CCSK Exam Questions

What must the monitoring scope cover in addition to the deployed assets?

In addition to preserving primary customer data, legal experts advise cloud providers to protect secondary information such as

Regardless of the technology platform, container security includes properly securing the image repository.

How can a multi-tenant data center provider readily meet the audit requirements of most customers?

ENISA: Which is not identified as a top security risk in ENISA research?

Which computing model contains the protocols and mechanisms providing the interface between the infrastructure and other layers?

In general, the majority of laws and regulations regarding data in a network or cloud environment are designed to do what?

Which of the following facilitates the underlying communications method for components within a cloud, some of which are exposed to the cloud user to manage their resources and con...

Which layer of the logical stack includes code and message queues?

Which of the following is a cloud infrastructure that is shared by several organizations and supports a specific group that has shared concerns?

Which plane is used by consumers to launch virtual machines or configure virtual networks?

Which of the following essential characteristics of a cloud allows customers to closely match resource consumption with demand?

Which of the following is the primary tool of governance between a cloud provider and a cloud customer which is true for both public and private cloud?

What is true of searching data across cloud environments?

How does running applications on distinct virtual networks and only connecting networks as needed help?

How can virtual machine communications bypass network security controls?

ENISA: 'VM hopping' is:

Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?

Which concept provides the abstraction needed for resource pools?

Network logs from cloud providers are typically flow records, not full packet captures.

Which of the following is an underlying vulnerability related to loss of Governance?

Which of the following defines the amount of risk that the leadership and stakeholders of an organization are willing to accept?

Which of the following can the cloud provider implement to mitigate credential compromise or theft?

Which of the following reflects the claim of an individual to have certain data deleted so that third persons can no longer trace them?

When entrusting a third party to process the data on its behalf, who remains responsible for the collection and processing of the data?

Which of the following is a form of a compliance inheritance in which all or some of the cloud provider's infrastructure and services undergo an audit to a compliance standard?

Which of the following is not a security benefit of Immutable workloads?

Which of the following leverages virtual network topologies to run smaller, and more isolated networks without incurring additional hardware costs?

Installing traditional agents designed for physical servers will not result in the same amount of efficiency and performance on a virtualized server.

Which of the following are the primary security responsibilities of the cloud provider in compute virtualization? (Select 2)

What should every cloud customer set up with its cloud service provider (CSP) that can be utilized in the event of an incident?

Audits should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. They should also use what type of auditors?

Which of the following statements is true in regards to Data Loss Prevention (DLP)?

CCM: The Architectural Relevance column in the CCM indicates the applicability of the cloud security control to which of the following elements?

For third-party audits or attestations, what is critical for providers to publish and customers to evaluate?

When mapping functions to lifecycle phases, which functions are required to successfully process data?

When designing an encryption system, you should start with a threat model.

Which of the following is one of the five essential characteristics of cloud computing as defined by NIST?

What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?

Vulnerability assessments cannot be easily integrated into CI/CD pipelines because of provider restrictions.

How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?

Which of the following WAN virtualization technology is used to create networks which span multiple base networks?

The most fundamental security control for any multitenant network is?

What must the monitoring scope cover in addition to the deployed assets?

Resource pooling practiced by the cloud services may especially complicate which part of the IR process?

In which of the five main phases of secure application design and development, you perform Threat Modelling?

Which of the following will not help to detect actual migrations, monitor cloud usage, and any data transfers to the cloud?

Which of the following should be the main consideration for key management?

Identity brokers handle federating between identity providers and relying parties

Which of the following is a preferred model for cloud-based access management?