Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.

CCSK Questions Prepare with Learning Information! 2023 Regularly updated [Q34-Q56]

Share

CCSK Questions Prepare with Learning Information! 2023 Regularly updated

Get CCSK Products Practice Material for CCSK Exam Question Preparation

NEW QUESTION # 34
In a cloud scenario. who is the data processor and who is the data controller?

  • A. Database admin is the data controller and application owner is the data processor
  • B. Cloud Service Provider is the data controller and its customer is the data processor
  • C. Neither cloud service provider nor customer is data processor or data controller.
  • D. Cloud Service Provider is the data processor and its customer is the data controller

Answer: D

Explanation:
The customer determines the ultimate purpose of the processing and decides on the outsourcing or the delegation of all or part of the concerned activities to external organizations. Therefore, the customer acts as a controller.
When the service provider supplies the means and the platform, acting on behalf of the customer, it is considered to be a data processor.


NEW QUESTION # 35
Which of the following is key component of regulated PII components?

  • A. Mandatory Breach Reporting
  • B. Cloud Service Provider Consent
  • C. E-discovery
  • D. Data disclosure

Answer: A

Explanation:
The key component and differentiator related to regulated PII is mandatory breach reporting requirements. At present. 47 states and territories within the United States, including the District of Columbia. Puerto Rico. and the Virgin Islands, have legislation in place that requires both private and government entities to notify and inform individuals of any security breaches involving PII.


NEW QUESTION # 36
Metrics which govern the contractual obligations of cloud service are found in:

  • A. Service Book
  • B. Contract itself
  • C. Operational Level Agreement(OLA)
  • D. Service Level agreements(SLA)

Answer: D

Explanation:
The SLA is the list of defined, specific, numerical metrics that will used to determine whether the provider is sufficiently meeting the contract terms during each period of performance.


NEW QUESTION # 37
Which term describes any situation where the cloud consumer does
not manage any of the underlying hardware or virtual machines?

  • A. Virtual machineless
  • B. Serverless computing
  • C. Container
  • D. Provider managed
  • E. Abstraction

Answer: B


NEW QUESTION # 38
As we move from Software as a Service Model towards Infrastructure as a service Model. security responsibility decreases from towards cloud consumer from that of Cloud Service Provider.

  • A. True
  • B. False

Answer: B

Explanation:
The answer is False. This is a very tricky question and it has to be read and understood well before answering.
It is always the other way around. Cloud consumer's security increases when you move from Software as a service model to Infrastructure as a Service Model.


NEW QUESTION # 39
Which of the following is NOT a cloud computing characteristic that impacts incidence response?

  • A. The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.
  • B. Object-based storage in a private cloud.
  • C. The possibility of data crossing geographic or jurisdictional boundaries.
  • D. The on demand self-service nature of cloud computing environments.
  • E. Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.

Answer: E


NEW QUESTION # 40
Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?

  • A. Both B and C.
  • B. Negotiate long-term contracts with companies who use well-vetted software application to avoid the transient nature of the cloud environment.
  • C. Inspect and account for risks inherited from other members of the cloud supply chain and take active measures to mitigate and contain risks through operational resiliency.
  • D. Provide transparency to stakeholders and shareholders demonstrating fiscal solvency and organizational transparency.
  • E. Respect the interdependency of the risks inherent in the cloud supply chain and communicate the corporate risk posture and readiness to consumers and dependent parties.

Answer: B


NEW QUESTION # 41
Which of the cloud service model has least maintenance or administration from a cloud customer perspective?

  • A. XaaS
  • B. PaaS
  • C. IaaS
  • D. SaaS

Answer: D

Explanation:
SaaS requires least maintenance from the customer as all the infrastructure up to application is managed by the cloud service provider


NEW QUESTION # 42
If in certain litigations and investigations, the actual cloud application or environment itself is relevant to resolving the dispute in the litigation or investigation, how is the information likely to be obtained?

  • A. It would require a previous contractual agreement to obtain the application or access to the environment
  • B. It would require a previous access agreement
  • C. It may require a subpoena of the provider directly
  • D. It would never be obtained in this situation
  • E. It would require an act of war

Answer: A


NEW QUESTION # 43
According to Cloud Security Alliance logical model of cloud computing, which of the following defines the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers.

  • A. Metastructure
  • B. Infostructure
  • C. Applistructure
  • D. Infrastructure

Answer: A

Explanation:
According to CSA Securityguidelines4.0. Metastucture is defined as the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration.


NEW QUESTION # 44
Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

  • A. Planned Outages
  • B. Expected Engineering
  • C. Chaos Engineering
  • D. Organized Downtime
  • E. Resiliency Planning

Answer: C


NEW QUESTION # 45
In the cloud provider and consumer relationship, which entity
manages the virtual or abstracted infrastructure?

  • A. Only the cloud provider
  • B. It is outsourced as per the entity agreement
  • C. Both the cloud provider and consumer
  • D. Only the cloud consumer
  • E. It is determined in the agreement between the entities

Answer: C


NEW QUESTION # 46
Which of the following is not an abuse or misuse of cloud services?

  • A. Data Deletion
  • B. Launching DDoS Attacks
  • C. Phishing campaigns
  • D. Email Spam

Answer: A

Explanation:
Please note here and understand the meaning of phrase "abuse or misuse of cloud Services". This phrase means to launch attacks or campaign by using cloud as a platform, mostly, public cloud.


NEW QUESTION # 47
A unit of processing, which can be in a virtual machine, a container, or other abstraction and always run somewhere on a processor and consume memory is called:

  • A. Host
  • B. Device
  • C. Controller
  • D. Workload

Answer: D

Explanation:
A workload is a unit of processing, which can be in a virtual machine, a container, or other abstraction.
Workloads always run somewhere on a processor and consume memory. Workloads include a very diverse range of processing tasks, which range from traditional applications running in a virtual machine on a standard operating system, to GPU- or FPGA-based specialized tasks Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)


NEW QUESTION # 48
What is true of security as it relates to cloud network infrastructure?

  • A. You should apply cloud firewalls on a per-network basis.
  • B. You should implement a default deny with cloud firewalls.
  • C. You should implement a default allow with cloud firewalls and then restrict as necessary.
  • D. You should always open traffic between workloads in the same virtual subnet for better visibility.
  • E. You should deploy your cloud firewalls identical to the existing firewalls.

Answer: B


NEW QUESTION # 49
Which is the most common control used for Risk Transfer?

  • A. Web Application Firewall
  • B. Contracts
  • C. SLA
  • D. Insurance

Answer: D

Explanation:
Buying insurance is most common method of transferring risk.


NEW QUESTION # 50
Private clouds can be hosted off-premises as well.

  • A. True
  • B. False

Answer: A

Explanation:
It is true. This is how Private cloud is defined.
Private Cloud: The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or by a third party and may be located on-premises or off-premises.


NEW QUESTION # 51
Cloud applications can use virtual networks and other structures, for hyper-segregated environments.

  • A. True
  • B. False

Answer: A


NEW QUESTION # 52
Where does the encryption engine and key reside when doing file-level encryption?

  • A. Encryption engine resides on the server and keys on the client side
  • B. On the KMS attached to the system
  • C. On the client side
  • D. On the instance attached to the system

Answer: D

Explanation:
File-level encryption: Database servers typically reside on volume storage. For this deployment, you are encrypting the volume or folder of the database, with the encryption engine and keys residing on the instances attached to the volume.
External file system encryption protects from media theft, lost backups, and external attack but does not protect against attacks with access to the application layer, the instances 0S, or the data


NEW QUESTION # 53
Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub.

  • A. True
  • B. False

Answer: A

Explanation:
This is true. Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub, because there is a significant chance of discovery and misuse.
Keys need to be appropriately secured and a well- secured public key infrastructure (PKI) is needed to ensure key-management activities are carried out.


NEW QUESTION # 54
Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

  • A. True
  • B. False

Answer: A


NEW QUESTION # 55
ln which service model. does cloud security provider has least responsibility?

  • A. XaaS
  • B. PaaS
  • C. SaaS
  • D. IaaS

Answer: D

Explanation:
In IaaS service model. CSP is responsible only for the physical infrastructure.


NEW QUESTION # 56
......

Most Reliable Cloud Security Alliance CCSK Training Materials: https://www.examstorrent.com/CCSK-exam-dumps-torrent.html

The Realest Study Materials CCSK Dumps: https://drive.google.com/open?id=1Ii1nhlHcfjqbZFJkkRBRPwupFzupZeqb