[Nov 16, 2023] Today Updated CCSK Exam Dumps Actual Questions [Q60-Q85]

Share

[Nov 16, 2023] Today Updated CCSK Exam Dumps Actual Questions

CCSK exam dumps with real Cloud Security Alliance questions and answers


The CCSK certification exam is suitable for a wide range of professionals, including IT managers, security professionals, auditors, and compliance officers. Certificate of Cloud Security Knowledge (v4.0) Exam certification is also valuable for cloud service providers, cloud architects, and consultants who are involved in cloud security. Certificate of Cloud Security Knowledge (v4.0) Exam certification is recognized globally and is a valuable addition to any professional's resume.

 

NEW QUESTION # 60
John's Laptop was stolen. He had saved all his passwords in a text file stored in his laptop. Adversary used the passwords from the text file and gained access to company's network and sensitive databases, of which John was the data base administrator. It resulted in theft of thousands of customer information. This incident could have been prevented by?

  • A. Using multi-factor authentication
  • B. Monitoring through SIEM device
  • C. Data Loss Prevention Implementation
  • D. Web Application Firewall

Answer: A

Explanation:
Use of multifactor authentication would have prevented adversary from logging in to the system. Other mechanisms would not help as they will see traffic coming from legimitate user.


NEW QUESTION # 61
Cloud architectures necessitate certain roles which are extremely high-risk. Examples of such roles include CP system administrators and auditors and managed security service providers dealing with intrusion detection reports and incident response. They are known as high-risk because their malicious activities can lead to abuse of high privilege roles and can impact confidentiality, integrity and availability of data.

  • A. True
  • B. False

Answer: B


NEW QUESTION # 62
Erin has a picture which he wants to store in the cloud and would like to share its URL so that his friends can see the picture. What type of cloud storage would you recommend for him?

  • A. Object Storage
  • B. Glacier
  • C. Raw storage
  • D. Block Storage

Answer: A

Explanation:
Object storage(also referred to as object-based storage) is a general term that refers to the way in which we organize and work with units of storage, called objects.
Every object contains three things:
The data itself: The data can be anything you want to store, from a family photo to a400,000-page manual for assembling an aircraft.
An expandable amount of metadata: The metadata is defined by whoever creates the object storage; it contains contextual information about what the data is, what it should be used for, its confidentiality, or anything else that is relevant to the way in which the data is used.
A globally unique identifier: The identifier is an address given to the object in order for the object to be found over a distributed system. This way, it's possible to find the data without having to know the physical location of the data(which could exist within different parts of a data center or different parts of the world).


NEW QUESTION # 63
Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

  • A. False
  • B. True

Answer: B


NEW QUESTION # 64
Database as a Service is an example of :

  • A. Infrastructure as a Service(IaaS)
  • B. Platform as a Service(PaaS)
  • C. Software as a Service(SaaS)
  • D. Program as a Service(PaaS)

Answer: B

Explanation:
One option. frequently seen in the real world and illustrated in our model. is to build a platform on top of IaaS. A layer of integration and middleware is built on IaaS. then pooled together. orchestrated. and exposed to customers using APIs as PaaS. For example, a Database as a Service could be built by deploying modified database management system software on instances running in IaaS. The customer manages the database via API (and a web console) and accesses it either through the normal database network protocols, or, again, via API.
Ref: CSA Security Guidelines V4.0


NEW QUESTION # 65
Use elastic servers when possible and move workloads to new instances.

  • A. False
  • B. True

Answer: B


NEW QUESTION # 66
A unit of processing, which can be in a virtual machine, a container, or other abstraction and always run somewhere on a processor and consume memory is called:

  • A. Device
  • B. Workload
  • C. Controller
  • D. Host

Answer: B

Explanation:
A workload is a unit of processing, which can be in a virtual machine, a container, or other abstraction.
Workloads always run somewhere on a processor and consume memory. Workloads include a very diverse range of processing tasks, which range from traditional applications running in a virtual machine on a standard operating system, to GPU- or FPGA-based specialized tasks Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)


NEW QUESTION # 67
ANF and ONF are referred in which of the following ISO standards?

  • A. ISO 27005
  • B. ISO 27032
  • C. ISO 27001
  • D. ISO 27034-1

Answer: D

Explanation:
ISO/ IEC 27034-1, "Information Technology - Security Techniques - Application Security," provides one of the most widely accepted set of standards and guidelines for secure application development. IS0/ IEC27034-1 is a comprehensive set of standards that cover many aspects of application development. A few of the key elements include the organizational normative framework (ONF), the application normative framework (ANF), and the application security management process (APSM).


NEW QUESTION # 68
Which of the following is a key component that allows programmatic management of the cloud?

  • A. Control Plane
  • B. API Gateway
  • C. Firewall
  • D. APIs

Answer: D

Explanation:
Application Programming Interfaces allow for programmatic management of the cloud. They are the glue that holds the cloud's components together and enables their orchestration. Since not everyone wants to write programs to manage their cloud, web consoles provide visual interfaces. ln many cases web consoles merely use the same APIs you can access directly.
Reference: CSA Security Guidelines V.4 (reproduced here for the educational purpose)


NEW QUESTION # 69
What are the primary security responsibilities of the cloud provider in the management infrastructure?

  • A. Building and properly configuring a secure network infrastructure
  • B. Configuring second factor authentication across the network
  • C. Providing as many API endpoints as possible for custom access and configurations
  • D. Properly configuring the deployment of the virtual network, except the firewalls
  • E. Properly configuring the deployment of the virtual network, especially the firewalls

Answer: D


NEW QUESTION # 70
Which one of the following is NOT a level of CSA star program?

  • A. Self-assessment
  • B. Continuous-monitoring program
  • C. Technology Audit program
  • D. Third-party attestation

Answer: C

Explanation:
"Technology Audit Program" is not one of the levels of CSA star program The three levels of CSA Star program are
1) Self Assessment
2) Third-party Attestment
3) Continuous Monitoring program


NEW QUESTION # 71
Which are the two major categories of network virtualization commonly seen in cloud computing today?

  • A. Software Defined Networks and Virtual Private Networks
  • B. Virtual LANS(VLANs)and Converged Networks
  • C. Software Defined Networks and Virtual LANs(VLANs)
  • D. Virtual Private Networks and Converged Network

Answer: B

Explanation:
There are two major categories of network virtualization commonly seen in cloud computing today:
. Virtual Local Area Networks (VLANs): VLANs leverage existing network technology implemented in most network hardware.
VLANs are extremely common in enterprise networks, even without Management Storage Service Management plane to nodes storage nodes (volumes) to compute nodes (instances) Internet to compute nodes Instances to instance Common networks underlying IaaS. They are designed for use in single-tenant networks (enterprise data centers) to separate different business units, functions, etc. (like guest networks). VLANs are not designed for cloud-scale virtualization or security and shouldn't be considered, on their own, an effective security control for isolating networks. They are also never a substitute for physical network segregation.
. Software Defined Networking(SDN): A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data. This allows us to abstract networking from the traditional limitations of a LAN.
Ref: CSA Security Guidelines V.4 (reproduced here for the educational purpose)


NEW QUESTION # 72
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

  • A. Both B and D.
  • B. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.
  • C. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
  • D. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
  • E. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.

Answer: E


NEW QUESTION # 73
What method can be utilized along with data fragmentation to enhance security?

  • A. Knowledge management
  • B. Organization
  • C. IDS
  • D. Encryption
  • E. Insulation

Answer: E


NEW QUESTION # 74
Cloud applications can use virtual networks and other structures, for hyper-segregated environments.

  • A. False
  • B. True

Answer: B


NEW QUESTION # 75
Which ISO standards addresses Privacy in the cloud environment?

  • A. ISO 27017
  • B. ISO 27034
  • C. ISO 27018
  • D. ISO 27032

Answer: C

Explanation:
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.


NEW QUESTION # 76
Exploitable bugs in programs that attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system or disrupting service operations, are called:

  • A. Vulnerbilities
  • B. Threats
  • C. Honepots
  • D. Threat Agents

Answer: A

Explanation:
It's a definition of System Vulnerability.


NEW QUESTION # 77
Which of the following pair represents Storage used in IaaS infra-structure?

  • A. Structured and Unstructured Storage
  • B. CDN and Ephemeral
  • C. Raw and long-term storage
  • D. Volume and object storage

Answer: D

Explanation:
IaaS uses the following storage types:
Volume storage: A virtual hard drive that can be attached to a virtual machine instance and be used to host data within a file System, Volumes attached to IaaS instances behave just like a physical drive or an array does. Examples include VMware Virtua Machine File System(VMFS), Amazon Elastic Block Store(EBS), RackSpace Redundant Array of Independent Disks (RAID), and OpenStack Cinder.
Object storage: Similar to a file share accessed via APIs or a web interface. Examples include Amazon S3 and Rackspace cloud files.


NEW QUESTION # 78
The granting of right to access to a user. program or process. is called:

  • A. Authorization
  • B. Authentication
  • C. RBAC
  • D. Entitlement

Answer: A

Explanation:
Authorization is the process of granting of right to access to a user, program or process. It should not be confused with Authentication.


NEW QUESTION # 79
Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?

  • A. URL filters
  • B. Database Activity Monitoring
  • C. Intrusion Prevention System
  • D. Cloud Access and Security Brokers (CASB)
  • E. Data Loss Prevention

Answer: C


NEW QUESTION # 80
Which of the standards is related to risk management?

  • A. ISO 27001
    Visit us athttps://www.examsboost.com/test/ccsk/
  • B. ISO 27005
  • C. ISO 27002
  • D. NIST 800-125

Answer: B

Explanation:
lS0 27005 'provides guidelines for information security risk management' and 'supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.'


NEW QUESTION # 81
CCM: In the CCM tool, a is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

  • A. Risk Impact
  • B. Control Specification
  • C. Domain

Answer: B


NEW QUESTION # 82
Which of the following type of risk assessment most effectively supports cost-benefit analyses of alternative risk responses or courses of action?

  • A. Qualitative Analysis
  • B. Third party Risk Analysis
  • C. Outsourced risk analysis
  • D. Quantitative Analysis

Answer: D

Explanation:
Quantitative assessments typically employ a set of methods, principles, or rules for assessing risk based on the use of numbers This type of assessment most effectively supports cost-benefit analyses of alternative risk responses or courses of action.


NEW QUESTION # 83
Audits should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. They should also use what type of auditors?

  • A. Auditors working in the interest of the cloud provider
  • B. Independent auditors
  • C. Auditors working in the interest of the cloud customer
  • D. Certified by CSA
  • E. None of the above

Answer: B


NEW QUESTION # 84
Metrics which govern the contractual obligations of cloud service are found in:

  • A. Service Book
  • B. Operational Level Agreement(OLA)
  • C. Contract itself
  • D. Service Level agreements(SLA)

Answer: D

Explanation:
The SLA is the list of defined, specific, numerical metrics that will used to determine whether the provider is sufficiently meeting the contract terms during each period of performance.


NEW QUESTION # 85
......

Exam Sure Pass Cloud Security Alliance Certification with CCSK exam questions: https://www.testinsides.top/CCSK-dumps-review.html

CCSK Exam in First Attempt Guaranteed: https://drive.google.com/open?id=1b3P0eHJ2563b0aJmDYcKZVzaZAEHroUC