• Home
  • Articles
  • [Q142-Q159] Get 100% Passing Success With True CCSK Exam! [Apr-2022]

[Q142-Q159] Get 100% Passing Success With True CCSK Exam! [Apr-2022]

Share

Get 100% Passing Success With True CCSK Exam! [Apr-2022]

Cloud Security Alliance CCSK PDF Questions - Exceptional Practice To Certificate of Cloud Security Knowledge (v4.0) Exam

NEW QUESTION 142
What is true of security as it relates to cloud network infrastructure?

  • A. You should apply cloud firewalls on a per-network basis.
  • B. You should always open traffic between workloads in the same virtual subnet for better visibility.
  • C. You should implement a default deny with cloud firewalls.
  • D. You should deploy your cloud firewalls identical to the existing firewalls.
  • E. You should implement a default allow with cloud firewalls and then restrict as necessary.

Answer: C

Explanation:
Explanation

 

NEW QUESTION 143
Which of the following is NOT one of the common networks underlying in Cloud Infrastructure?

  • A. Management Network
  • B. Security Network
  • C. Service Network
  • D. Storage Network

Answer: B

Explanation:
If you are a cloud provider (including managing a private cloud), physical segregation of networks composing your cloud is important for both operational and security reasons. We most commonly see at least three different networks which are isolated onto dedicated hardware since there is no functional or traffic overlap:
1. The service network for communications between virtual machines and the Internet. This builds the network resource pool for the cloud users.
2. The storage network to connect virtual storage to virtual machines.
3. A management network for management and API traffic.
Ref: Reference: CSA Security GuidelinesV.4 (reproduced here for the educational purpose)

 

NEW QUESTION 144
What is true of security as it relates to cloud network infrastructure?

  • A. You should apply cloud firewalls on a per-network basis.
  • B. You should always open traffic between workloads in the same virtual subnet for better visibility.
  • C. You should implement a default deny with cloud firewalls.
  • D. You should deploy your cloud firewalls identical to the existing firewalls.
  • E. You should implement a default allow with cloud firewalls and then restrict as necessary.

Answer: C

 

NEW QUESTION 145
ln order to determine critical assets and processes of the organization, it must first conduct a:

  • A. Business Impact Analysis(BIA)
  • B. Datacentre monitoring
  • C. Host hardening
  • D. Risk Assessment

Answer: A

Explanation:
This is a process known as the business impact analysis(BIA). We determine a value for every asset(usually in terms of dollars),,what it would cost the organization if we lost that asset(either temporarily or permanently), what it would cost to replace or repair that asset, and any alternate methods for dealing with that loss.

 

NEW QUESTION 146
Which of the following help to intermediate IAM between an organization's existing identity providers and many different cloud services used by the organization?

  • A. Federated Identity Provider
  • B. Active Director
  • C. Relying Party
  • D. Cloud Access Security Broker

Answer: A

Explanation:
One of the better-known categories heavily used in cloud security is Federated Identity Brokers. These services help intermediate IAM between an organization's existing identity providers(internal Security Guidance v4.0 Copyright2017. Cloud Security Alliance. All rights reserved or cloud-hosted directories) and the many different cloud services used by the organization. They can provide web-based Single Sign
0n(SS0). helping ease some of the complexity of connecting to a wide range of external services that use different federation configurations.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

 

NEW QUESTION 147
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?

  • A. Third-party attestations
  • B. Provider run audits and reports
  • C. EDiscovery tools
  • D. Provider and consumer contracts
  • E. Provider documentation

Answer: A

 

NEW QUESTION 148
What would you call logic/procedures running on a shared database platform as?

  • A. Container
  • B. Virtual Machine
  • C. Serverless Computing
  • D. Platform-based Workload

Answer: D

Explanation:
Platform-based workloads: This is a more complex category that covers workloads running on a shared platform that aren't virtual machines or containers, such as logic/procedures running on a shared database platform. Imagine a stored procedure running inside a multitenant database, or a machine- learning job running on a machine-learning Platform as a Service. Isolation and security are totally the responsibility of the platform provider, although the provider may expose certain security options and controls.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 149
Which of the following is not part of STRIDE model?

  • A. Distributed Denial of Service
  • B. Denial of Service
  • C. Elevation of Privilege
  • D. Spoofing

Answer: A

Explanation:
The letters in STRIDE threat model represent Spoofing of identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. The other options are simply mixed up or incorrect versions of the same.

 

NEW QUESTION 150
Inability of customer to leave, migrate, Or transfer to an alternate cloud service provider because of technical or nontechnical constraints. is known as:

  • A. Vendor Lock
  • B. Vendor lock-in
  • C. Vendor lock-out
  • D. Vendor Limit

Answer: B

Explanation:
Vendor lock-in is a situation in which a customer using a product or service cannot easily transition to a competitor's product or service. Vendor lock-in is usually the result of proprietary technologies that are incompatible with those of competitors.

 

NEW QUESTION 151
Which of the following is not one of the essential characteristics of Cloud Computing?

  • A. Broad network access
  • B. On-demand self service
  • C. Resource Sharing
  • D. Rapid elasticit

Answer: C

Explanation:
Resource sharing is not one of the key characteristics of Cloud Computing

 

NEW QUESTION 152
Exploitable bugs in programs that attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system or disrupting service operations, are called:

  • A. Honepots
  • B. Vulnerbilities
  • C. Threat Agents
  • D. Threats

Answer: B

Explanation:
It's a definition of System Vulnerability.

 

NEW QUESTION 153
Which of the following are two most effective ways of protection against data breaches in the cloud environment?

  • A. Contracts and SLAs
  • B. Multifactor Authentication and Encryption
  • C. Encryption and Honeypot
  • D. Data Loss Prevention techniques and Web Application Firewall

Answer: B

Explanation:
Multifactor Authentication and Encryption are most effective protect mechanisms against data breaches in cloud environment. Other options do form part of overall security strategy in cloud but Option D is the strongest contender for the answer.

 

NEW QUESTION 154
What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?

  • A. The fragmentation and encryption algorithms employed
  • B. The actual size of the data and the storage format
  • C. The implications of storing complex information on simple storage systems
  • D. The physical location of the data and how it is accessed
  • E. The language of the data and how it affects the user

Answer: C

 

NEW QUESTION 155
Like security and compliance. BC/DR is not a shared responsibility.

  • A. True
  • B. False

Answer: A

Explanation:
This is True
Like security and compliance, BC/DR is a shared responsibility. There are aspects that the cloud provider has to manage, but the cloud customer is also ultimately responsible for how they use and manage the cloud service. This is especially true when planning for outages of the cloud provider (or parts of the cloud provider's service).
Ref Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 156
"Cloud provider acquisition" as a risk fall under which of the following categories?

  • A. Environmental Risk
  • B. Technical risk
  • C. Policy and Organizational Risk
  • D. Legal Risk

Answer: C

Explanation:
Cloud provider acquisition comes under Policy and Organizational Risk and can be categorised as follows.
As in any new IT market, competitive pressure, an inadequate business strategy, lack of financial support, etc, could lead some providers to go out of business or at least to force them to restructure their service portfolio offering. In other words, it is possible that in the short or medium term some cloud computing services could be terminated.

 

NEW QUESTION 157
Ensuring the use of data and information complies with organizational policies, standards and strategy- including regulatory, contractual, and business objectives, known as:

  • A. Data Governance
  • B. Corporate Governance
  • C. IT Governance
  • D. Enterprise Governance

Answer: A

Explanation:
It is definition of Data Governance

 

NEW QUESTION 158
CCM: A hypothetical company called: "Health4Sure" is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure's cloud service?

  • A. The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company's overall security posture in an efficient manner.
  • B. The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.
  • C. The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.

Answer: C

 

NEW QUESTION 159
......

CCSK dumps - Prep4sures - 100% Passing Guarantee: https://freedownload.prep4sures.top/CCSK-real-sheets.html

Related Articles

more
Cloud Security Alliance CCSK Certification Practice Exam