
[Feb 09, 2023] New CCSK Exam Dumps with High Passing Rate
Get CCSK Braindumps & CCSK Real Exam Questions
NEW QUESTION 22
CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?
- A. Use CCM to help assess the risk associated with the CSP
- B. Use CCM to build a detailed list of requirements and controls that they want their CSP to implement
- C. Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs
- D. None of the above
Answer: D
NEW QUESTION 23
Operating System management is done by customer in which service model of cloud computing?
- A. PaaS
- B. IaaS
- C. XaaS
- D. SaaS
Answer: B
Explanation:
In IaaS model. operating system is managed by the customer
NEW QUESTION 24
ENISA: "VM hopping" is:
- A. Improper management of VM instances, causing customer VMs to be commingled with other customer systems.
- B. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.
- C. Lack of vulnerability management standards.
- D. Instability in VM patch management causing VM routing errors.
- E. Looping within virtualized routing systems.
Answer: B
NEW QUESTION 25
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:
- A. No source escrow agreement
- B. Audit or certification not available to customers
- C. Unclear asset ownership
- D. Lack of completeness and transparency in terms of use
- E. Lack of information on jurisdictions
Answer: D
NEW QUESTION 26
Which of the following very important consideration when securing access to the Management Plane?
- A. Super Administrator
- B. Remote Access VPN
- C. Service Administrator
- D. Least Privilege
Answer: D
Explanation:
Both providers and consumers should consistently only allow the least privilege required for users.
applications. and other management plane usage.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)
NEW QUESTION 27
Which of the following is also knows as white-box test and can be used to find XSS errors, SQL injection.
buffer overflows. unhandled error conditions. and potential backdoors?
- A. Static Application Security Testing(SAST)
- B. Dynamic Application Security Testing(DAST)
- C. Static Application Security Testing(SAST)
- D. Threat Modelling
Answer: C
Explanation:
Static application security testing(SAST) is generally considered a white-box test, where the application test performs an analysis of the application source code, byte code, and binaries without executing the application code. SAST is used to determine coding errors and omissions that are indicative of security vulnerabilities. SAST is often used as a test method while the tool is under development(early in the development lifecycle).
SAST can be used to find XSS errors, SQL injection, buffer overflows, unhandled error conditions, and potential backdoors.
NEW QUESTION 28
How can virtual machine communications bypass network security controls?
- A. VM images can contain rootkits programmed to bypass firewalls
- B. VM communications may use a virtual network on the same hardware host
- C. Most network security systems do not recognize encrypted VM traffic
- D. The guest OS can invoke stealth mode
- E. Hypervisors depend upon multiple network interfaces
Answer: B
NEW QUESTION 29
Which ISO standards addresses Privacy in the cloud environment?
- A. ISO 27034
- B. ISO 27017
- C. ISO 27032
- D. ISO 27018
Answer: D
Explanation:
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
NEW QUESTION 30
If there are gaps in network logging data, what can you do?
- A. You can instrument the technology stack with your own logging.
- B. Ask the cloud provider to open more ports.
- C. Nothing. There are simply limitations around the data that can be logged in the cloud.
- D. Nothing. The cloud provider must make the information available.
- E. Ask the cloud provider to close more ports.
Answer: A
NEW QUESTION 31
The risk left in any system after all countermeasures and strategies have been applied is called:
- A. Leftover risk
- B. Annualised Risk
- C. Residual Risk
- D. Mitigated Risk
Answer: C
Explanation:
Thats the definition of residual risk
NEW QUESTION 32
Which is the core technology for enabling cloud computing and used to convert fixed infrastructure into pooled resources?
- A. Auto-Scaling
- B. Virtualization
- C. Application Programming Interfaces
- D. Software Defined Networking
Answer: B
Explanation:
Virtualization isn't merely a tool for creating virtual machines-it's the core technology for enabling cloud computing. We use virtualization all throughout computing, from full operating virtual machines to virtual execution environments like the Java Virtual Machine, as well as in storage, networking, and beyond.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)
NEW QUESTION 33
Whose responsibility is to maintain security incident and event management(SIEM) capabilities in PaaS (Platform as a Service) model?
- A. Cloud Access Security Broker
- B. Cloud Service provider
- C. Cloud Carrier
- D. Cloud Customer
Answer: B
Explanation:
In forms of service models, it is cloud service provider's responsibility to maintain security incident and event management(SIEM) capabilities
NEW QUESTION 34
Which of the following is a responsibility of Cloud customer?
- A. Meta Structure
- B. Image Asset Management
- C. Secure Virtualization Infrastructure
- D. Isolation
Answer: B
Explanation:
Image asset management. Cloud compute deployments are based on master images-be it a virtual machine, container, or other code-that are then run in the cloud. This is often highly automated and results in a larger number of images to base assets on, compared to traditional computing master images. Managing these-including which meet security requirements, where they can be deployed, and who has access to them-is an important security responsibility.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)
NEW QUESTION 35
ln which service model. does cloud security provider has least responsibility?
- A. PaaS
- B. IaaS
- C. XaaS
- D. SaaS
Answer: B
Explanation:
In IaaS service model. CSP is responsible only for the physical infrastructure.
NEW QUESTION 36
Your cloud and on-premises infrastructures should always use the same network address ranges.
- A. True
- B. False
Answer: B
NEW QUESTION 37
The relationship between the shareholders (and other stakeholders) of the organisation versus the Senior Management of the organisation is governed by:
- A. IT Governance
- B. Corporate Vision
- C. Corporate Mission
- D. Corporate Governance
Answer: D
Explanation:
Corporate governance is the system of rules, practices and processes by which a company is directed and controlled. Corporate governance, essentially involves balancing the interests of a company's many stakeholders, such as shareholders, management, customers, suppliers, financiers, government and the community.
NEW QUESTION 38
......
CCSK Dumps To Pass Cloud Security Alliance Exam in 24 Hours - FreePdfDump: https://www.freepdfdump.top/CCSK-valid-torrent.html
Cloud Security Alliance CCSK Actual Questions and Braindumps: https://drive.google.com/open?id=1m8cUbgPNxomAi1I7ZW9QTQDU-l5D9y6c

