Authentic Best resources for CCSK Test Engine Practice Exam
[2021] CCSK PDF Questions - Perfect Prospect To Go With ActualTorrent Practice Exam
NEW QUESTION 115
Which of the following is an assurance program and documentation registry for cloud provider assessments?
- A. CSA Cloud Controls Matrix
- B. CSA governance charter
- C. CSA Star
- D. CSA Consensus Assessments Initiative Questionnaire
Answer: C
Explanation:
The Cloud Security Alliance STAR Registry is an assurance program and documentation registry or cloud provider assessments based on the CSA Cloud Controls Matrix and Consensus Assessments Initiative Questionnaire. Some providers also disclose documentation for additional certifications and assessments(including self-assessments).
Ref: Security Guidance v4.0 Copyright2017, Cloud Security Alliance(used for educational purpose here)
NEW QUESTION 116
Which of the following can result in vendor lock-in?
- A. Favourable contract in favour of customer
- B. Large datasets
- C. technology
- D. Proprietary data formats
Answer: D
Explanation:
Proprietary data formats should be avoided. This can result in vendor lock-in.
NEW QUESTION 117
Which cloud storage technology is basically a virtual hard drive for instanced or VMs?
- A. Application
- B. Object storage
- C. Platform
- D. Database
- E. Volume storage
Answer: E
NEW QUESTION 118
One of the part of STRIDE model is:
- A. Denial of Service
- B. Redundancy
- C. Reputation
- D. Security
Answer: A
Explanation:
The six components that made STRIDE are:
1. Spoofing: Attacker assumes identity of subject
2. Tampering: Data or messages altered by an attacker
3. Repudiation: illegitimate denial of an event
4. Information disclosure: Information obtained without authorization
5. Denial of service: Attacker overloads system to deny legitimate access
6. Elevation of privilege: Attacker gains a privilege level above what is permitted
NEW QUESTION 119
Which of the following describes the cloud security reference architecture?
- A. ISO 27001
- B. ISO 17789
- C. ISO 17788
- D. ISO 27032
Answer: C
Explanation:
ISO 17788 has a cloud reference architecture
NEW QUESTION 120
One of the key technologies that have made cloud computing viable is:
- A. VLANs
- B. Distributed networking
- C. Storage controllers
- D. Virtualization
Answer: D
Explanation:
Virtualization technologies enable cloud computing to become a real and scalable service offering due to the savings, sharing, and allocations of resources across multiple tenants and environments.
NEW QUESTION 121
Which of following responsibilities can never be transferred. even during cloud adoption?
- A. Application Development
- B. Infrastructure
- C. Security
- D. Governance
Answer: D
Explanation:
The primary issue to remember when governing cloud computing is that an organization can never outsource responsibility for governance, even when using external providers. This is always true, cloud or not, but is useful to keep in mind when navigating cloud computing's concepts of shared responsibility models Ref: CSA Security Guidelines V4.0
NEW QUESTION 122
Metrics which govern the contractual obligations of cloud service are found in:
- A. Service Book
- B. Operational Level Agreement(OLA)
- C. Contract itself
- D. Service Level agreements(SLA)
Answer: D
Explanation:
The SLA is the list of defined, specific, numerical metrics that will used to determine whether the provider is sufficiently meeting the contract terms during each period of performance.
NEW QUESTION 123
The entity that has the primary relationship with an individual from whom his/her PII is collected is known as:
- A. Data custodian
- B. Data Controller
- C. Data Manager
- D. Data processor
Answer: B
Explanation:
The data controller(typically the entity that has the primary relationship with an individual) is prohibited from collecting and processing personal data unless certain criteria are met. For example, if the data subject has consented to the collection and proposed uses of his or her data, then the controller may collect and process data, according to the consent agreement.
Ref: Security Guidance v4.0 Copyright2017, Cloud Security Alliance
NEW QUESTION 124
Which of the following is a key consideration in Data security but does not feature in Data Security Life cycle?
- A. Storage Device
- B. Storage protocol
- C. Storage Location
- D. Access Method
Answer: C
Explanation:
The lifecycle represents the phases information passes through but doesnt address its location or how it is accessed.
NEW QUESTION 125
Which of the following decouples the network control plane from the data plane and allows to abstract networking from the tradition a limitations of a LAN?
- A. VLANS
- B. Converged Networking
- C. Traditional Networking
- D. Software defined networking
Answer: D
Explanation:
Software Defined Networking(SDN):A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data plane(you can read more on SDN principles at this Wikipedia entry).This allows us to abstract networking from the traditional limitations of a LAN.
Reference: CSA Security Guidelines V4.0
NEW QUESTION 126
A cloud storage architecture that caches content close to locations of high demand is known as:
- A. Ephemeral Storage
- B. Content Delivery Network(CDN)
- C. Block Data
- D. Volume Data
Answer: B
Explanation:
A content delivery network(CDN) is a system of distributed servers(network) that deliver pages and other Web content to a user. based on the geographic locations of the user. the origin of the webpage and the content delivery server.
NEW QUESTION 127
Which one of the following is the key techniques to create cloud infrastructure?
- A. Abstraction
- B. Authentication
- C. Classification
- D. Orientation
Answer: A
Explanation:
The key techniques to create a cloud are abstraction and orchestration. We abstract the resources from the underlying physical infrastructure to create our pools, and use orchestration (and automation) to coordinate carving out and delivering a set of resources from the pools to the consumers. As you will see, these two techniques create all the essential characteristics we use to define something as a
"cloud."
Ref: CSA Security Guidelines V4.0
NEW QUESTION 128
Cloud architectures necessitate certain roles which are extremely high-risk. Examples of such roles include CP system administrators and auditors and managed security service providers dealing with intrusion detection reports and incident response. They are known as high-risk because their malicious activities can lead to abuse of high privilege roles and can impact confidentiality, integrity and availability of data.
- A. False
- B. True
Answer: A
NEW QUESTION 129
Which of the following help to intermediate IAM between an organization's existing identity providers and many different cloud services used by the organization?
- A. Active Director
- B. Relying Party
- C. Cloud Access Security Broker
- D. Federated Identity Provider
Answer: D
Explanation:
One of the better-known categories heavily used in cloud security is Federated Identity Brokers. These services help intermediate IAM between an organization's existing identity providers(internal Security Guidance v4.0 Copyright2017. Cloud Security Alliance. All rights reserved or cloud-hosted directories) and the many different cloud services used by the organization. They can provide web-based Single Sign
0n(SS0). helping ease some of the complexity of connecting to a wide range of external services that use different federation configurations.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)
NEW QUESTION 130
Which governance domain deals with evaluating how cloud computing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?
- A. Compliance and Audit Management
- B. Legal Issues: Contracts and Electronic Discovery
- C. Infrastructure Security
- D. Governance and Enterprise Risk Management
- E. Information Governance
Answer: A
NEW QUESTION 131
What would you call logic/procedures running on a shared database platform as?
- A. Serverless Computing
- B. Virtual Machine
- C. Container
- D. Platform-based Workload
Answer: D
Explanation:
Platform-based workloads: This is a more complex category that covers workloads running on a shared platform that aren't virtual machines or containers, such as logic/procedures running on a shared database platform. Imagine a stored procedure running inside a multitenant database, or a machine- learning job running on a machine-learning Platform as a Service. Isolation and security are totally the responsibility of the platform provider, although the provider may expose certain security options and controls.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)
NEW QUESTION 132
Single cloud assets are typically less resilient than in the case of traditional infrastructure.
- A. True
- B. False
Answer: A
Explanation:
Cloud platforms can be incredibly resilient. but single cloud assets are typically less resilient than in the case of traditional infrastructure. This is due to the inherently greater fragility of virtualized resources running in highly-complex environments.
Reference: CSA Security Guidelines V.4 (reproduced here for the educational purpose)
NEW QUESTION 133
......
Best updated resource for CCSK Online Practice Exam: https://www.actualtorrent.com/CCSK-questions-answers.html
Realistic Practice CCSK Certificate of Cloud Security Knowledge (v4.0) Exam Exam Braindumps: https://drive.google.com/open?id=1uHvYndqgyV63wqyfStBsLKHz8dkHUgME