CCSK Exam Questions

To increase network isolation, you should use SDN capabilities for multiple networks and cloud accounts or segments.

Installing security software designed for physical servers onto a virtualized server can result in severe degradation in performance.

CCM: A hypothetical company called "lnfrastructure4Sure" provides Infrastructure as a Service (IaaS) to its clients. A customer wants to review Infrastructure4Sure's hypervisor sec...

CCM: What security requirements does the Identity and Access Management domain in the CCM address?

Which of the following cloud deployment models represents a composition of two or more clouds that remain unique identities but are bound together by standardized or proprietary te...

What are six phases of the Data Security Lifecycle?

Which tool is the primary tool between the cloud provider and consumer that extends governance into business partners and providers?

ENISA: Because it is practically impossible to process data in encrypted form, customers should have the following expectation of cloud providers:

Which statement best describes the options for PaaS encryption?

What can be implemented to help with account granularity and limit blast radius with IaaS an PaaS?

Which of the following statements best defines the "authentication" component of identity, entitlement, and access management (IdEA).

Which of the following statements best describes the potential advantages of security as a service?

What is true of how the management plane is to be secured in the cloud?

Which action is part of the containment phase of the incident response lifecycle?

What is the most important reason for knowing where the cloud service provider will host the data?

Which components typically comprise Infrastructure-as-a-Service (IaaS) providers?

What makes single cloud assets less resilient compared with a traditional infrastructure?

ENISA: In Infrastructure as a Service (IaaS), who is responsible for guest systems monitoring?

What are the components of an encryption system?

What is the main data source for detection and analysis of an incident?

Which cloud storage technology would include a content delivery network (CON), files stored in SaaS, and caching?

What is a challenge of application security in a cloud environment?

In which deployment model do cloud customers have a reduced ability to govern operations because the cloud provider is responsible for the management and governance of the infrastr...

CCM: In the Identity & Access Management (IAM) domain, what does the number '04' in IAM-04 signify?

Which of the following is NOT a method of object storage encryption?

Virtual appliances can become bottlenecks because they cannot fail open and must intercept all traffic.

In the cloud provider and consumer relationship, which entity manages the virtual or abstracted infrastructure?

If a provider's infrastructure is not in scope, who is responsible for building compliant applications and services?

ENISA: As it relates to public cloud computing, in the European Data Protection law, the customer is considered to be the:

Immutable workloads make it faster to roll out updated versions because applications must be designed to handle individual nodes going down.

Which technique uses the management plane to detect various activities, such as file uploads or configuration changes?

Which phase of the incident response lifecycle includes creating and validating alerts?

ENISA: To mitigate credential compromise or theft, cloud provider can implement:

Why, in the event that an enterprise seeks a new provider for Security as a Service, must they concern themselves with the problems of translating and transporting existing data an...

In which layer is the management plane?

Which security concept includes the policy, process, and internal controls comprising how an organization is run - including the structures and policies of the leadership and other...

Cloud provider contract enforceability should be carefully considered in light of

The hub and spoke architecture uses internal identity providers or sources connected directly to cloud providers.

Who is responsible for the proper rights management and configuration of exposed controls in the management plane?

How can cloud providers support a secure use of virtualization for cloud consumers?

Which SDP component terminates network traffic and enforces communication policies?

Database Activity Monitoring and File Activity Monitoring are specifically recommended for what type of data migrations into the cloud?

Because virtual networks are software constructs, the use of multiple separate virtual networks might offer extensive compartmentalization advantages not possible on traditional ph...

The NIST defines cloud computing in part by describing five essential characteristics which are: broad network access, rapid elasticity, resource pooling, measured service and whic...

Which security advantage considers that anything that goes into production is created by the CI/CD pipeline on approved code and configuration templates?

Consumers of Infrastructure as a Service (IaaS) are primarily responsible for containment, eradication, and recovery from incidents.

IaaS volume storage encryption protects from which following security risk(s)?

You should disable remote access when working with immutable workloads.

Which security advantage considers that CI/CD pipelines can track everything, down to individual character changes in source files tied to the person submitting the change, with th...

Which of the following is NOT a phase in the Data Security Lifecycle?