEW QUESTION # 63
Which of the following Storage type is NOT associated with SaaS solution?
- A. Raw Storage
- B. Content Delivery network
- C. Ephemeral Storage
- D. Volume Storage
Answer: D
Explanation:
Volume storage is commonly associated with IaaS solutions.
All the other 3 options are related to SaaS solutions
NEW QUESTION # 64
What can be implemented to help with account granularity and limit
blast radius with laaS an PaaS?
- A. Configuring role-based authentication
- B. Configuring secondary authentication
- C. Establishing multiple accounts
- D. Maintaining tight control of the primary account holder credentials
- E. Implementing least privilege accounts
Answer: C
NEW QUESTION # 65
How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?
- A. Segregate keys from the provider hosting data
- B. Select cloud providers within the same country as customer
- C. Stipulate encryption in contract language
- D. Secure backup processes for key management systems
- E. Use strong multi-factor authentication
Answer: A
NEW QUESTION # 66
Which of the following will not be provided by cloud services when requested by the customer?
- A. Details of security controls
- B. DLP solution results
- C. SIEM logs
- D. Geographical locations of the datacentre
Answer: A
Explanation:
The cloud service provider will not provide the details of security controls as it will harm the security of its infrastructure if the adversaries knows the details.
NEW QUESTION # 67
In which service model, cloud consumer is responsible to manage authorizations and entitlements only?
- A. Platform as a Service (PaaS)
- B. All of them
- C. Software as a Service (SaaS)
- D. Infrastructure as a Service (IaaS)
Answer: C
Explanation:
It is important to read the question carefully and then choose the best answer. Although cloud consumer is responsible for authorizations and entitlements across all service models but questions uses
"only''. Therefore, answer is Software as a Service (SaaS) and a SaaS provider is responsible for perimeter security, logging/ monitoring/auditing, and application security.
NEW QUESTION # 68
CCM: In the CCM tool, a is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.
- A. Risk Impact
- B. Domain
- C. Control Specification
Answer: C
NEW QUESTION # 69
Which attack surfaces, if any, does virtualization technology introduce?
- A. Virtualization management components apart from the hypervisor
- B. The hypervisor
- C. Configuration and VM sprawl issues
- D. All of the above
Answer: D
NEW QUESTION # 70
Term which defined acquired IT Technologies without the knowledge of IT Department is:
- A. Shadow servers
- B. Shadow application
- C. Shadow devices
- D. Shadow IT
Answer: D
Explanation:
Shadow IT is a term often used to describe information-technology systems and solutions built and used inside organizations without explicit organizational approval.
NEW QUESTION # 71
Which of the followinglS0 Standard provides Code of practice for information security controls based on IS0/IEC 27002for cloud services?
- A. ISO 27018
- B. ISO 27017
- C. ISO 27034
- D. ISO 27032
Answer: B
Explanation:
IS0 27017 provides Code of practice for information security controls based on ISO/IEC27002 for cloud services.
NEW QUESTION # 72
Which of the following best describes the relationship between a cloud provider and the customer?
- A. Privacy Level Agreement
- B. Contract
- C. Service Level Agreement
- D. Operational level Agreement
Answer: B
Explanation:
Contract is the most suitable answer here. It can be argued that Service Level Agreement could also be an answer but SLA is a negotiation/agreement for minimum service-levels expected. Contract is the document that defines the relation-ship between Cloud service provider and customer
NEW QUESTION # 73
According to CSA Security Guidelines, there are four layers of Logical Model for cloud computing. Which of the following is not one of the layers as defined by Cloud Security Alliance?
- A. Softstructure
- B. Metastructure
- C. Applistructure
- D. Infrasturcture
Answer: A
Explanation:
The four layers of Logical Model for cloud computing according to Cloud Security Alliance are:
1. Infrastructure: The core components of a computing system: compute, network, and storage. The foundation that everything else is built on. The moving parts.
2. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration.
3. Infostructure: The data and information. Content in a database, file storage, etc.
4. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services.
NEW QUESTION # 74
Identifying the specific threats against servers and determine the effectiveness of existing security controls in counteracting the threats. is known as:
- A. Risk Management
- B. Risk Determination
- C. Risk Assessment
- D. Risk Mitigation
Answer: A
Explanation:
like this, which has similar-looking answers should be carefully answered Risk Management is overall process which covers from identifying threats to ultimately review the effectiveness of the controls.
NEW QUESTION # 75
......
Latest CCSK Pass Guaranteed Exam Dumps Certification Sample Questions: https://www.prep4king.com/CCSK-exam-prep-material.html
CCSK Exam with Guarantee Updated 120 Questions: https://drive.google.com/open?id=10n8DevzjwU0jYYfmfZbf7VQJ4upuTGil
