• Home
  • Articles
  • Download CCSK Exam Dumps Questions to get 100% Success in Cloud Security Alliance [Q18-Q40]

Download CCSK Exam Dumps Questions to get 100% Success in Cloud Security Alliance [Q18-Q40]

Share

Download CCSK Exam Dumps Questions to get 100% Success in Cloud Security Alliance 

100% Accurate Answers! CCSK Actual Real Exam Questions

NEW QUESTION # 18
Which of the following is an effective way of segregating different cloud networks and datacenters in a hybrid cloud environment?

  • A. Bastion Virtual Network
  • B. Virtual Private Networks
  • C. Dedicated Hosting
  • D. Virtual LANs

Answer: A

Explanation:
One emerging architecture for hybrid cloud connectivity is "bastion" or "transit" virtual networks:
. This scenario allows you to connect multiple, different cloud networks to a data center using a single hybrid connection. The cloud user builds a dedicated virtual network for the hybrid connection and then peers any other networks through the designated bastion network.
. Second-level networks connect to the data center through the bastion network, but since they aren't peered to each other they can't talk to each other and are effectively segregated. Also, you can deploy different security tools, firewall rulesets, and Access Control Lists in the bastion network to further protect traffic in and out of the hybrid connection.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)


NEW QUESTION # 19
Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?

  • A. Authentication
  • B. Entitlement
  • C. Federated Identity Management
  • D. Access control
  • E. Authoritative source

Answer: B


NEW QUESTION # 20
Which of the following is not one of the essential characteristics of Cloud Computing?

  • A. Broad network access
  • B. Resource Sharing
  • C. On-demand self service
  • D. Rapid elasticit

Answer: B

Explanation:
Resource sharing is not one of the key characteristics of Cloud Computing


NEW QUESTION # 21
What is known as the interface used to connect with the metastructure and configure the cloud environment?

  • A. Management plane
  • B. Identity and Access Management
  • C. Administrative access
  • D. Cloud dashboard
  • E. Single sign-on

Answer: A


NEW QUESTION # 22
Which of the following phases of data security lifecycle typically occurs nearly simultaneously with creation?

  • A. Encrypt
  • B. Use
  • C. Save
  • D. Store

Answer: D

Explanation:
Storing is the act committing the digital data to some sort of storage repository and typically occurs nearly simultaneously with creation.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)


NEW QUESTION # 23
The management plane controls and configures the:

  • A. Infostructure
  • B. Infrastructure
  • C. Metastructure
  • D. Applistructure

Answer: C

Explanation:
The management plane controls and configures the metastructure and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets(like networks and processors)and using them to build resource pools. Metastructure is the glue and guts to create, provision, and de-provision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)


NEW QUESTION # 24
ENISA: A reason for risk concerns of a cloud provider being acquired is:

  • A. Mass layoffs may occur
  • B. Resource isolation may fail
  • C. Non-binding agreements put at risk
  • D. Provider may change physical location
  • E. Arbitrary contract termination by acquiring company

Answer: C


NEW QUESTION # 25
The intermediary that provides connectivity and transport of cloud services between the CSPs and the cloud service consumers is called:

  • A. Cloud Reseller
  • B. Cloud Carrier
  • C. Cloud Service Broker
  • D. Cloud Access Service Broker

Answer: B

Explanation:
All the terms given as options are very important and candidate is expected to know them and differentiate between them


NEW QUESTION # 26
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

  • A. Both B and D.
  • B. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
  • C. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.
  • D. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
  • E. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.

Answer: E


NEW QUESTION # 27
Which of the following type of risk assessment most effectively supports cost-benefit analyses of alternative risk responses or courses of action?

  • A. Third party Risk Analysis
  • B. Qualitative Analysis
  • C. Quantitative Analysis
  • D. Outsourced risk analysis

Answer: C

Explanation:
Quantitative assessments typically employ a set of methods, principles, or rules for assessing risk based on the use of numbers This type of assessment most effectively supports cost-benefit analyses of alternative risk responses or courses of action.


NEW QUESTION # 28
What of the following is NOT an essential characteristic of cloud computing?

  • A. Measured Service
  • B. Third Party Service
  • C. Resource Pooling
  • D. Broad Network Access
  • E. Rapid Elasticity

Answer: B


NEW QUESTION # 29
How can web security as a service be deployed for a cloud consumer?

  • A. None of the above
  • B. On the premise through a software or appliance installation
  • C. Both A and C
  • D. By utilizing a partitioned network drive
  • E. By proxying or redirecting web traffic to the cloud provider

Answer: E


NEW QUESTION # 30
In volume storage, what method is often used to support resiliency and security?

  • A. hypervisor agents
  • B. random placement
  • C. data dispersion
  • D. proxy encryption
  • E. data rights management

Answer: C


NEW QUESTION # 31
Cloud customer can do vulnerability assessment of their whole infrastructure on cloud just like they conduct vulnerbility assessment of their traditional infrastructure.

  • A. True
  • B. False

Answer: B

Explanation:
It is false.
Customer will have to take permission and give notification to cloud service provider.
The cloud owner (public or private) will typically require notification of assessments and place limits on the nature of assessments. This is because they may be unable to distinguish an assessment from a real attack without prior warning.
Ref: CSA Security Guidelines V4.0


NEW QUESTION # 32
Which is the leading industry leading standard you will recommend to a web developer when designing web application or an API for a cloud solution?

  • A. ISO 27001
  • B. FIPS 140
  • C. SOC2
  • D. OWASP

Answer: D

Explanation:
OWASP is an open project and is leading industry standard for designing web applications and its security.


NEW QUESTION # 33
Which of the following is NOT atypical approach of Key Storage in cloud?

  • A. Cloud Service Provider Managed
  • B. Internally managed
  • C. Externally managed
  • D. Managed by the Third part

Answer: A

Explanation:
Remember, two key considerations when doing key management
1) Do not save it alongside data
2) Do not let cloud service provider manage the keys


NEW QUESTION # 34
Which attack surfaces, if any, does virtualization technology introduce?

  • A. Virtualization management components apart from the hypervisor
  • B. All of the above
  • C. The hypervisor
  • D. Configuration and VM sprawl issues

Answer: B


NEW QUESTION # 35
What are the primary security responsibilities of the cloud provider in the management infrastructure?

  • A. Properly configuring the deployment of the virtual network, especially the firewalls
  • B. Properly configuring the deployment of the virtual network, except the firewalls
  • C. Configuring second factor authentication across the network
  • D. Providing as many API endpoints as possible for custom access and configurations
  • E. Building and properly configuring a secure network infrastructure

Answer: B


NEW QUESTION # 36
Ensuring the use of data and information complies with organizational policies, standards and strategy- including regulatory, contractual, and business objectives, known as:

  • A. IT Governance
  • B. Corporate Governance
  • C. Data Governance
  • D. Enterprise Governance

Answer: C

Explanation:
It is definition of Data Governance


NEW QUESTION # 37
Who is ultimately liable for all data loss and breaches in the cloud environment?

  • A. Cloud reseller
  • B. Cloud service provider
  • C. Cloud customer
  • D. Cloud access security broker(CASB)

Answer: C

Explanation:
It is the customer who is ultimately responsible for any type of data loss or breaches


NEW QUESTION # 38
Vulnerability assessments cannot be easily integrated into CI/CD pipelines because of provider restrictions.

  • A. True
  • B. False

Answer: B


NEW QUESTION # 39
A SIEM device should be tuned in regularly to:

  • A. add new rules and remove old rules and thereby Eliminate false positive
  • B. update the device to latest patch by vendor
  • C. add new rules on top of existing old rules to enhance its capability
  • D. to test its scope of functional it

Answer: A

Explanation:
It is necessary to tuned regularly. It is helps in reducing false positives and keep the signatures latest and optimal.


NEW QUESTION # 40
......

Best Value Available! Realistic Verified Free CCSK Exam Questions: https://www.pdfvce.com/Cloud-Security-Alliance/CCSK-exam-pdf-dumps.html

Pass Your Exam Easily! CCSK Real Question Answers Updated: https://drive.google.com/open?id=1XUwB64hwdLer_Til6nc5hx_GQttRxXMt

Related Articles

more
Cloud Security Alliance CCSK Certification Practice Exam