CCSK Online Practice Questions and Answers

What item below allows disparate directory services and independent security domains to be interconnected?

A. Coalition

B. Cloud

C. Intersection

D. Union

E. Federation

Select the best definition of `compliance` from the options below.

A. The development of a routine that covers all necessary security measures.

B. The diligent habits of good security practices and recording of the same.

C. The timely and efficient ling of security reports.

D. The awareness and adherence to obligations, including the assessment and prioritization of corrective actions deemed necessary and appropriate.

E. The process of completing all forms and paperwork necessary to develop a defensible paper trail.

CCM: In the CCM tool, `Encryption and Key Management` is an example of which of the following?

A. Risk Impact

B. Domain

C. Control Specification

ENISA: Which is not one of the five key legal issues common across all scenarios:

A. Data protection

B. Professional negligence

C. Globalization

D. Intellectual property

E. Outsourcing services and changes in control

CCM: The Architectural Relevance column in the CCM indicates the applicability of the cloud security control to which of the following elements?

A. Service Provider or Tenant/Consumer

B. Physical, Network, Compute, Storage, Application or Data

C. SaaS, PaaS or IaaS

In the Software-as-a-service relationship, who is responsible for the majority of the security?

A. Application Consumer

B. Database Manager

C. Application Developer

D. Cloud Provider

E. Web Application CISO

Which of the following statements best defines the "authorization" as a component of identity, entitlement, and access management?

A. The process of specifying and maintaining access policies

B. Checking data storage to make sure it meets compliance requirements

C. Giving a third party vendor permission to work on your cloud solution

D. Establishing/asserting the identity to the application

E. Enforcing the rules by which access is granted to the resources

What of the following is NOT an essential characteristic of cloud computing?

A. Broad Network Access

B. Measured Service

C. Third Party Service

D. Rapid Elasticity

E. Resource Pooling

The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what?

A. The size of the cloud computing environment

B. The value of the information at risk

C. The operating system and firewall type

D. Whether the cloud is IaaS, PaaS, or SaaS

E. Both A and C

Which of the following items is one of the major regulatory compliance problems associated with cloud environments?

A. The lowered cost of cloud services may violate computer service embargoes

B. The advent of applications as a service may violate software licensing agreements

C. Transparency is improved through consolidated and centralized management platforms

D. The distributed nature of cloud storage may result in regulated information being sent across geographical boundaries

E. The multi-tenancy model allows cloud customers to unfairly share hard drives that would otherwise have been purchased individually

To what extent does the CSA Guidance document suffice for legal advice in setting up relationships with cloud service providers?

A. The CSA Guidance document provides adequate legal advice under certain circumstances.

B. The CSA Guidance document provides an overview of selected issues and it is not a substitute for obtaining legal advice.

C. The CSA Guidance document provides copious amounts of relevant case law to enable legal inferences to be developed.

D. The CSA Guidance document does not discuss any legal issues at all.

E. The CSA Guidance document provides sufficient guidance to substitute for legal advice.

CCM: A hypothetical company called "CertBus4Sure" provides a cloud based service to share con dential documents. The con dential documents are stored in their servers and are encrypted. How will CertBus4Sure ensure the protection of client data within their data center?

A. Audit plans should not be adopted and supported by the most senior governing elements of the organization (e.g. the board and the management)

B. Encrypt the data at rest and put in place appropriate measures for management of encryption keys

C. Implement redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, re suppression) and various security devices

D. Use a secure transfer channel (i.e. TLS)

Immutable workloads make it faster to roll out updated versions because applications must be designed to handle individual nodes going down.

A. False

B. True

Cloud provider contract enforceability should be carefully considered in light of

A. Costs

B. Provider key management systems

C. Provider controls proving inadequate for customer risks

D. Foreign and out of state jurisdictions

E. Pre-production cloud deployments

Which security advantage considers that CI/CD pipelines can track everything, down to individual character changes in source files tied to the person submitting the change, with the entire application stack history?

A. Standardization

B. SecDevOps/DevSecOps and Rugged DevOps

C. Immutable

D. Improved auditing and change management

E. Automated testing