[Nov-2021] Verified Cloud Security Alliance Exam Dumps with CCSK Exam Study Guide

Best Quality Cloud Security Alliance CCSK Exam Questions TestSimulate Realistic Practice Exams [2021]

Cloud Security Alliance CCSK Foundation Exam Syllabus Topics:

Section	Objectives
Governance and Enterprise Risk Management	-Tools of Cloud Governance -Enterprise Risk Management in the Cloud -Effects of various Service and Deployment Models -Cloud Risk Trade-offs and Tools
Identity, Entitlement, and Access Management	-IAM Standards for Cloud Computing -Managing Users and Identities -Authentication and Credentials -Entitlement and Access Management
Data Security and Encryption	-Data Security Controls -Cloud Data Storage Types -Managing Data Migrations to the Cloud -Securing Data in the Cloud
Incident Response	-Incident Response Lifecycle -How the Cloud Impacts IR
Security as a Service	-Potential Benefits and Concerns of SecaaS -Major Categories of Security as a Service Offerings
Management Plane and Business Continuity	-Business Continuity and Disaster Recovery in the Cloud -Architect for Failure -Management Plane Security
Compliance and Audit Management	-Compliance in the Cloud Compliance impact on cloud contracts Compliance scope Compliance analysis requirements -Audit Management in the Cloud Right to audit Audit scope Auditor requirements
Information Governance	-Governance Domains -Six phases of the Data Security Lifecycle and their key elements -Data Security Functions, Actors and Controls
Application Security	-Opportunities and Challenges -Secure Software Development Lifecycle -How Cloud Impacts Application Design and Architectures -The Rise and Role of DevOps
Virtualization and Containers	-Mayor Virtualizations Categories -Network -Storage -Containers
Related Technologies	-Big Data -Internet of Things -Mobile -Serverless Computing
Cloud Computing Concepts and Architectures	-Definitions of Cloud Computing Service Models Deployment Models Reference and Architecture Models Logical Model -Cloud Security Scope, Responsibilities, and Models -Areas of Critical Focus in Cloud Security
Legal Issues, Contracts and Electronic Discovery	-Legal Frameworks Governing Data Protection and Privacy Cross-Border Data Transfer Regional Considerations -Contracts and Provider Selection Contracts Due Diligence Third-Party Audits and Attestations -Electronic Discovery Data Custody Data Preservation Data Collection Response to a Subpoena or Search Warrant
Infrastructure Security	-Cloud Network Virtualization -Security Changes With Cloud Networking -Challenges of Virtual Appliances -SDN Security Benefits -Micro-segmentation and the Software Defined Perimeter -Hybrid Cloud Considerations -Cloud Compute and Workload Security

Introduction to Certificate of Cloud Security Knowledge (CCSK) Exam

Learn the core concepts, best practices, and recommendations for securing an organization on the cloud regardless of the provider or platform. Covering all the 14 domains from the CSA Security Guidance v4, recommendations from ENISA, and the Cloud Controls Matrix, you will come away understanding how to leverage the information from CSA’s vendor-neutral research to keep data secure on the cloud.

They need information security experts who are cloud-savvy as companies move to the cloud. The CCSK certificate is generally accepted as the cloud protection standard of expertise and gives you the foundations you need to protect data in the cloud. It is your decision on how you choose to draw on that experience.

The certification has the following objectives. These objectives can be fulfilled by carefully studying the CCSk dumps:

• Recommendations from the cloud guidelines of the European Union Agency for Network and Information Security (ENISA)
• An in-depth understanding of cloud computing’s full capabilities
• Using the cloud-specific governance & enforcement tool, how to determine the protection of cloud providers and your organization: Cloud Controls Matrix
• Compared to internationally agreed requirements, the knowledge to build a comprehensive cloud protection program effectively

 

NEW QUESTION 122
Which of the following is not one of the categories of risks as defined in, ENISA (European Network and Information Security Agency) document on Security risk and recommendation?

• A. Policy and organisational risk
• B. Legal Risk
• C. Environmental Risk
• D. Technical Risk

Answer: C

Explanation:
Environmental Risk are not defined as a category in the ENISA document however. all the other three are defined as categories.

 

NEW QUESTION 123
What is true of security as it relates to cloud network infrastructure?

• A. You should implement a default deny with cloud firewalls.
• B. You should always open traffic between workloads in the same virtual subnet for better visibility.
• C. You should apply cloud firewalls on a per-network basis.
• D. You should deploy your cloud firewalls identical to the existing firewalls.
• E. You should implement a default allow with cloud firewalls and then restrict as necessary.

Answer: A

 

NEW QUESTION 124
Who is responsible for infrastructure Security in Software as a Service(SaaS) service model?

• A. Cloud Customer
• B. Cloud Service Provider
• C. It's a shared responsibility between Cloud Service Provider and Cloud Customer
• D. Cloud Carrier

Answer: B

Explanation:
Cloud service Provider is responsible for infrastructure in Software as a service(SaaS) service Model

 

NEW QUESTION 125
What is a type of computing comparable to grid computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications?

• A. Server hosting
• B. Cloud computing
• C. Vertical computing
• D. Traditional computing

Answer: B

Explanation:
Thats the definition of cloud computing

 

NEW QUESTION 126
All cloud services utilize virtualization technologies.

• A. False
• B. True

Answer: B

 

NEW QUESTION 127
How does virtualized storage help avoid data loss if a drive fails?

• A. Full back ups weekly
• B. Incremental backups daily
• C. Drives are backed up, swapped, and archived constantly
• D. Data loss is unavoidable with drive failures
• E. Multiple copies in different locations

Answer: E

 

NEW QUESTION 128
Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.

• A. On-demand self-service
• B. Resource pooling
• C. Rapid elasticity
• D. Broad network access
• E. Measured service

Answer: A

 

NEW QUESTION 129
Which of the following allows organizations to access, report, and obtain evidence of actions, controls, and processes that were performed or run by a specified user?

• A. Acceptability
• B. Auditability
• C. Accountability
• D. Traceability

Answer: B

Explanation:
Auditability is the trait where organisations can collect and verify the correctness of the organisations processes and procedures.

 

NEW QUESTION 130
The basis for deciding which laws are most appropriate in a situation where conflicting laws exist. refers to:

• A. Doctrine of proper law
• B. Criminal law
• C. Tort law
• D. The Restatement(Second) Conflict of Law

Answer: D

Explanation:
The Restatement(Second) Conflict of Law refers to a collation of developments in common law that help the courts stay up with changes. Many states have conflicting laws. and judges use these restatements to assist them in determining which laws should apply when conflicts occur.

 

NEW QUESTION 131
Which of the following controls and configures the metastructure, and is also part of the metastructure itself?

• A. Web Application Firewall
• B. Network Firewall
• C. Management Plance
• D. API Gateway

Answer: C

Explanation:
The management plane controls and configures the metastructure, and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets (like networks and processors) and using them to build resource pools. Meta structure is the glue and guts to create, provision, and deprovision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud.
Ref: CSA Security Guidelines v4.0

 

NEW QUESTION 132
Which concept provides the abstraction needed for resource pools?

• A. Metastructure
• B. Hypervisor
• C. Orchestration
• D. Applistructure
• E. Virtualization

Answer: E

 

NEW QUESTION 133
Code execution environments that run within an operating system. sharing and leveraging resources of that operating system is called :

• A. Instance
• B. Sandbox
• C. Container
• D. Virtual Machine

Answer: C

Explanation:
Containers are code execution environments that run within an operating system(for now), sharing and leveraging resources of that operating system. While a VM is a full abstraction of an operating system, a container is a constrained place to run segregated processes while still utilizing the kernel and other capabilities of the base 0S. Multiple containers can run on the same virtual machine or be implemented without the use of VMs at all and run directly on hardware.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

 

NEW QUESTION 134
Term which defined acquired IT Technologies without the knowledge of IT Department is:

• A. Shadow devices
• B. Shadow application
• C. Shadow servers
• D. Shadow IT

Answer: D

Explanation:
Shadow IT is a term often used to describe information-technology systems and solutions built and used inside organizations without explicit organizational approval.

 

NEW QUESTION 135
The management plane controls and configures the:

• A. Metastructure
• B. Infostructure
• C. Infrastructure
• D. Applistructure

Answer: A

Explanation:
The management plane controls and configures the metastructure and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets(like networks and processors)and using them to build resource pools. Metastructure is the glue and guts to create, provision, and de-provision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 136
John said that he is looking for cloud service which is self-serviced and has a on-demand capacity. Which service model is he referring to?

• A. XaaS
• B. SaaS
• C. IaaS
• D. PaaS

Answer: C

Explanation:
Following are the characteristics of IaaS service model of cloud computing:
1. Scale
2. Converged network and IT capacity pool
3. Self-service and on-demand capacity
4. High reliability and resilience

 

NEW QUESTION 137
Ensuring the use of data and information complies with organizational policies, standards and strategy- including regulatory, contractual, and business objectives, known as:

• A. Enterprise Governance
• B. IT Governance
• C. Corporate Governance
• D. Data Governance

Answer: D

Explanation:
It is definition of Data Governance

 

NEW QUESTION 138
Who is responsible for the safe custody, transport, data storage. and implementation of business rules in relation to the privacy?

• A. Data custodian
• B. Data processor
• C. Data controller
• D. Data owner

Answer: A

Explanation:
Data custodians are responsible for the safe custody. transport. data storage. and implementation of business rules

 

NEW QUESTION 139
Which is the set of technologies that are designed to detect conditions indicative of a security vulnerability in an application in its running state?

• A. Dynamic application security testing(DAST)
• B. Enterprise Threat Modelling
• C. Static application security Testing(SAST)
• D. STRIDE

Answer: A

Explanation:
Definitions:
SAST- Static application security testing(SAST) is a type of security testing that relies on inspecting the source code of an application. ln general, SAST involves looking at the ways the code is designed to pinpoint possible security flaws.
DAST- Dynamic application security testing(DAST) technologies are designed to detect conditions indicative of a security vulnerability in an application in its running state

 

NEW QUESTION 140
Which one of the following is not a risk mitigation strategy?

• A. Suppression
• B. Acceptance
• C. Avoidance
• D. Transfer

Answer: A

Explanation:
Following are the risk mitigation strategies

 

NEW QUESTION 141
Which of the following should be your top priority when designing a cloud security program for your organization?

• A. Consider OWASP guideline
• B. Configure IPSEC tunnels
• C. Prevention of DDoS Attack
• D. Protection of cloud management plan

Answer: D

Explanation:
In most cases, those APIs are both remotely accessible and wrapped into a web-based user interface.
This combination is the cloud management plane, since consumers use it to manage and configure the cloud resources, such as launching virtual machines (instances) or configuring virtual networks. From a security perspective, it is both the biggest difference from protecting physical infrastructure(since you can't rely on physical access as a control)and the top priority when designing a cloud security program. If an attacker gets into your management plane, they potentially have full remote access to your entire cloud deployment.
Ref: CSA Security Guidelines V4

 

NEW QUESTION 142
What is the key difference between Business Continuity and Business Continuity Management?

• A. They are same concepts used interchangeably
• B. None of the above
• C. Business Continuity is the holistic process whereas Business Continuity Management is the capability of the organization
• D. Business Continuity is the capability of the organization whereas Business Continuity Management is the holistic process.

Answer: D

Explanation:
Definitions:
Business continuity: The capability of the organisation to continue delivery of products or services at acceptable predefined levels following a loss of service.
Business continuity management: A holistic management process that identifies potential threats to an organisation and the impacts to business operations those threats, if realised, might cause. It provides a framework for building organisational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities

 

NEW QUESTION 143
Which of the following storages is typically used for swap files and other temporary storage needs and is terminated with its instance?

• A. Content Deliver
• B. Object based Storage
• C. Ephemeral Storage
• D. Raw Storage

Answer: C

Explanation:
Ephemeral storage: This type of storage is relevant for SaaS instances and exists only as long as its instance is up. It is typically used for swap files and other temporary storage needs and is terminated with its instance.

 

NEW QUESTION 144
......

Authentic Best resources for CCSK: https://www.testsimulate.com/CCSK-study-materials.html