Verified CCSK &As - Provide CCSK with Correct Answers [Q68-Q85]

Verified CCSK Exam Dumps Q&As - Provide CCSK with Correct Answers

Pass Your CCSK Dumps Free Latest Cloud Security Alliance Practice Tests

NEW QUESTION # 68
ENISA: A reason for risk concerns of a cloud provider being acquired is:

• A. Non-binding agreements put at risk
• B. Resource isolation may fail
• C. Provider may change physical location
• D. Arbitrary contract termination by acquiring company
• E. Mass layoffs may occur

Answer: A

Explanation:
Explanation/Reference:

NEW QUESTION # 69
Code execution environments that run within an operating system. sharing and leveraging resources of that operating system. are known as:

• A. VMs
• B. Host
• C. Nodes
• D. Containers

Answer: D

Explanation:
Containers are code execution environments that run within an operating system(for now), sharing and leveraging resources of that operating system. While a VM is a full abstraction of an operating system, a container is a constrained place to run segregated processes while still utilizing the kernel and other capabilities of the base 0S.
Ref: CSA Security Guidelines V4.0

NEW QUESTION # 70
In which service model, cloud consumer is responsible to manage authorizations and entitlements only?

• A. Software as a Service (SaaS)
• B. Platform as a Service (PaaS)
• C. All of them
• D. Infrastructure as a Service (IaaS)

Answer: A

Explanation:
It is important to read the question carefully and then choose the best answer. Although cloud consumer is responsible for authorizations and entitlements across all service models but questions uses
"only''. Therefore, answer is Software as a Service (SaaS) and a SaaS provider is responsible for perimeter security, logging/ monitoring/auditing, and application security.

NEW QUESTION # 71
Which of the following document includes responsibilities and mechanisms for governance in cloud environment?

• A. Operational level Agreement
• B. Contract
• C. Service Level Agreement
• D. Governance memo

Answer: B

Explanation:
Cloud computing changes the responsibilities and mechanisms for implementing and managing governance. Responsibilities and mechanisms for governance are defined in the contract. as with any business relationship. If the area of concern isnt in the contract. there are no mechanisms available to enforce. and there is a governance gap. Governance gaps dont necessarily exclude using the provider, but they do require the customer to adjust their own processes to close the gaps or accept the associated risks.
Ref: Security Guidance v4.0 Copyright2017, Cloud Security Alliance (used for educational purpose here)

NEW QUESTION # 72
IT Risk management is best described in:

• A. NIST SP800-14
• B. FIPS 140-2
• C. ISO 27017
• D. ISO 27005

Answer: D

Explanation:
IS027005 standards describes IT Risk Management process

NEW QUESTION # 73
In Platform as a Service (PaaS), platform security is a responsibility of:

• A. Customer
• B. Cloud service provider
• C. It's a shared responsibility
• D. Neither of them

Answer: C

Explanation:
This is a very confusing question and we need to understand that its a shared responsibility between cloud service provider and customer.

NEW QUESTION # 74
Which is the leading industry leading standard you will recommend to a web developer when designing web application or an API for a cloud solution?

• A. SOC2
• B. ISO 27001
• C. FIPS 140
• D. OWASP

Answer: D

Explanation:
OWASP is an open project and is leading industry standard for designing web applications and its security.

NEW QUESTION # 75
"Cloud provider acquisition" as a risk fall under which of the following categories?

• A. Technical risk
• B. Legal Risk
• C. Policy and Organizational Risk
• D. Environmental Risk

Answer: C

Explanation:
Cloud provider acquisition comes under Policy and Organizational Risk and can be categorised as follows.
As in any new IT market, competitive pressure, an inadequate business strategy, lack of financial support, etc, could lead some providers to go out of business or at least to force them to restructure their service portfolio offering. In other words, it is possible that in the short or medium term some cloud computing services could be terminated.

NEW QUESTION # 76
What is the main driver for decision to deploy cloud solutions?

• A. It's a financial decision
• B. None of the above
• C. Its business driven
• D. Cloud has less risks and costs associated

Answer: C

Explanation:
All the decisions related to cloud migration are driven by business requirements and effective Business Impact Analysis(BIA)and cost-benefit analysis

NEW QUESTION # 77
Which of the following controls and configures the metastructure, and is also part of the metastructure itself?

• A. Management Plance
• B. Network Firewall
• C. API Gateway
• D. Web Application Firewall

Answer: A

Explanation:
The management plane controls and configures the metastructure, and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets (like networks and processors) and using them to build resource pools. Meta structure is the glue and guts to create, provision, and deprovision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud.
Ref: CSA Security Guidelines v4.0

NEW QUESTION # 78
Which is the set of technologies that are designed to detect conditions indicative of a security vulnerability in an application in its running state?

• A. STRIDE
• B. Static application security Testing(SAST)
• C. Enterprise Threat Modelling
• D. Dynamic application security testing(DAST)

Answer: D

Explanation:
Definitions:
SAST- Static application security testing(SAST) is a type of security testing that relies on inspecting the source code of an application. ln general, SAST involves looking at the ways the code is designed to pinpoint possible security flaws.
DAST- Dynamic application security testing(DAST) technologies are designed to detect conditions indicative of a security vulnerability in an application in its running state

NEW QUESTION # 79
Which are the two major categories of network virtualization commonly seen in cloud computing today?

• A. Software Defined Networks and Virtual Private Networks
• B. Virtual Private Networks and Converged Network
• C. Virtual LANS(VLANs)and Converged Networks
• D. Software Defined Networks and Virtual LANs(VLANs)

Answer: C

Explanation:
There are two major categories of network virtualization commonly seen in cloud computing today:
. Virtual Local Area Networks (VLANs): VLANs leverage existing network technology implemented in most network hardware.
VLANs are extremely common in enterprise networks, even without Management Storage Service Management plane to nodes storage nodes (volumes) to compute nodes (instances) Internet to compute nodes Instances to instance Common networks underlying IaaS. They are designed for use in single-tenant networks (enterprise data centers) to separate different business units, functions, etc. (like guest networks). VLANs are not designed for cloud-scale virtualization or security and shouldn't be considered, on their own, an effective security control for isolating networks. They are also never a substitute for physical network segregation.
. Software Defined Networking(SDN): A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data. This allows us to abstract networking from the traditional limitations of a LAN.
Ref: CSA Security Guidelines V.4 (reproduced here for the educational purpose)

NEW QUESTION # 80
Which of the following is true after your organization migrates the data to the cloud?

• A. Cloud service provider will be legally liable for any data breach.
• B. Breaches will be termed as loss of Intellectual property.
• C. It is totally secure because cloud service providers have more security.
• D. In case of data breach, you as a customer, will be still legally liable.

Answer: D

Explanation:
Even after cloud migration. cloud customer is responsible for the data and ultimately liable for any data loss or breaches.

NEW QUESTION # 81
For third-party audits or attestations, what is critical for providers to publish and customers to evaluate?

• A. Provider infrastructure information including maintenance windows and contracts
• B. Full API access to all required services
• C. Network or architecture diagrams including all end point security devices in use
• D. Service-level agreements between all parties
• E. Scope of the assessment and the exact included features and services for the assessment

Answer: C

NEW QUESTION # 82
Which of the cloud service model has least maintenance or administration from a cloud customer perspective?

• A. IaaS
• B. SaaS
• C. XaaS
• D. PaaS

Answer: B

Explanation:
SaaS requires least maintenance from the customer as all the infrastructure up to application is managed by the cloud service provider

NEW QUESTION # 83
Which concept provides the abstraction needed for resource pools?

• A. Metastructure
• B. Hypervisor
• C. Virtualization
• D. Applistructure
• E. Orchestration

Answer: C

NEW QUESTION # 84
Your SLA with your cloud provider ensures continuity for all services.

• A. False
• B. True

Answer: A

NEW QUESTION # 85
......

Get Top-Rated Cloud Security Alliance CCSK Exam Dumps Now: https://www.exam4docs.com/CCSK-study-questions.html

CCSK Exam Dumps Pass with Updated Tests Dumps: https://drive.google.com/open?id=1-d_FUQK0JtsJ7EXONtOCDELYkF3AXr-C