• Home
  • Articles
  • [Q27-Q45] Top Cloud Security Alliance CCSK Courses Online - Updated [Nov-2021]

[Q27-Q45] Top Cloud Security Alliance CCSK Courses Online - Updated [Nov-2021]

Share

Top Cloud Security Alliance CCSK Courses Online - Updated [Nov-2021]

CCSK Practice Dumps - Verified By PassSureExam Updated 300 Questions


For more info read reference:

Register for the exam

Exam Details

FAQs and Guide

 

NEW QUESTION 27
When a cloud customer uploads PII to a cloud provider. who becomes ultimately responsible for the security of that PII?

  • A. The individuals who are the subject of the PII
  • B. Regulator
  • C. Cloud Provider
  • D. Cloud customer

Answer: D

Explanation:
Under current law, the data owner is responsible for any breaches that result in unauthorized disclosure of PII; this includes breaches caused by contracted parties and outsources services. The data owner is the cloud customer.

 

NEW QUESTION 28
According to ENISA(European Network and Information Security Agency) document on Security risk and recommendation. Isolation Failure is:

  • A. Technical Risk
  • B. Organizational Risk
  • C. Compliance Risk
  • D. Management Risk

Answer: A

Explanation:
Isolation failure is defined as:
Multi-tenancy and shared resources are two of the defining characteristics of cloud computing environments. Computing capacity, storage, and network are shared between multiple users. This class of risks includes the failure of mechanisms separating storage, memory, routing, and even reputation between different tenants of the shared infrastructure(e.g, so-called guest-hopping attacks, SQL injection attacks exposing multiple customers' data stored in the same table, and side channel attacks).

 

NEW QUESTION 29
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

  • A. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
  • B. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
  • C. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.
  • D. Both B and D.
  • E. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.

Answer: C

 

NEW QUESTION 30
In which cloud service model is the customer only responsible for the data?

  • A. CaaS
  • B. IaaS
  • C. SaaS
  • D. PaaS

Answer: C

Explanation:
SaaS is the model in which the customer supplies only the data; in the other models, the customer also supplies the 0S, the application, or both.

 

NEW QUESTION 31
A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?

  • A. An entitlement matrix
  • B. An entry log
  • C. A support table
  • D. An access log
  • E. A validation process

Answer: E

 

NEW QUESTION 32
Which are the two major categories of network virtualization commonly seen in cloud computing today?

  • A. Virtual Private Networks and Converged Network
  • B. Software Defined Networks and Virtual Private Networks
  • C. Virtual LANS(VLANs)and Converged Networks
  • D. Software Defined Networks and Virtual LANs(VLANs)

Answer: C

Explanation:
There are two major categories of network virtualization commonly seen in cloud computing today:
. Virtual Local Area Networks (VLANs): VLANs leverage existing network technology implemented in most network hardware.
VLANs are extremely common in enterprise networks, even without Management Storage Service Management plane to nodes storage nodes (volumes) to compute nodes (instances) Internet to compute nodes Instances to instance Common networks underlying IaaS. They are designed for use in single-tenant networks (enterprise data centers) to separate different business units, functions, etc. (like guest networks). VLANs are not designed for cloud-scale virtualization or security and shouldn't be considered, on their own, an effective security control for isolating networks. They are also never a substitute for physical network segregation.
. Software Defined Networking(SDN): A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data. This allows us to abstract networking from the traditional limitations of a LAN.
Ref: CSA Security Guidelines V.4 (reproduced here for the educational purpose)

 

NEW QUESTION 33
Which of the below hypervisors are 0S based and are more attractive to attackers?

  • A. Type III
  • B. Type I
  • C. Type II
  • D. Type V

Answer: C

Explanation:
Type II hypervisors are 0S-based and more attractive to attackers. There are lot of vulnerabilities which are found not only on 0S but also in applications residing on the 0S.

 

NEW QUESTION 34
Ben was working on a project and hosted all its data on a public cloud. The project is now complete and he wants to remove the data Which of the following is best option for him in order to leave no remanence?

  • A. Physically destroy the media
  • B. Cryptographic erasure
  • C. Zeroing
  • D. Data-overwriting

Answer: B

Explanation:
All the options given are correct methods of destroying data but when it comes to data in cloud. the most suitable method is cryptographic erasure.
Definition: Cryptographic Erasure
Cryptographic erasure is the process of using encryption software (either built-in or deployed) on the entire data storage device. and erasing the key used to decrypt the data.

 

NEW QUESTION 35
Which is the core technology for enabling cloud computing and used to convert fixed infrastructure into pooled resources?

  • A. Application Programming Interfaces
  • B. Software Defined Networking
  • C. Auto-Scaling
  • D. Virtualization

Answer: D

Explanation:
Virtualization isn't merely a tool for creating virtual machines-it's the core technology for enabling cloud computing. We use virtualization all throughout computing, from full operating virtual machines to virtual execution environments like the Java Virtual Machine, as well as in storage, networking, and beyond.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

 

NEW QUESTION 36
CCM: In the CCM tool, a is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

  • A. Control Specification
  • B. Risk Impact
  • C. Domain

Answer: A

 

NEW QUESTION 37
The key focus of any business continuity or disaster recovery should be:

  • A. Financial documents
  • B. Critical assets
  • C. Critical infrastructure
  • D. Health and human safety

Answer: D

Explanation:
The primary goal of whole business continuity and disaster recovery exercise should be health and human safety.

 

NEW QUESTION 38
Database as a Service is an example of :

  • A. Platform as a Service(PaaS)
  • B. Program as a Service(PaaS)
  • C. Infrastructure as a Service(IaaS)
  • D. Software as a Service(SaaS)

Answer: A

Explanation:
One option. frequently seen in the real world and illustrated in our model. is to build a platform on top of IaaS. A layer of integration and middleware is built on IaaS. then pooled together. orchestrated. and exposed to customers using APIs as PaaS. For example, a Database as a Service could be built by deploying modified database management system software on instances running in IaaS. The customer manages the database via API (and a web console) and accesses it either through the normal database network protocols, or, again, via API.
Ref: CSA Security Guidelines V4.0

 

NEW QUESTION 39
Which governance domain deals with evaluating how cloud computing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?

  • A. Infrastructure Security
  • B. Legal Issues: Contracts and Electronic Discovery
  • C. Information Governance
  • D. Governance and Enterprise Risk Management
  • E. Compliance and Audit Management

Answer: E

 

NEW QUESTION 40
Where does the encryption engine and key reside when doing file-level encryption?

  • A. Encryption engine resides on the server and keys on the client side
  • B. On the instance attached to the system
  • C. On the KMS attached to the system
  • D. On the client side

Answer: B

Explanation:
File-level encryption: Database servers typically reside on volume storage. For this deployment, you are encrypting the volume or folder of the database, with the encryption engine and keys residing on the instances attached to the volume.
External file system encryption protects from media theft, lost backups, and external attack but does not protect against attacks with access to the application layer, the instances 0S, or the data

 

NEW QUESTION 41
John said that he is looking for cloud service which is self-serviced and has a on-demand capacity. Which service model is he referring to?

  • A. IaaS
  • B. SaaS
  • C. XaaS
  • D. PaaS

Answer: A

Explanation:
Following are the characteristics of IaaS service model of cloud computing:
1. Scale
2. Converged network and IT capacity pool
3. Self-service and on-demand capacity
4. High reliability and resilience

 

NEW QUESTION 42
Exploitable bugs in programs that attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system or disrupting service operations, are called:

  • A. Threat Agents
  • B. Threats
  • C. Vulnerbilities
  • D. Honepots

Answer: C

 

NEW QUESTION 43
NIST defines five characteristics of cloud computing- Rapid Elasticity, Broad Network Access, 0n demand self-service, Metered Usage & Resource pooling. However, IS0/lEC17788 mentions one more characteristic in addition is those 5. Which of the following is that characterstic?

  • A. Segregation
  • B. Automation
  • C. Isolation
  • D. Multitenancy

Answer: D

Explanation:
IS0/lEC17788 lists six key characteristics. the first five of which are identical to the NIST characteristics.
The only addition is multitenancy. which is distinct from resource pooling.
Ref: CSA Security Guidelines V4.0

 

NEW QUESTION 44
ln order to determine critical assets and processes of the organization, it must first conduct a:

  • A. Business Impact Analysis(BIA)
  • B. Risk Assessment
  • C. Datacentre monitoring
  • D. Host hardening

Answer: A

Explanation:
This is a process known as the business impact analysis(BIA). We determine a value for every asset(usually in terms of dollars),,what it would cost the organization if we lost that asset(either temporarily or permanently), what it would cost to replace or repair that asset, and any alternate methods for dealing with that loss.

 

NEW QUESTION 45
......

New (2021) Cloud Security Alliance CCSK  Exam Dumps: https://www.passsureexam.com/CCSK-pass4sure-exam-dumps.html

Updated CCSK  Exam Dumps - PDF Questions and Testing Engine: https://drive.google.com/open?id=1dKUq0xG6ZCkRKW6WWvAqWnfZ2XUhRhXZ

Related Articles

more
Cloud Security Alliance CCSK Certification Practice Exam