Get Jan-2023 updated Exam CCSK Dumps with New Questions [Q22-Q42]

Get Jan-2023 updated Exam CCSK Dumps with New Questions

100% Pass Guarantee for CCSK Exam Dumps with Actual Exam Questions

Topics of Certificate of Cloud Security Knowledge (CCSK) Exam

This syllabus outline for the Certificate of Cloud Security Knowledge (CCSK) Exam can be found in the CCSk exam dumps pdf and focuses on the critical areas of the exam. Below, the main sections along with their subsections are listed:

1. Cloud Computing Concepts and Architectures

Objectives covered by this section:

• Logical Model
• Service Models
• Reference and Architecture Models
• Cloud Security Scope, Responsibilities, and Models

2. Governance and Enterprise Risk Management

Objectives covered by this section:

• Enterprise Risk Management in the Cloud
• Effects of various Service and Deployment Models
• Tools of Cloud Governance
• Cloud Risk Trade-offs and Tools

3. Legal Issues, Contracts, and Electronic Discovery

Objectives covered by this section:

• Third-Party Audits and Attestations
• Response to a Subpoena or Search Warrant
• Data Custody
• Regional Considerations
• Data Preservation
• Contracts and Provider Selection
• Contracts
• Electronic Discovery
• Cross-Border Data Transfer

4. Compliance and Audit Management

Objectives covered by this section:

• Auditor requirements
• Right to audit
• Compliance in the Cloud
• Audit scope
• Compliance scope

5. Information Governance

Objectives covered by this section:

• Governance Domains
• Data Security Functions, Actors and Controls
• Six phases of the Data Security Lifecycle and their key elements

6. Management Plane and Business Continuity

Objectives covered by this section:

• Management Plane Security
• Architect for Failure
• Business Continuity and Disaster Recovery in the Cloud

7. Infrastructure Security

Objectives covered by this section:

• Cloud Compute and Workload Security
• Cloud Network Virtualization
• Security Changes With Cloud Networking
• Challenges of Virtual Appliances

8. Virtualization and Containers

Objectives covered by this section:

• Containers
• Storage
• Mayor Virtualizations Categories
• Network

9. Incident Response

Objectives covered by this section:

• How the Cloud Impacts IR
• Incident Response Lifecycle

10. Application Security

Objectives covered by this section:

• Secure Software Development Lifecycle
• The Rise and Role of DevOps
• Opportunities and Challenges
• How Cloud Impacts Application Design and Architectures

11. Data Security and Encryption

Objectives covered by this section:

• Data Security Controls
• Managing Data Migrations to the Cloud
• Securing Data in the Cloud
• Cloud Data Storage Types

12. Identity, Entitlement, and Access Management

Objectives covered by this section:

• Managing Users and Identities
• Entitlement and Access Management
• Authentication and Credentials
• IAM Standards for Cloud Computing

13. Security as a Service

Objectives covered by this section:

• Major Categories of Security as a Service Offerings
• Potential Benefits and Concerns of SecaaS

14. Related Technologies

Objectives covered by this section:

• Big Data
• Internet of Things
• Serverless Computing
• Mobile

15. ENISA Cloud Computing: Benefits, Risks, and Recommendations for Information Security

Objectives covered by this section:

• Risks R.1 - R.35 and underlying vulnerabilities
• Underlying vulnerability in Loss of Governance
• Economic Denial of Service
• Top security risks in ENISA research
• Licensing Risks
• Five key legal issues common across all scenarios
• VM hopping
• User provisioning vulnerability
• Isolation failure
• OVF
• Data controller versus data processor definitions
• Risk concerns of a cloud provider being acquired

16. Cloud Security Alliance - Cloud Controls Matrix

Objectives covered by this section:

• Delivery Model Applicability
• Architectural Relevance
• Scope Applicability
• CCM Domains

 

NEW QUESTION 22
Metrics which govern the contractual obligations of cloud service are found in:

• A. Operational Level Agreement(OLA)
• B. Service Level agreements(SLA)
• C. Service Book
• D. Contract itself

Answer: B

Explanation:
The SLA is the list of defined, specific, numerical metrics that will used to determine whether the provider is sufficiently meeting the contract terms during each period of performance.

 

NEW QUESTION 23
Cloud Security provider is responsible for Platform Security in Platform as a Service(PaaS) model.

• A. True
• B. False

Answer: B

Explanation:
It is false. Platform security is a shared responsibility between cloud service provider and cloud service customer in Platform as a Service(PaaS) model.

 

NEW QUESTION 24
What defines easiness to move and reuse application components regardless of the provider, platform,
0S, infrastructure, location, storage, format of data or APIs, how well applications work together, and how well new applications work with other solutions present in the business, organization, or provider's existing architecture?

• A. Elasticity
• B. Portability
• C. Scalability
• D. Interoperability

Answer: D

Explanation:
Interoperability is an important characteristic.
Definition: Interoperability
Interoperability is the ability of a system or a product to work with other systems or products without special effort on the part of the customer.

 

NEW QUESTION 25
Ensuring the use of data and information complies with organizational policies, standards and strategy- including regulatory, contractual, and business objectives, known as:

• A. IT Governance
• B. Data Governance
• C. Corporate Governance
• D. Enterprise Governance

Answer: B

Explanation:
It is definition of Data Governance

 

NEW QUESTION 26
Which of the following is NOT atypical approach of Key Storage in cloud?

• A. Cloud Service Provider Managed
• B. Managed by the Third part
• C. Externally managed
• D. Internally managed

Answer: A

Explanation:
Remember, two key considerations when doing key management
1) Do not save it alongside data
2) Do not let cloud service provider manage the keys

 

NEW QUESTION 27
Which of the following is NOT a characteristic of cloud computing?

• A. Resource Pooling
• B. Reduced personnel cost
• C. On-demand self service
• D. Metered service

Answer: B

Explanation:
The characteristics of cloud computing are
1. 0n-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
2. Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms(e.g, mobile phones, tablets, laptops and workstations).
3. Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction(e.g, country, state or datacenter).
Examples of resources include storage, processing, memory and network bandwidth.
4. Rapid elasticity: Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at anytime.
5. Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service(e.g, storage, processing, bandwidth and active user accounts).
Resource usage can be monitored, controlled and reported, providing transparency for the provider and consumer.

 

NEW QUESTION 28
Which of the following is the correct pair of risk management standards?

• A. ISO27005 & ISO31000
• B. ISO27002 & ISO27005
• C. ISO27001 & ISO27018
• D. ISO31000 & ISO27017

Answer: A

Explanation:
IS027005 refers to processes for IT Risk Management whereas ISO31000 refers to Enterprise Risk Management

 

NEW QUESTION 29
Which of the cloud service model has least maintenance or administration from a cloud customer perspective?

• A. IaaS
• B. PaaS
• C. XaaS
• D. SaaS

Answer: D

Explanation:
SaaS requires least maintenance from the customer as all the infrastructure up to application is managed by the cloud service provider

 

NEW QUESTION 30
Which is the most common control used for Risk Transfer?

• A. Contracts
• B. SLA
• C. Web Application Firewall
• D. Insurance

Answer: D

Explanation:
Buying insurance is most common method of transferring risk.

 

NEW QUESTION 31
How can virtual machine communications bypass network security controls?

• A. VM images can contain rootkits programmed to bypass firewalls
• B. VM communications may use a virtual network on the same hardware host
• C. Most network security systems do not recognize encrypted VM traffic
• D. The guest OS can invoke stealth mode
• E. Hypervisors depend upon multiple network interfaces

Answer: B

 

NEW QUESTION 32
Cloud architectures necessitate certain roles which are extremely high-risk. Examples of such roles include CP system administrators and auditors and managed security service providers dealing with intrusion detection reports and incident response. They are known as high-risk because their malicious activities can lead to abuse of high privilege roles and can impact confidentiality, integrity and availability of data.

• A. True
• B. False

Answer: B

 

NEW QUESTION 33
IT Risk management is best described in:

• A. NIST SP800-14
• B. ISO 27005
• C. ISO 27017
• D. FIPS 140-2

Answer: B

Explanation:
IS027005 standards describes IT Risk Management process

 

NEW QUESTION 34
The intermediary that provides connectivity and transport of cloud services between the CSPs and the cloud service consumers is called:

• A. Cloud Reseller
• B. Cloud Carrier
• C. Cloud Service Broker
• D. Cloud Access Service Broker

Answer: B

Explanation:
All the terms given as options are very important and candidate is expected to know them and differentiate between them

 

NEW QUESTION 35
Which of the following pair represents Storage used in IaaS infra-structure?

• A. Raw and long-term storage
• B. Volume and object storage
• C. Structured and Unstructured Storage
• D. CDN and Ephemeral

Answer: B

Explanation:
IaaS uses the following storage types:
Volume storage: A virtual hard drive that can be attached to a virtual machine instance and be used to host data within a file System, Volumes attached to IaaS instances behave just like a physical drive or an array does. Examples include VMware Virtua Machine File System(VMFS), Amazon Elastic Block Store(EBS), RackSpace Redundant Array of Independent Disks (RAID), and OpenStack Cinder.
Object storage: Similar to a file share accessed via APIs or a web interface. Examples include Amazon S3 and Rackspace cloud files.

 

NEW QUESTION 36
An inherent weakness in an information system. security procedures. internal controls, or implementation that could be exploited by a threat source.

• A. Vulnerbility
• B. Risk
• C. ARO
• D. Threat

Answer: A

Explanation:
Thats the definition of vulnerbility

 

NEW QUESTION 37
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?

• A. Decreased requirement for proactive management of relationship and adherence to contracts.
• B. Greater reliance on contracts, audits, and assessments due to lack of visibility or management.
• C. More physical control over assets and processes.
• D. Increased need, but reduction in costs, for managing risks accepted by the cloud provider.
• E. None of the above.

Answer: B

 

NEW QUESTION 38
Which of the following leverages virtual network topologies to run more. smaller. and more isolated networks without incurring additional hardware costs that historically make such models prohibitive?

• A. BitVLANS
• B. Micro LANs
• C. Micro segmentation
• D. VLANS

Answer: C

Explanation:
Micro segmentation(also sometimes referred to as hyper segregation) leverages virtual network topologies to run more, smaller, and more isolated networks without incurring additional hardware costs that historically make such models prohibitive. Since the entire networks are defined in software without many of the traditional addressing issues, it is far more feasible to run these multiple, software- defined environments.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 39
How can web security as a service be deployed for a cloud consumer?

• A. None of the above
• B. By proxying or redirecting web traffic to the cloud provider
• C. Both A and C
• D. By utilizing a partitioned network drive
• E. On the premise through a software or appliance installation

Answer: B

 

NEW QUESTION 40
An important consideration when performing a remote vulnerability test of a cloud-based application is to

• A. Schedule vulnerability test at night
• B. Use application layer testing tools exclusively
• C. Obtain provider permission for test
• D. Use techniques to evade cloud provider's detection systems
• E. Use network layer testing tools exclusively

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 41
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.

• A. True
• B. False

Answer: A

 

NEW QUESTION 42
......

How to book the Certificate of Cloud Security Knowledge (CCSK) Exam

Follow the steps mentioned below to book the CCSk exam test:

• Step 1: Access the Cloud Security Alliance's website by clicking here
• Step 2: Click the “Login to buy” button
• Step 3: On the page that appears, create your account
• Step 4: Select your exam and purchase the exam token
• Step 5: After payment, follow the steps to schedule the exam

 

CCSK exam dumps with real Cloud Security Alliance questions and answers: https://examcollection.vcetorrent.com/CCSK-valid-vce-torrent.html