Labour Day Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

 
Home > Cloud Security Alliance > Cloud Security Knowledge > CCSK

CCSK Certificate of Cloud Security Knowledge (v4.0) Question and Answers

Question # 4

All assets require the same continuity in the cloud.

A.

False

B.

True

Full Access
Question # 5

All cloud services utilize virtualization technologies.

A.

False

B.

True

Full Access
Question # 6

Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

A.

False

B.

True

Full Access
Question # 7

What is defined as the process by which an opposing party may obtain private documents for use in litigation?

A.

Discovery

B.

Custody

C.

Subpoena

D.

Risk Assessment

E.

Scope

Full Access
Question # 8

Without virtualization, there is no cloud.

A.

False

B.

True

Full Access
Question # 9

The Software Defined Perimeter (SDP) includes which components?

A.

Client, Controller, and Gateway

B.

Client, Controller, Firewall, and Gateway

C.

Client, Firewall, and Gateway

D.

Controller, Firewall, and Gateway

E.

Client, Controller, and Firewall

Full Access
Question # 10

Select the statement below which best describes the relationship between identities and attributes

A.

Attributes belong to entities and identities belong to attributes. Each attribute can have multiple identities but only one entity.

B.

An attribute is a unique object within a database. Each attribute it has a number of identities which help define its parameters.

C.

An identity is a distinct and unique object within a particular namespace. Attributes are properties which belong to an identity. Each identity can have multiple attributes.

D.

Attributes are made unique by their identities.

E.

Identities are the network names given to servers. Attributes are the characteristics of each server.

Full Access
Question # 11

Which concept provides the abstraction needed for resource pools?

A.

Virtualization

B.

Applistructure

C.

Hypervisor

D.

Metastructure

E.

Orchestration

Full Access
Question # 12

In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?

A.

Multi-application, single tenant environments

B.

Long distance relationships

C.

Multi-tenant environments

D.

Distributed computing arrangements

E.

Single tenant environments

Full Access
Question # 13

Which statement best describes the Data Security Lifecycle?

A.

The Data Security Lifecycle has six stages, is strictly linear, and never varies.

B.

The Data Security Lifecycle has six stages, can be non-linear, and varies in that some data may never pass through all stages.

C.

The Data Security Lifecycle has five stages, is circular, and varies in that some data may never pass through all stages.

D.

The Data Security Lifecycle has six stages, can be non-linear, and is distinct in that data must always pass through all phases.

E.

The Data Security Lifecycle has five stages, can be non-linear, and is distinct in that data must always pass through all phases.

Full Access
Question # 14

What is true of searching data across cloud environments?

A.

You might not have the ability or administrative rights to search or access all hosted data.

B.

The cloud provider must conduct the search with the full administrative controls.

C.

All cloud-hosted email accounts are easily searchable.

D.

Search and discovery time is always factored into a contract between the consumer and provider.

E.

You can easily search across your environment using any E-Discovery tool.

Full Access
Question # 15

CCM: A hypothetical start-up company called "ABC" provides a cloud based IT management solution. They are growing rapidly and therefore need to put controls in place in order to manage any changes in

their production environment. Which of the following Change Control & Configuration Management production environment specific control should they implement in this scenario?

A.

Policies and procedures shall be established for managing the risks associated with applying changes to business-critical or customer (tenant)-impacting (physical and virtual) applications and system-

system interface (API) designs and configurations, infrastructure network and systems components.

B.

Policies and procedures shall be established, and supporting business processes and technical measures implemented, to restrict the installation of unauthorized software on organizationally-owned or

managed user end-point devices (e.g. issued workstations, laptops, and mobile devices) and IT infrastructure network and systems components.

C.

All cloud-based services used by the company's mobile devices or BYOD shall be pre-approved for usage and the storage of company business data.

D.

None of the above

Full Access
Question # 16

The containment phase of the incident response lifecycle requires taking systems offline.

A.

False

B.

True

Full Access
Copyright myexamcollection.com. All Right Reserved.