Cloud Security

Alliance
CCSK
Certificate of Cloud Security Knowledge
QUESTION & ANSWERS

https://www.certsexpert.com/CCSK-pdf-questions.html
QUESTION: 1

Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously
testbusiness continuity?

Option A : Planned Outages

Option B : Resiliency Planning

Option C : Expected Engineering

Option D : Chaos Engineering

Option E : Organized Downtime

Correct Answer: D

QUESTION: 2

When the application components communicate directly with the cloud service, the management plane
andmetastructure might fall within the application security scope.

Option A : True

Option B : False

Correct Answer: A

QUESTION: 3

When deploying Security as a Service in a highly regulated industry or environment, what should both
partiesagree on in advance and include in the SLA?

Option A : The metrics defining the service level required to achieve regulatory objectives.

Option B : The duration of time that a security violation can occur before the client begins assessing
regulatory fines.

Option C : The cost per incident for security breaches of regulated information.

Option D : The regulations that are pertinent to the contract and how to circumvent them.

Option E : The type of security software which meets regulations and the number of licenses that will be
needed.

https://www.certsexpert.com/CCSK-pdf-questions.html
 Correct Answer: A

QUESTION: 4

What should every cloud customer set up with its cloud service provider (CSP) that can be utilized in the
event of an incident?

Option A : A data destruction plan

Option B : A communication plan

Option C : A back-up website

Option D : A spill remediation kit

Option E : A rainy day fund

Correct Answer: B

QUESTION: 5

ENISA: Which of the following is among the vulnerabilities contributing to a high risk ranking for Network
Management?

Option A : User provisioning vulnerabilities

Option B : AAA vulnerabilities

Option C : System or O/S vulnerabilities

Option D : Hypervisor vulnerabilities

Option E : Inadequate physical security procedures

Correct Answer: C

QUESTION: 6

To what extent does the CSA Guidance document suffice for legal advice in setting up relationships with
cloud service providers?

Option A : The CSA Guidance document provides adequate legal advice under certain circumstances.

https://www.certsexpert.com/CCSK-pdf-questions.html
 Option B : The CSA Guidance document provides an overview of selected issues and it is not a substitute
for obtaining legal advice.

Option C : The CSA Guidance document provides copious amounts of relevant case law to enable legal
inferences to be developed

Option D : The CSA Guidance document does not discuss any legal issues at all

Option E : The CSA Guidance document provides sufficient guidance to substitute for legal advice.

Correct Answer: D

QUESTION: 7

At a minimum, how often should incident response testing occur?

Option A : Monthly

Option B : Quarterly

Option C : Whenever an event occurs

Option D : Semi-annually

Option E : Annually and whenever a significant change occurs

Correct Answer: A

QUESTION: 8

The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what?

Option A : The size of the cloud computing environment

Option B : The value of the information at risk

Option C : The operating system and firewall type

Option D : Whether the cloud is IaaS, PaaS, or SaaS

Option E : Both A and C

Correct Answer: B

https://www.certsexpert.com/CCSK-pdf-questions.html
QUESTION: 9

CCM: A hypothetical start-up company called "ABC" provides a cloud based IT management solution. They
aregrowing rapidly and therefore need to put controls in place in order to manage any changes in their
productionenvironment. Which of the following Change Control & Configuration Management production
environmentspecific control should they implement in this scenario?

Option A : Policies and procedures shall be established for managing the risks associated with applying
changes tobusiness-critical or customer (tenant)-impacting (physical and virtual) applications and system-
systeminterface (API) designs and configurations, infrastructure network and systems compon

Option B : Policies and procedures shall be established, and supporting business processes and technical
measuresimplemented, to restrict the installation of unauthorized software on organizationally-owned or
manageduser end-point devices (e.g. issued workstations, laptops, and mobile devices) and IT
infrastructure networkand systems components.

Option C : All cloud-based services used by the company's mobile devices or BYOD shall be pre-approved
for usageand the storage of company business data.

Option D : None of the above

Correct Answer: A

QUESTION: 10

CCM: A hypothetical start-up company called "IT4Sure" provides a cloud based IT management solution.
Theyare growing rapidly and have some security measures in place but the employees are still using their
personalmobile devices for storing and communicating company confidential information. So they decide to
provide theemployees with company mobile devices and implement a Mobile Device Management policy.
Two monthslater, a customer wants to review IT4Sure's mobile device security practices. Which of the
following basicprotection measures should the client look for in the company's Mobile Device Management
policy

Option A : Registration of mobile devices

Option B : Requirements for physical protection

Option C : Requirements for mobile device software versions and for applying patches

Option D : Malware protection

Option E : All of the above

Correct Answer: A

https://www.certsexpert.com/CCSK-pdf-questions.html
QUESTION: 11

What method can be utilized along with data fragmentation to enhance security?

Option A : Encryption

Option B : Organization

Option C : Knowledge management

Option D : IDS

Option E : Insulation

Correct Answer: A

QUESTION: 12

An important consideration when performing a remote vulnerability test of a cloud-based application is to

Option A : Obtain provider permission for test

Option B : Use techniques to evade cloud provider’s detection systems

Option C : Use application layer testing tools exclusively

Option D : Use network layer testing tools exclusively

Option E : Schedule vulnerability test at night

Correct Answer: A

QUESTION: 13

Which part of the incident response process is greatly complicated by the resource pooling and rapid
elasticity of cloud infrastructure?

Option A : Recovery

Option B : Ballistics

Option C : Detection

Option D : Forensics

https://www.certsexpert.com/CCSK-pdf-questions.html
 Option E : Preparation

Correct Answer: D

QUESTION: 14

What are the three valid options for protecting data as it moves to and within the cloud?

Option A : Client/Application Encryption, Link/Network Encryption, Proxy-Based Encryption

Option B : Client/Application Encryption, Link/Network Encryption, Hypervisor Encryption

Option C : Client/Application Bundling, Link/Network Bundling, Proxy-Based Bundling

Option D : Password Encryption, Link/Network Encryption, Proxy-Based Encryption

Option E : Client/Application Encryption, Cloud Encoding, Proxy-Based Encryption

Correct Answer: D

QUESTION: 15

ENISA: A reason for risk concerns of a cloud provider being acquired is:

Option A : Arbitrary contract termination by acquiring company

Option B : Resource isolation may fail

Option C : Provider may change physical location

Option D : Mass layoffs may occur

Option E : Non-binding agreements put at risk

Correct Answer: A

QUESTION: 16

If the management plane has been breached, you should confirm the templates/configurations for
yourinfrastructure or applications have not also been compromised.

Option A : False

https://www.certsexpert.com/CCSK-pdf-questions.html
 Option B : True

Correct Answer: A

QUESTION: 17

What is known as the interface used to connect with the metastructure and configure the cloud
environment?

Option A : Administrative access

Option B : Management plane

Option C : Identity and Access Management

Option D : Single sign-on

Option E : Cloud dashboard

Correct Answer: B

QUESTION: 18

Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud
deployments?

Option A : More physical control over assets and processes.

Option B : Greater reliance on contracts, audits, and assessments due to lack of visibility or
management.

Option C : Decreased requirement for proactive management of relationship and adherence to contracts.

Option D : Increased need, but reduction in costs, for managing risks accepted by the cloud provider.

Option E : None of the above.

Correct Answer: B

QUESTION: 19

CCM: A hypothetical company called "lnfrastructure4Sure" provides Infrastructure as a Service (IaaS) to its

https://www.certsexpert.com/CCSK-pdf-questions.html
clients. A customer wants to review Infrastructure4Sure's hypervisor security implementation measures.
Which of the following measures should Infrastructure4Sure implement?

Option A : Choose a hypervisor with a smaller footprint for a reduced attack surface

Option B : Harden the hypervisor's configuration to increase areas of vulnerability (e.g., disabling memory
sharing between VMs running within the same hypervisor hosts).

Option C : Connect unused physical hardware devices and enable clipboard or file-sharing services

Option D : Monitor for signs of compromise by analyzing hypervisor logs on an ongoing basis

Option E : A and D

Correct Answer: A

QUESTION: 20

Which action is part of the containment phase of the incident response lifecycle?

Option A : Evaluating infrastructure by proactive scanning and network monitoring, vulnerability

Option B : Planning notification and coordination of activities

Option C : Making considerations for data loss versus service availability

Option D : Configuring and validating alerts

Option E : Analyzing what happened

Correct Answer: C

QUESTION: 21

Which of the following is NOT a method of object storage encryption?

Option A : Externally managed encryption

Option B : File/folder encryption

Option C : Enterprise digital rights management

Option D : Proxy encryption

Option E : Client/application encryption

https://www.certsexpert.com/CCSK-pdf-questions.html
 Correct Answer: C

QUESTION: 22

In which layer is the management plane?

Option A : Infrastructure layer

Option B : Applistructure layer

Option C : Metastructure layer

Option D : Infostructure layer

Option E : Overstructure layer

Correct Answer: C

QUESTION: 23

What technology should you consider to monitor data flowing into your organization's SaaS deployment?

Option A :

Stateful firewall

Option B :

CASB

Option C :

External VPN appliance

Option D :

HIPS

https://www.certsexpert.com/CCSK-pdf-questions.html
 Correct Answer: B

QUESTION: 24

In which phase of an incident response lifecycle might you build a timeline of the attack?

Option A :

Detection and analysis

Option B :

Post-mortem

Option C :

Containment, eradication, and Recovery

Option D :

Preparation

Correct Answer: A

QUESTION: 25

Which of the following is not one of the "meta-phases" described by the Cloud Security Alliance?

Option A :

Secure Operations

Option B :

https://www.certsexpert.com/CCSK-pdf-questions.html
 Secure Deployment

Option C :

Secure Optimization

Option D :

Secure Design and Development

Correct Answer: C

QUESTION: 26

What are the two actions that are typical for your organization when there are residual risks? (Choose three).

Option A :

Escalate

Option B :

Ignore

Option C :

Transfer

Option D :

Avoid

Option E :

Accept

https://www.certsexpert.com/CCSK-pdf-questions.html
 Correct Answer: C,D,E

QUESTION: 27

Your supervisor is very concerned about your planned migration to the cloud. One of the main concerns is
the fact that there may be fewer logging capabilities to monitor the solution. What can you tell your
supervisor?

Option A :

The cloud provider can permit logging of the underlying service

Option B :

The technology stack can be instrumented for additional logging capabilities

Option C :

The cloud provider can always open more ports

Option D :

This is a reality of cloud-based solutions and if large monitoring metrics are needed, the cloud should be
avoided

Correct Answer: B

QUESTION: 28

When working with a logical cloud model, where is the most likely place you find the data and information
stored in the cloud?

Option A :

Infostructure

https://www.certsexpert.com/CCSK-pdf-questions.html
Option B :

Metastructure

Option C :

Applistructure

Option D :

Infrastructure

Correct Answer: A

https://www.certsexpert.com/CCSK-pdf-questions.html