[Jul 18, 2021] CCSK Ultimate Study Guide - Exam4Free Ultimate Guide to Prepare CCSK Certification Exam for Cloud Security Knowledge in 2021 NEW QUESTION 150 What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes? A. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data. B. Maintaining [...]

All Products Contact now

[Jul 18, 2021] CCSK Ultimate Study Guide - Exam4Free [Q150-Q175]

Share

[Jul 18, 2021] CCSK Ultimate Study Guide -  Exam4Free

Ultimate Guide to Prepare CCSK Certification Exam for Cloud Security Knowledge in 2021

NEW QUESTION 150
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

  • A. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
  • B. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.
  • C. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
  • D. Both B and D.
  • E. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.

Answer: B

 

NEW QUESTION 151
When Database as a Service is offered on Platform as a Service(PaaS) model, who is responsible for security features that needs to applied to the Databases?

  • A. Cloud Consumer
  • B. Cloud Service Provider
  • C. Cloud Access Security Broker (CASB)
  • D. Cloud Carrier

Answer: A

Explanation:
This is a tricky question.
When using a Database as a Service, the provider manages fundamental security, patching, and core configuration, while the cloud user is responsible for everything else, including which security features of the database to use, managing accounts, or even authentication methods.
Ref: CSA Security Guidelines v4.0

 

NEW QUESTION 152
CCM: The following list of controls belong to which domain of the CCM?
GRM 06 - Policy GRM 07 - Policy Enforcement GRM 08 - Policy Impact on Risk Assessments GRM 09 - Policy Reviews GRM 10 - Risk Assessments GRM 11 - Risk Management Framework

  • A. Governance and Risk Management
  • B. Governing and Risk Metrics
  • C. Governance and Retention Management

Answer: A

 

NEW QUESTION 153
The amount of risk that the leadership and stakeholders of an organization are willing to accept is know as:

  • A. Residual Risk
  • B. Risk Residual
  • C. Risk Tolerance
  • D. Risk Acceptance

Answer: C

Explanation:
Risk tolerance is the amount of risk that the leadership and stakeholders of an organization are willing to accept. It varies based on asset and you shouldn't make a blanket risk decision about a particular provider; rather, assessments should align with the value and requirements of the assets Ref: Security Guidance v4.0 Copyright2017, Cloud Security Alliance(used for educational purpose here)

 

NEW QUESTION 154
ln which service model. does cloud security provider has least responsibility?

  • A. IaaS
  • B. SaaS
  • C. PaaS
  • D. XaaS

Answer: A

Explanation:
In IaaS service model. CSP is responsible only for the physical infrastructure.

 

NEW QUESTION 155
All of the following are type of access controls except:

  • A. Administrative
  • B. Technical
  • C. Physical
  • D. Natural

Answer: D

Explanation:
There is no control as such for Natural control.
There are three types of controls
1. Physical
2. Technical
3. Administrative

 

NEW QUESTION 156
In cloud services. risks and responsibilities are shared between the cloud provider and customer.
however. which of the following holds true?

  • A. Cloud Provider liability is limited to financial responsibility
  • B. Cloud provider has ultimate legal liability for unauthorised and illicit data disclosures
  • C. Cloud Customer has ultimate legal liability for unauthorised and illicit data disclosures
  • D. Cloud Customer liability is limited to financial responsibility

Answer: C

Explanation:
In a shared responsibility model. Data security is responsibility of the cloud consumer and he is legally liable.

 

NEW QUESTION 157
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 158
Exploitable bugs in programs that attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system or disrupting service operations, are called:

  • A. Honepots
  • B. Threat Agents
  • C. Vulnerbilities
  • D. Threats

Answer: C

Explanation:
It's a definition of System Vulnerability.

 

NEW QUESTION 159
Which is the key technology that enables the sharing of resources and makes cloud computing most viable in terms of cost savings?

  • A. Content Delivery Networks(CDN)
  • B. Virtualization
  • C. Software Defined Networking(SDN)
  • D. Scalability

Answer: B

Explanation:
Virtualization is the foundational technology that underlies and makes cloud computing possible.
Virtualization is based on the use of powerful host computers to provide a shared resource pool that can be managed to maximize the number of guest operating systems(OSs) running on each host.

 

NEW QUESTION 160
Which of the following will not be provided by cloud services when requested by the customer?

  • A. SIEM logs
  • B. DLP solution results
  • C. Geographical locations of the datacentre
  • D. Details of security controls

Answer: D

Explanation:
The cloud service provider will not provide the details of security controls as it will harm the security of its infrastructure if the adversaries knows the details.

 

NEW QUESTION 161
Private cloud model can be managed by third party who may not be part of the organization served by that private cloud.

  • A. True
  • B. False

Answer: A

Explanation:
This is true
This is a tricky question that you should look into carefully. Main purpose of private cloud is usage by one organization (use) but it can be managed by third party as well.
Definition: Private cloud
According to NIST, "the cloud infrastructure is provisioned for exclusive use by a single organisation comprising multiple consumers (e.g, business units). It may be owned, managed, and operated by the organisation, a third party or some combination of them, and it may exist on or off premises. "

 

NEW QUESTION 162
The example of two administrators required to complete an operation in cloud is an example of:

  • A. Conflict of interest
  • B. Collaborative effons
  • C. Separy
  • D. Mandy

Answer: C

Explanation:
Separation of duties(SoD)(also known as "Segregation of duties") is the concept of having more than one person required to complete a task. ln business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error.

 

NEW QUESTION 163
Which of the following document includes responsibilities and mechanisms for governance in cloud environment?

  • A. Contract
  • B. Operational level Agreement
  • C. Governance memo
  • D. Service Level Agreement

Answer: A

Explanation:
Cloud computing changes the responsibilities and mechanisms for implementing and managing governance. Responsibilities and mechanisms for governance are defined in the contract. as with any business relationship. If the area of concern isnt in the contract. there are no mechanisms available to enforce. and there is a governance gap. Governance gaps dont necessarily exclude using the provider, but they do require the customer to adjust their own processes to close the gaps or accept the associated risks.
Ref: Security Guidance v4.0 Copyright2017, Cloud Security Alliance (used for educational purpose here)

 

NEW QUESTION 164
ENISA: "VM hopping" is:

  • A. Improper management of VM instances, causing customer VMs to be commingled with other customer systems.
  • B. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.
  • C. Looping within virtualized routing systems.
  • D. Lack of vulnerability management standards.
  • E. Instability in VM patch management causing VM routing errors.

Answer: B

 

NEW QUESTION 165
Erin has a picture which he wants to store in the cloud and would like to share its URL so that his friends can see the picture. What type of cloud storage would you recommend for him?

  • A. Object Storage
  • B. Glacier
  • C. Block Storage
  • D. Raw storage

Answer: A

Explanation:
Object storage(also referred to as object-based storage) is a general term that refers to the way in which we organize and work with units of storage, called objects.
Every object contains three things:
The data itself: The data can be anything you want to store, from a family photo to a400,000-page manual for assembling an aircraft.
An expandable amount of metadata: The metadata is defined by whoever creates the object storage; it contains contextual information about what the data is, what it should be used for, its confidentiality, or anything else that is relevant to the way in which the data is used.
A globally unique identifier: The identifier is an address given to the object in order for the object to be found over a distributed system. This way, it's possible to find the data without having to know the physical location of the data(which could exist within different parts of a data center or different parts of the world).

 

NEW QUESTION 166
A framework of containers for all components of application security. best practices. catalogued and leveraged by the ORGANIZATION is called:

  • A. ONF
  • B. ANF
  • C. CAF
  • D. DAF

Answer: A

Explanation:
Please notice that the question is asked for the organisation and therefore, ONF is the correct answer. If the similar question is asked for a particular application then answer would ANF

 

NEW QUESTION 167
Stopping a function to control further risk to business is called:

  • A. Mitigation
  • B. Transference
  • C. Acceptance
  • D. Avoidance

Answer: D

Explanation:
Risk avoidance is the practice of coming up with alternatives so that the risk in question is not realised.

 

NEW QUESTION 168
Which of the following very important consideration when securing access to the Management Plane?

  • A. Remote Access VPN
  • B. Service Administrator
  • C. Super Administrator
  • D. Least Privilege

Answer: D

Explanation:
Both providers and consumers should consistently only allow the least privilege required for users.
applications. and other management plane usage.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

 

NEW QUESTION 169
"Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms" Which of the following characterstics defines this

  • A. 0n-demand self-service
  • B. Broad network access
  • C. Resource pooling
  • D. Rapid elasticity

Answer: A

 

NEW QUESTION 170
A cloud storage architecture that caches content close to locations of high demand is known as:

  • A. Ephemeral Storage
  • B. Content Delivery Network(CDN)
  • C. Block Data
  • D. Volume Data

Answer: B

Explanation:
A content delivery network(CDN) is a system of distributed servers(network) that deliver pages and other Web content to a user. based on the geographic locations of the user. the origin of the webpage and the content delivery server.

 

NEW QUESTION 171
Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

  • A. Organized Downtime
  • B. Planned Outages
  • C. Resiliency Planning
  • D. Chaos Engineering
  • E. Expected Engineering

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 172
Which of the following is NOT a component of Software Defined Perimeter as defined by Cloud Security Alliance Working group on SDP?

  • A. SDP Client
  • B. SDP Gateway
  • C. SDP Host
  • D. SDP Controller

Answer: C

Explanation:
The CSA Software Defined Perimeter Working Group has developed a model and specification that combines device and user authentication to dynamically provision network access to resources and enhance security. SDP includes three components:
An SDP client on the connecting asset (e.g. a laptop).
* The SDP controller for authenticating and authorizing SDP clients and configuring the connections to SDP gateways.
* The SDP gateway for terminating SDP client network traffic and enforcing policies in communication with the SDP controller. Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 173
Which of the following is not a common cloud service model?

  • A. Infrastructure as a Service
  • B. Platform as a Service
  • C. Software as a Service
  • D. Programming as a Service

Answer: D

Explanation:
Programming as a Service is not a common offering; the others are ubiquitous through out the industry.

 

NEW QUESTION 174
All cloud services utilize virtualization technologies.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 175
......

Cloud Security Knowledge Fundamentals-CCSK Exam-Practice-Dumps: https://www.exam4free.com/CCSK-valid-dumps.html

Use Real CCSK Dumps - Cloud Security Alliance Correct Answers: https://drive.google.com/open?id=138YKCjC3ZrUe-ir6_2yn5OQ9h6v4gwpu

Related Articles

more
Cloud Security Alliance CCSK Certification Practice Exam

The exam cram of Exam4Free is the leader of certification real exam and the accuracy of exam questions and valid free demo ensure the high pass rate.

Latest Free Exam

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Exam4Free NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy