CCSK Braindumps PDF, Cloud Security Alliance CCSK Exam Cram [Q25-Q46]

Share

CCSK Braindumps PDF, Cloud Security Alliance CCSK Exam Cram

New 2021 CCSK Sample Questions Reliable CCSK Test Engine


Cloud Security Alliance CCSK Exam Syllabus Topics:

TopicDetails
Topic 1
  • Management Plan E and Business Continuity
  • Virtualization and Containers
Topic 2
  • Application Security
  • Incident Response
  • Related Technologies
Topic 3
  • ENISA Cloud Computing: Benefits, Risks and Recommendations for Information Security
Topic 4
  • Data Security and Encryption
  • Legal Issues, Contracts, and Electronic Discovery
Topic 5
  • Identity, Entitlement, and Access Management
  • Sample Cloud Policy
Topic 6
  • Infrastructure Security
  • Security as a Service
Topic 7
  • Cloud Security Standards and Certifications
  • Information Governance
Topic 8
  • Compliance and Audit Management
  • Cloud Computing Concepts and Architectures
Topic 9
  • Cloud Security Lexicon
  • Governance and Enterprise Risk Management

 

NEW QUESTION 25
The individual's right to have data(PII) removed from a entity/ provider at anytime per their request. is known as:

  • A. Right to be forgotten
  • B. Right of erasure
  • C. Right to disclosure
  • D. Right to claim

Answer: A

Explanation:
Under this principle of "Right to be forgotten", any individual can notify any entity that has PII fort hat individual and instruct that entity to delete and destroy all of that individual's PII in that entity's control.
This is a very serious and powerful individual right, and compliance can be extremely difficult.

 

NEW QUESTION 26
No policy on resource capping can lead to:

  • A. Resource Exhaustion
  • B. Data disclosure
  • C. Resource manipulation
  • D. Data manipulation

Answer: A

Explanation:
It can lead to resource exhaustion if you do not put upper limit on resource allocation.
Cloud services are on-demand Therefore there is a level of calculated risk in allocating all the resources of a cloud service, because resources are allocated according to statistical projections. In accurate modelling of resources usage- common resources allocation algorithms are vulnerable to distortions of fairness

 

NEW QUESTION 27
In cloud services. risks and responsibilities are shared between the cloud provider and customer.
however. which of the following holds true?

  • A. Cloud provider has ultimate legal liability for unauthorised and illicit data disclosures
  • B. Cloud Customer liability is limited to financial responsibility
  • C. Cloud Provider liability is limited to financial responsibility
  • D. Cloud Customer has ultimate legal liability for unauthorised and illicit data disclosures

Answer: D

Explanation:
In a shared responsibility model. Data security is responsibility of the cloud consumer and he is legally liable.

 

NEW QUESTION 28
Which of the following pose the biggest risk in the organization?

  • A. People
  • B. Access Controls
  • C. Technology
  • D. DDoS Attacks

Answer: A

Explanation:
People pose the biggest risk in the organization.
People form the biggest risk as they can expose the sensitive data accidentally or on purpose.
Disgruntled employees or careless employees form a great threat to the organization.

 

NEW QUESTION 29
What is defined as the process by which an opposing party may obtain private documents for use in litigation?

  • A. Scope
  • B. Risk Assessment
  • C. Custody
  • D. Subpoena
  • E. Discovery

Answer: E

 

NEW QUESTION 30
Which of the following establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment?

  • A. IS0 27032
  • B. IS0 27017
  • C. IS0 27034
  • D. IS0 27018

Answer: D

Explanation:
IS0/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment.

 

NEW QUESTION 31
Which of the vulnerabilities is inherited from general software development practice in PaaS environment?

  • A. Backdoors
  • B. Cross
  • C. DDoS
  • D. DNS spoofing

Answer: A

Explanation:
As a general practice of software development. Developer tend to leave backdoors so that they can come back later to fix issues.

 

NEW QUESTION 32
The most pragmatic option for data disposal in the cloud is which of the following?

  • A. Melting
  • B. Overwriting
  • C. Crypto shredding
  • D. Cold fusion

Answer: C

 

NEW QUESTION 33
Where does the encryption engine and key reside when doing file-level encryption?

  • A. Encryption engine resides on the server and keys on the client side
  • B. On the instance attached to the system
  • C. On the KMS attached to the system
  • D. On the client side

Answer: B

Explanation:
File-level encryption: Database servers typically reside on volume storage. For this deployment, you are encrypting the volume or folder of the database, with the encryption engine and keys residing on the instances attached to the volume.
External file system encryption protects from media theft, lost backups, and external attack but does not protect against attacks with access to the application layer, the instances 0S, or the data

 

NEW QUESTION 34
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?

  • A. Increased need, but reduction in costs, for managing risks accepted by the cloud provider.
  • B. Greater reliance on contracts, audits, and assessments due to lack of visibility or management.
  • C. None of the above.
  • D. Decreased requirement for proactive management of relationship and adherence to contracts.
  • E. More physical control over assets and processes.

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 35
Which is the primary tool for governance in Cloud Computing environment?

  • A. Operational level Agreement
  • B. Service Level Agreement
  • C. Governance memo
  • D. Contract

Answer: A

Explanation:
Contracts: The primary tool of governance is the contract between a cloud provider and a cloud customer(this is true for public and private cloud). The contract is your only guarantee of any level of service or commitment-assuming there is no breach of contract, which tosses everything into a legal scenario. Contracts are the primary tool to extend governance into business partners and providers.
Ref: Security Guidance v4.0 Copyright2017, Cloud Security Alliance(used for educational purpose here)

 

NEW QUESTION 36
One of the primary benefits of the cloud is the ability to perform dynamic allocation of physical resources when required. The most common approach is a multi-tenant environment. However, it increases risk of disclosure of customer dat a. This can happen because of which of the following?

  • A. Isolation Failure
  • B. No disaster recovery plan
  • C. Increased DDoS
  • D. Tenancy termination

Answer: A

Explanation:
All resources allocated to a particular tenant should be "isolated" and protected to avoid disclosure of information to other tenants For example, when allocated storage is no longer needed IIS Security Considerations for Cloud Computing by a client it can be freely reallocated to another enterprise. ln that case, sensitive data could be disclosed if the storage has not been scrubbed thoroughly(e.g, using forensic software).

 

NEW QUESTION 37
Which of the following are key Data functions?

  • A. Access, Process & Save
  • B. Access, Procure & Store
  • C. Access, Procure & Save
  • D. Access, Process & Store

Answer: D

Explanation:
The key data functions are Access, process & Store

 

NEW QUESTION 38
Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

  • A. Chaos Engineering
  • B. Planned Outages
  • C. Resiliency Planning
  • D. Expected Engineering
  • E. Organized Downtime

Answer: A

 

NEW QUESTION 39
Which of the following is NOT key Cloud computing characteristics?

  • A. On Demand self service
  • B. Metered servicing
  • C. Metered pricing
  • D. Broad Network Access

Answer: B

Explanation:
Often, this type of questions looks simple, but a confusion is created and you need to be careful while picking up the right options ln our case, metered pricing and metered servicing looks similar but Metered pricing is one of the characteristics of cloud computing.

 

NEW QUESTION 40
CCM: In the CCM tool, a is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

  • A. Risk Impact
  • B. Control Specification
  • C. Domain

Answer: B

 

NEW QUESTION 41
Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.

  • A. On-demand self-service
  • B. Resource pooling
  • C. Rapid elasticity
  • D. Broad network access
  • E. Measured service

Answer: A

 

NEW QUESTION 42
Which one of the following is NOT a level of CSA star program?

  • A. Technology Audit program
  • B. Third-party attestation
  • C. Self-assessment
  • D. Continuous-monitoring program

Answer: A

Explanation:
"Technology Audit Program" is not one of the levels of CSA star program The three levels of CSA Star program are
1) Self Assessment
2) Third-party Attestment
3) Continuous Monitoring program

 

NEW QUESTION 43
Erin has a picture which he wants to store in the cloud and would like to share its URL so that his friends can see the picture. What type of cloud storage would you recommend for him?

  • A. Raw storage
  • B. Object Storage
  • C. Block Storage
  • D. Glacier

Answer: B

Explanation:
Object storage(also referred to as object-based storage) is a general term that refers to the way in which we organize and work with units of storage, called objects.
Every object contains three things:
The data itself: The data can be anything you want to store, from a family photo to a400,000-page manual for assembling an aircraft.
An expandable amount of metadata: The metadata is defined by whoever creates the object storage; it contains contextual information about what the data is, what it should be used for, its confidentiality, or anything else that is relevant to the way in which the data is used.
A globally unique identifier: The identifier is an address given to the object in order for the object to be found over a distributed system. This way, it's possible to find the data without having to know the physical location of the data(which could exist within different parts of a data center or different parts of the world).

 

NEW QUESTION 44
One of the main reasons and advantage of having external audit is:

  • A. Internal staff is less qualified than external auditors.
  • B. Its independent
  • C. Its cheaper
  • D. Better tools used by external provider

Answer: B

Explanation:
All other answers are distractors. One of the primary reasons of doing external auditing is the independence of auditors.

 

NEW QUESTION 45
Which of the following is not a common cloud service model?

  • A. Software as a Service
  • B. Infrastructure as a Service
  • C. Programming as a Service
  • D. Platform as a Service

Answer: C

Explanation:
Programming as a Service is not a common offering; the others are ubiquitous through out the industry.

 

NEW QUESTION 46
......

Feel Cloud Security Alliance CCSK Dumps PDF Will likely be The best Option: https://www.prepawaypdf.com/Cloud-Security-Alliance/CCSK-practice-exam-dumps.html

CCSK exam torrent Cloud Security Alliance study guide: https://drive.google.com/open?id=1YkYhwtOSdOP3IYX0C5caV6Cmgp8B1YKE