Improve Certificate Of Cloud Security Knowledge CCSK Test

NEW QUESTION 1
CCM: A hypothetical company called: “Health4Sure” is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure’s cloud service?

• A. The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Ac
• B. They could then assess the remaining control
• C. This approach will save time.
• D. The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Ac
• E. They could then assess the remaining controls thoroughl
• F. This approach saves time while being able to assess the company’s overall security posture in an efficient manner.
• G. The CCM domains are not mapped to HIPAA/HITECH Ac
• H. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CC
• I. This approach will allow a thorough assessment of the security posture.

Answer: C

NEW QUESTION 2
Who is responsible for the security of the physical infrastructure and virtualization platform?

• A. The cloud consumer
• B. The majority is covered by the consumer
• C. It depends on the agreement
• D. The responsibility is split equally
• E. The cloud provider

Answer: E

NEW QUESTION 3
Which statement best describes the impact of Cloud Computing on business continuity management?

• A. A general lack of interoperability standards means that extra focus must be placed on the security aspects of migration between Cloud providers.
• B. The size of data sets hosted at a Cloud provider can present challenges if migration to another provider becomes necessary.
• C. Customers of SaaS providers in particular need to mitigate the risks of application lock-in.
• D. Clients need to do business continuity planning due diligence in case they suddenly need to switch providers.
• E. Geographic redundancy ensures that Cloud Providers provide highly available services.

Answer: E

NEW QUESTION 4
When investigating an incident in an Infrastructure as a Service (IaaS) environment, what can the user investigate on their own?

• A. The CSP server facility
• B. The logs of all customers in a multi-tenant cloud
• C. The network components controlled by the CSP
• D. The CSP office spaces
• E. Their own virtual instances in the cloud

Answer: E

NEW QUESTION 5
If there are gaps in network logging data, what can you do?

• A. Nothin
• B. There are simply limitations around the data that can be logged in the cloud.
• C. Ask the cloud provider to open more ports.
• D. You can instrument the technology stack with your own logging.
• E. Ask the cloud provider to close more ports.
• F. Nothin
• G. The cloud provider must make the information available.

Answer: C

NEW QUESTION 6
What is a core tenant of risk management?

• A. The provider is accountable for all risk management.
• B. You can manage, transfer, accept, or avoid risks.
• C. The consumers are completely responsible for all risk.
• D. If there is still residual risk after assessments and controls are inplace, you must accept the risk.
• E. Risk insurance covers all financial losses, including loss of customers.

Answer: B

NEW QUESTION 7
How can virtual machine communications bypass network security controls?

• A. VM communications may use a virtual network on the same hardware host
• B. The guest OS can invoke stealth mode
• C. Hypervisors depend upon multiple network interfaces
• D. VM images can contain rootkits programmed to bypass firewalls
• E. Most network security systems do not recognize encrypted VM traffic

Answer: A

NEW QUESTION 8
Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.

• A. Rapid elasticity
• B. Resource pooling
• C. Broad network access
• D. Measured service
• E. On-demand self-service

Answer: E

NEW QUESTION 9
Which of the following is NOT a cloud computing characteristic that impacts incidence response?

• A. The on demand self-service nature of cloud computing environments.
• B. Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.
• C. The possibility of data crossing geographic or jurisdictional boundaries.
• D. Object-based storage in a private cloud.
• E. The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.

Answer: B

NEW QUESTION 10
Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?

• A. Infrastructure
• B. Datastructure
• C. Infostructure
• D. Applistructure
• E. Metastructure

Answer: A

NEW QUESTION 11
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.

• A. False
• B. True

Answer: B

NEW QUESTION 12
Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

• A. False
• B. True

Answer: B

NEW QUESTION 13
What is true of security as it relates to cloud network infrastructure?

• A. You should apply cloud firewalls on a per-network basis.
• B. You should deploy your cloud firewalls identical to the existing firewalls.
• C. You should always open traffic between workloads in the same virtual subnet for better visibility.
• D. You should implement a default allow with cloud firewalls and then restrict as necessary.
• E. You should implement a default deny with cloud firewalls.

Answer: E

NEW QUESTION 14
When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?

• A. The metrics defining the service level required to achieve regulatory objectives.
• B. The duration of time that a security violation can occur before the client begins assessing regulatory fines.
• C. The cost per incident for security breaches of regulated information.
• D. The regulations that are pertinent to the contract and how to circumvent them.
• E. The type of security software which meets regulations and the number of licenses that will be needed.

Answer: A

NEW QUESTION 15
If in certain litigations and investigations, the actual cloud application or environment itself is relevant to resolving the dispute in the litigation or investigation, how is the information likely to be obtained?

• A. It may require a subpoena of the provider directly
• B. It would require a previous access agreement
• C. It would require an act of war
• D. It would require a previous contractual agreement to obtain the application or access to the environment
• E. It would never be obtained in this situation

Answer: D

NEW QUESTION 16
Without virtualization, there is no cloud.

• A. False
• B. True

Answer: B

NEW QUESTION 17
......