
CCSK exam questions for practice in 2021 Updated 300 Questions
Updated Dec-2021 Premium CCSK Exam Engine pdf - Download Free Updated 300 Questions
What is the duration, language, and format of the Certificate of Cloud Security Knowledge (CCSK) Exam
- Time Allowed: 90 minutes
- Number of questions: 60
- Language of Exam: English, Spanish
- Format: Multiple Choice Questions
- Passing score: 80%
Certificate of Cloud Security Knowledge (CCSK) Exam Certification Path
I would like to characterize the CCSK as a “survey course” comparable to university introductory courses. The CCSK offers a broad cloud security overview with hooks to dig deeper into the particular coverage area of a student. For instance, developers and application security practitioners can learn how and where to learn more about application security in the cloud and what is different. While an auditor studies the principles of cloud evaluation and auditing and compliance maintenance. So really any career path that overlaps cloud and security.
No official work experience is required, but at least a basic understanding of security fundamentals such as firewalls, secure development, encryption, and identity and access management is helpful for attendees. Hence consider studying the CCSK dumps as part of the certification process.
NEW QUESTION 67
In a cloud scenario. who is the data processor and who is the data controller?
- A. Cloud Service Provider is the data processor and its customer is the data controller
- B. Cloud Service Provider is the data controller and its customer is the data processor
- C. Neither cloud service provider nor customer is data processor or data controller.
- D. Database admin is the data controller and application owner is the data processor
Answer: A
Explanation:
The customer determines the ultimate purpose of the processing and decides on the outsourcing or the delegation of all or part of the concerned activities to external organizations. Therefore, the customer acts as a controller.
When the service provider supplies the means and the platform, acting on behalf of the customer, it is considered to be a data processor.
NEW QUESTION 68
Which of the following is typically a policy set that define ingress and egress rules that can apply to single assets or groups of assets, regardless of network location?
- A. Database Activity Monitor
- B. Security Groups
- C. Intrusion Detection System
- D. API Gateway
Answer: B
Explanation:
SDN firewalls (e.g, security groups) can apply to assets based on more flexible criteria than hardware- based firewalls, since they aren't limited based on physical topology. (Note that this is true of many types of software firewalls, but is distinct from hardware firewalls). SDN firewalls are typically policy sets that define ingress and egress rules that can apply to single assets or groups of assets, regardless of network location (within a given virtual network).
Reference: CSA Security Guidelines V.4 (reproduced here for the educational purpose)
NEW QUESTION 69
Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.
- A. False
- B. True
Answer: B
NEW QUESTION 70
Which is the most important trust mechanism between cloud service provider and cloud customer?
- A. Audit reports
- B. Meeting SLA requirements
- C. Logging and Monitoring reports
- D. Contract
Answer: D
Explanation:
Contract is the most important document which defines trust and relationship between cloud service provider and the customer.
NEW QUESTION 71
Which of the following are two most effective ways of protection against data breaches in the cloud environment?
- A. Data Loss Prevention techniques and Web Application Firewall
- B. Contracts and SLAs
- C. Encryption and Honeypot
- D. Multifactor Authentication and Encryption
Answer: D
Explanation:
Multifactor Authentication and Encryption are most effective protect mechanisms against data breaches in cloud environment. Other options do form part of overall security strategy in cloud but Option D is the strongest contender for the answer.
NEW QUESTION 72
Code execution environments that run within an operating system. sharing and leveraging resources of that operating system. are known as:
- A. VMs
- B. Host
- C. Containers
- D. Nodes
Answer: C
Explanation:
Containers are code execution environments that run within an operating system(for now), sharing and leveraging resources of that operating system. While a VM is a full abstraction of an operating system, a container is a constrained place to run segregated processes while still utilizing the kernel and other capabilities of the base 0S.
Ref: CSA Security Guidelines V4.0
NEW QUESTION 73
Security Governance, Risk and Compliance(GRC) is, generally, responsibility of which of the following across all the platforms (IaaS, PaaS and SaaS)?
- A. Cloud Service Provider
- B. Joint Responsibility
- C. Customer
- D. Shared responsibility
Answer: C
Explanation:
GRC is responsibility of the customer across all service models.
NEW QUESTION 74
Lack of CPU or network bandwidth and intermittent access to provisioned resources are examples of which of the following cloud risk?
- A. Resource Exhaustion
- B. Isolation failure
- C. API vulnerabilities
- D. Software vulnerabilities
Answer: A
Explanation:
They are all examples of resource exhaustion
NEW QUESTION 75
Which of the following is key benefit of private cloud model?
- A. Assurance of Data Location
- B. Off-loading IT Management
- C. Less expensive
- D. Distributed data location
Answer: A
Explanation:
One of the key challenges in cloud computing is its distributed environment and dispersed data centers across the globe. It is very difficult to trace data location in public clouds.
Therefore. Assurance of data location is key advantage of private cloud.
NEW QUESTION 76
Which of the following controls and configures the metastructure, and is also part of the metastructure itself?
- A. Web Application Firewall
- B. Network Firewall
- C. Management Plance
- D. API Gateway
Answer: C
Explanation:
The management plane controls and configures the metastructure, and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets (like networks and processors) and using them to build resource pools. Meta structure is the glue and guts to create, provision, and deprovision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud.
Ref: CSA Security Guidelines v4.0
NEW QUESTION 77
In which cloud service model is the customer only responsible for the data?
- A. IaaS
- B. SaaS
- C. CaaS
- D. PaaS
Answer: B
Explanation:
SaaS is the model in which the customer supplies only the data; in the other models, the customer also supplies the 0S, the application, or both.
NEW QUESTION 78
Which one of the following is not one the cloud deployment models?
- A. Community
- B. Joint
- C. Public
- D. Private
Answer: B
Explanation:
The four cloud deployment models are
1. Public
2. Private
3. Hybrid
4. Community
NEW QUESTION 79
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?
- A. Increased need, but reduction in costs, for managing risks accepted by the cloud provider.
- B. Greater reliance on contracts, audits, and assessments due to lack of visibility or management.
- C. None of the above.
- D. Decreased requirement for proactive management of relationship and adherence to contracts.
- E. More physical control over assets and processes.
Answer: B
Explanation:
Explanation/Reference:
NEW QUESTION 80
Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?
- A. Software Development Kits (SDKs)
- B. Application Binary Interface (ABI)
- C. Extensible Markup Language (XML)
- D. Application Programming Interface (API)
- E. Resource Description Framework (RDF)
Answer: D
Explanation:
Explanation/Reference:
NEW QUESTION 81
Which of the following are communications method for components within a cloud, some of which (or an entirely different set) are exposed to the cloud user to manage their resources and configurations?
- A. Application Programming Interfaces (API)
- B. API Gateway
- C. Data Identifiers
- D. IPSEC
Answer: A
Explanation:
All this is facilitated using Application Programming Interfaces, APIs are typically the underlying communications method for components within a cloud. some of which (or an entirely different set) are exposed to the cloud user to manage their resources and configurations. Most cloud APIs these days use REST (Representational State Transfer). which runs over the HTTP protocol, making it extremelywe11 suited for Internet services.
Ref: CSA Security Guidelines V4.0
NEW QUESTION 82
......
Authentic CCSK Dumps With 100% Passing Rate Practice Tests Dumps: https://www.prep4away.com/Cloud-Security-Alliance-certification/braindumps.CCSK.ete.file.html
Cloud Security Alliance CCSK Real Exam Questions Guaranteed Updated Dump from Prep4away : https://drive.google.com/open?id=1DSq2Ymwy_DdwKgKXcjKyKdcNbTu8SZTQ