CCSK Exam Questions

What factor(s), if any, allows for more efficient and effective containment and recovery in a cloud environment than in a non-cloud environment.

What is true of cloud built-in firewalls?

What are the NIST defined essential characteristics of cloud computing?

Generally speaking, in the United States, a party is obligated to take reasonable steps to prevent the destruction or modification of data in its possession that it reasonably shou...

Which of the following is NOT a common storage option with Infrastructure as a Service?

Which part of the incident response process is greatly complicated by the resource pooling and rapid elasticity of cloud infrastructure?

What best describes the tradeoff of Infrastructure as a Service as compared to other cloud service models?

How can you monitor and filter data in a virtual network when traffic might not cross the physical network?

Which concept is defined as the unique expression of an entity within a given namespace?

What is a method used to decouple the network control plane from the data plane?

For cloud consumers to be able to properly configure and manage their network security, what must cloud providers do?

What is true of Software Defined Network firewalls?

Which deployment model is commonly used to describe a non-cloud data center bridged directly to a cloud provider?

What is a core tenant of risk management?

The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what?

Why do blind spots occur in a virtualized environment, where network-based security controls may not be able to monitor certain types of traffic?

When associating the functions to an actor, what is used to restrict a list of possible actions dowr to allowed actions?

Which type of application security testing should incorporate checks on API calls to the cloud service?

Which facet is focused on protecting the management plane components, such as web and API servers, from attacks?

In a cloud environment, how can you best determine data/information security risks and potential controls?

What is it called when a customer's information and/or processes are compromised by the actions of another customer in a multi-tenancy environment?

What are the three main aspects for data security controls?

Which SDP component is used for authentication and authorization?

While the cloud consumer is responsible for implementing the security controls, the cloud provider implements the security of the workload.

Which of the following items is one of the major regulatory compliance problems associated with cloud environments?

What are major factors to building and managing a secure management plane?

Cloud storage will most often utilize the same types of data storage used in traditional data storage technologies.

Prominent recommended standards to enable federation of identity in cloud environments include:

How can you reduce the blast radius if an attacker compromises one system?

What are the three valid options for protecting data as it moves to and within the cloud?

To what extent does the CSA Guidance document suffice for legal advice in setting up relationships with cloud service providers?

ENISA: A key area of controls for cloud provider network architecture is

What makes the metastructure layer of cloud computing so different from traditional computing?

While a virtual machine is a full abstraction of an operating system, a container is a constrained place to run segregated processes while still using the kernel and other OS capab...

What are the main considerations for key management?

A key element of the "Destroy" phase of the Data Security Lifecycle is:

CCM: A hypothetical start-up company called "IT4Sure" provides a cloud based IT management solution. They are growing rapidly and have some security measures in place but the emplo...

What is a benefit of application security in a cloud environment?

You have a business relationship with a cloud provider for all sales management functionality. Through the APIs and SDKs, you have customized the interface and some functionality,...

Absent other evidence, such as tampering or hacking, documents should not be considered more or less admissible or credible because they were created or stored in the cloud.

What are the encryption options available for SaaS consumers?

When the application components communicate directly with the cloud service, the management plane and metastructure might fall within the application security scope.

In the case of Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) the responsibility to effectively manage the security of the application running in the cloud prim...

At a minimum, how often should incident response testing occur?

CCM: A hypothetical company called "Security4Sure" provides a cloud based service to share confidential documents. The confidential documents are stored in their servers and are en...

ENISA: Which of the following is among the vulnerabilities contributing to a high risk ranking for Network Management?

When configuring SDN firewalls, after adding all assets, what is typically the first configuration you must address?

Identified issues, risks, and recommended remediations are included when determining compliance.

Which common component of big data is focused on the mechanisms used to ingest large volumes of data, often of a streaming nature?

Which statement best describes a data (information) dispersion fragmentation scheme?