[May-2022] Dumps Practice Exam Questions Study Guide for the CCSK Exam [Q45-Q70]

[May-2022] Dumps Practice Exam Questions Study Guide for the CCSK Exam

CCSK Dumps with Practice Exam Questions Answers

NEW QUESTION 45
Which of the following leverages virtual network topologies to run more. smaller. and more isolated networks without incurring additional hardware costs that historically make such models prohibitive?

• A. VLANS
• B. BitVLANS
• C. Micro segmentation
• D. Micro LANs

Answer: C

Explanation:
Micro segmentation(also sometimes referred to as hyper segregation) leverages virtual network topologies to run more, smaller, and more isolated networks without incurring additional hardware costs that historically make such models prohibitive. Since the entire networks are defined in software without many of the traditional addressing issues, it is far more feasible to run these multiple, software- defined environments.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 46
Which of the following is not one of the essential characteristics of Cloud Computing?

• A. Resource Sharing
• B. Broad network access
• C. On-demand self service
• D. Rapid elasticit

Answer: A

Explanation:
Resource sharing is not one of the key characteristics of Cloud Computing

 

NEW QUESTION 47
Which is the set of technologies that are designed to detect conditions indicative of a security vulnerability in an application in its running state?

• A. Static application security Testing(SAST)
• B. Enterprise Threat Modelling
• C. Dynamic application security testing(DAST)
• D. STRIDE

Answer: C

Explanation:
Definitions:
SAST- Static application security testing(SAST) is a type of security testing that relies on inspecting the source code of an application. ln general, SAST involves looking at the ways the code is designed to pinpoint possible security flaws.
DAST- Dynamic application security testing(DAST) technologies are designed to detect conditions indicative of a security vulnerability in an application in its running state

 

NEW QUESTION 48
Which of the following storages is typically used for swap files and other temporary storage needs and is terminated with its instance?

• A. Object based Storage
• B. Ephemeral Storage
• C. Raw Storage
• D. Content Deliver

Answer: B

Explanation:
Ephemeral storage: This type of storage is relevant for SaaS instances and exists only as long as its instance is up. It is typically used for swap files and other temporary storage needs and is terminated with its instance.

 

NEW QUESTION 49
Which of the following allows organizations to access, report, and obtain evidence of actions, controls, and processes that were performed or run by a specified user?

• A. Acceptability
• B. Auditability
• C. Accountability
• D. Traceability

Answer: B

Explanation:
Auditability is the trait where organisations can collect and verify the correctness of the organisations processes and procedures.

 

NEW QUESTION 50
A unit of processing, which can be in a virtual machine, a container, or other abstraction and always run somewhere on a processor and consume memory is called:

• A. Workload
• B. Device
• C. Controller
• D. Host

Answer: A

Explanation:
A workload is a unit of processing, which can be in a virtual machine, a container, or other abstraction.
Workloads always run somewhere on a processor and consume memory. Workloads include a very diverse range of processing tasks, which range from traditional applications running in a virtual machine on a standard operating system, to GPU- or FPGA-based specialized tasks Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

 

NEW QUESTION 51
Who decides the risk appetite of the organization?

• A. CIO
• B. CEO
• C. Risk Officer
• D. Senior Management

Answer: D

Explanation:
It is the Senior Management who decides the appetite of the organization

 

NEW QUESTION 52
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:

• A. Lack of completeness and transparency in terms of use
• B. Lack of information on jurisdictions
• C. Unclear asset ownership
• D. No source escrow agreement
• E. Audit or certification not available to customers

Answer: A

 

NEW QUESTION 53
When creating business strategies for cloud migration. which is the most important aspect?

• A. Choosing the right auditor
• B. Valuating current staff for their capabilities
• C. Hiring a cloud broker
• D. Due Diligence when inspecting technologies and choosing cloud provider

Answer: D

Explanation:
Due Diligence is most important aspect when considering adoption to the cloud

 

NEW QUESTION 54
Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?

• A. Extensible Markup Language (XML)
• B. Resource Description Framework (RDF)
• C. Application Binary Interface (ABI)
• D. Application Programming Interface (API)
• E. Software Development Kits (SDKs)

Answer: D

 

NEW QUESTION 55
Which of the following establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment?

• A. IS0 27018
• B. IS0 27017
• C. IS0 27034
• D. IS0 27032

Answer: A

Explanation:
IS0/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment.

 

NEW QUESTION 56
Which of the following is the key difference between cloud computing and traditional virtualization?

• A. Abstraction
• B. Orchestration
• C. Isolation
• D. Classification

Answer: B

Explanation:
Orchestration is the difference between cloud computing and traditional virtualization; virtualization abstracts resources. but it typically lacks the orchestration to pool them together and deliver them to customers on demand. instead relying on manual processes.
Ref: CSA Security Guidelines V4.0

 

NEW QUESTION 57
Which of the following Standards define "Application Security Management Process" (ASMP)?

• A. ISO 27036-1
• B. ISO 27038-1
• C. ISO 27032-1
• D. ISO 27034-1

Answer: D

Explanation:
The International Organization for Standardization(ISO) has developed and published ISO/ IECN27034-1,
"Information Technology, eSecurity Techniques, eApplication Security, IS0/ IEC27034-1 defines concepts, frameworks, and processes to help organizations integrate security within their software development lifecycle.

 

NEW QUESTION 58
Logs, documentation, and other materials needed for audits and compliance and often serve as evidence of compliance activities are known as:

• A. Log Trail
• B. Proof of Audit
• C. Artifacts
• D. Documented Evidence

Answer: C

Explanation:
Artifacts are the logs, documentation, and other materials needed for audits and compliance; they are the evidence to support compliance activities. Both providers and customers have responsibilities for producing and managing their respective artifacts.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 59
Which document defines the minimum levels of service availability, security, controls, processes, communications & support?

• A. Statement of Applicability (SOA)
• B. Operation level agreement(OLA)
• C. Standard Operating Procedure(SOP)
• D. Service Level agreement(SLA)

Answer: D

Explanation:
SLA is correct answer here. Operational Level Agreements(0LA) refers to agreements that are done between business units within the organisation. Standard Operating procedure(SOP)as the name suggest refers to procedural document to conduct an activity/process. Statement of Applicability(SOA) is alS027001 compliance document which list all the relevant security controls applied to the organisation.

 

NEW QUESTION 60
The example of two administrators required to complete an operation in cloud is an example of:

• A. Mandy
• B. Separy
• C. Collaborative effons
• D. Conflict of interest

Answer: B

Explanation:
Separation of duties(SoD)(also known as "Segregation of duties") is the concept of having more than one person required to complete a task. ln business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error.

 

NEW QUESTION 61
One of the key technologies that have made cloud computing viable is:

• A. Storage controllers
• B. VLANs
• C. Virtualization
• D. Distributed networking

Answer: C

Explanation:
Virtualization technologies enable cloud computing to become a real and scalable service offering due to the savings, sharing, and allocations of resources across multiple tenants and environments.

 

NEW QUESTION 62
Which concept provides the abstraction needed for resource pools?

• A. Metastructure
• B. Hypervisor
• C. Applistructure
• D. Orchestration
• E. Virtualization

Answer: E

 

NEW QUESTION 63
Insufficient Identity. Credential and Access Management can lead to which of the following?

• A. Spoofing Identity
• B. All of the above
• C. Information Disclosure
• D. Tampering with Data

Answer: B

Explanation:
Sufficient Identity and Access Management practice should be followed in cloud environment.
Weakness in Identity, Credential and Access Management can lead to all types of threats as a compromised credential opens door to complete internal infrastructure.

 

NEW QUESTION 64
CCM: In the CCM tool, a is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

• A. Risk Impact
• B. Control Specification
• C. Domain

Answer: B

 

NEW QUESTION 65
As we move from Software as a Service Model towards Infrastructure as a service Model. security responsibility decreases from towards cloud consumer from that of Cloud Service Provider.

• A. False
• B. True

Answer: A

Explanation:
The answer is False. This is a very tricky question and it has to be read and understood well before answering.
It is always the other way around. Cloud consumer's security increases when you move from Software as a service model to Infrastructure as a Service Model.

 

NEW QUESTION 66
How is encryption managed on multi-tenant storage?

• A. One key per data owner
• B. C for data subject to the EU Data Protection Directive; B for all others
• C. Single key for all data owners
• D. Multiple keys per data owner
• E. The answer could be A, B, or C depending on the provider

Answer: A

 

NEW QUESTION 67
What item below allows disparate directory services and independent security domains to be interconnected?

• A. Coalition
• B. Cloud
• C. Federation
• D. Intersection
• E. Union

Answer: C

 

NEW QUESTION 68
What is true of searching data across cloud environments?

• A. You can easily search across your environment using any E-Discovery tool.
• B. Search and discovery time is always factored into a contract between the consumer and provider.
• C. You might not have the ability or administrative rights to search or access all hosted data.
• D. The cloud provider must conduct the search with the full administrative controls.
• E. All cloud-hosted email accounts are easily searchable.

Answer: C

 

NEW QUESTION 69
An incident in which sensitive, protected or confidential information is released, viewed, stolen or used by an individual who is not authorized to do so, is called:

• A. Data Breach
• B. Data Denial
• C. Data Disclosure
• D. Data Dispersion

Answer: A

Explanation:
It is the definition of Data breach. It should not be confused with data disclosure. The incident can lead to information disclosure but incident, itself, will be termed as Data Breach.

 

NEW QUESTION 70
......

Free Cloud Security Knowledge CCSK Exam Question: https://examcollection.realvce.com/CCSK-original-questions.html