Cloud Security Knowledge Cloud Security Knowledge Certifications CCSK Questions & Answers

• Question 1:

  Without virtualization, there is no cloud.

  A. False

  B. True

  Correct Answer: B

  B. True

  Virtualization is a fundamental technology that underlies cloud computing. It enables the abstraction and virtualization of computing resources, such as servers, storage, and networks, allowing for the efficient allocation and utilization of these resources across multiple users or tenants. Cloud computing relies on virtualization to provide the flexibility, scalability, and isolation required to deliver on-demand services over the internet. Without virtualization, the key characteristics of cloud computing, such as resource pooling, rapid elasticity, and multi-tenancy, would not be possible. Virtualization enables the creation of virtual machines (VMs) or containers that can run

  multiple instances of operating systems and applications on a single physical server.

  Therefore, the statement is true. Without virtualization, there would be no cloud computing as we understand it today.

• Question 2:

  How should an SDLC be modified to address application security in a Cloud Computing environment?

  A. Integrated development environments

  B. Updated threat and trust models

  C. No modification is needed

  D. Just-in-time compilers

  E. Both B and C

  Correct Answer: B

  Changing threat models. The cloud provider relationship and the shared security model will need to be included in the threat model, as well as in any operational and incident response plans. Threat models also need to adapt to reflect the technical differences of the cloud provider or platform in use.

• Question 3:

  What method can be utilized along with data fragmentation to enhance security?

  A. Encryption

  B. Organization

  C. Knowledge management

  D. IDS

  E. Insulation

  Correct Answer: A

  Data fragmentation alone may not provide sufficient security measures to protect data. However, when encryption is combined with data fragmentation, it can significantly enhance security. Encryption ensures that even if an unauthorized entity gains access to fragmented data, the encrypted pieces are unintelligible without the corresponding encryption keys. This adds an additional layer of protection to the fragmented data and helps safeguard its confidentiality.

• Question 4:

  What of the following is NOT an essential characteristic of cloud computing?

  A. Broad Network Access

  B. Measured Service

  C. Third Party Service

  D. Rapid Elasticity

  E. Resource Pooling

  Correct Answer: C

  While third-party services are often associated with cloud computing and can be utilized within cloud environments, they are not considered one of the essential characteristics of cloud computing. The essential characteristics of cloud

  computing, as defined by the National Institute of Standards and Technology (NIST), include:

  On-Demand Self-Service: Users can provision and manage cloud resources without requiring interaction with the cloud provider.

  Broad Network Access: Cloud services are accessible over the network via standard mechanisms.

  Resource Pooling: Cloud provider's computing resources are pooled to serve multiple users, with different physical and virtual resources dynamically assigned and reassigned.

  Rapid Elasticity: Computing resources can be rapidly scaled up or down based on demand.

  Measured Service: Cloud systems automatically control and optimize resource usage, and resource usage can be monitored, controlled, and reported, providing transparency and accountability.

  Therefore, the correct answer is C. Third Party Service.

• Question 5:

  Which of the following statements best defines the "authorization" as a component of identity, entitlement, and access management?

  A. The process of specifying and maintaining access policies

  B. Checking data storage to make sure it meets compliance requirements

  C. Giving a third party vendor permission to work on your cloud solution

  D. Establishing/asserting the identity to the application

  E. Enforcing the rules by which access is granted to the resources

  Correct Answer: E

  E. Enforcing the rules by which access is granted to the resources

  Authorization is the process of determining and enforcing the rules or permissions by which access is granted to specific resources or functionalities within a system. It involves evaluating the privileges and entitlements associated with an identity or user and deciding whether they have the necessary permissions to perform a requested action or access a particular resource.

  Authorization typically works in conjunction with authentication, which verifies the identity of the user or entity requesting access. Once the authentication is successful, the authorization component determines the level of access rights and permissions associated with that identity and enforces them.

  By enforcing access control rules and permissions, authorization ensures that users are only granted access to the resources they are entitled to, based on their role, privileges, or other defined criteria. This helps protect sensitive data, maintain system integrity, and prevent unauthorized access or misuse of resources.

• Question 6:

  When configured properly, logs can track every code, infrastructure, and configuration change and connect it back to the submitter and approver, including the test results.

  A. False

  B. True

  Correct Answer: B

  B. True

  When logs are properly configured, they can track and record every code, infrastructure, and configuration change made within a system or environment. This includes capturing information about the submitter and approver of the changes, as well as any associated test results. Logs play a crucial role in maintaining an audit trail and providing accountability for changes made in a system. By analyzing logs, organizations can track the history of changes, identify potential issues or security breaches, and ensure compliance with policies and regulations. Therefore, the statement is true.

• Question 7:

  How can web security as a service be deployed for a cloud consumer?

  A. By proxying or redirecting web traffic to the cloud provider

  B. By utilizing a partitioned network drive

  C. On the premise through a software or appliance installation

  D. Both A and C

  E. None of the above

  Correct Answer: D

  Web security as a service (WaaS) can be deployed for a cloud consumer through a combination of proxying or redirecting web traffic to the cloud provider and deploying it on-premise through a software or appliance installation.

• Question 8:

  In the Software-as-a-service relationship, who is responsible for the majority of the security?

  A. Application Consumer

  B. Database Manager

  C. Application Developer

  D. Cloud Provider

  E. Web Application CISO

  Correct Answer: D

  In the SaaS model, the cloud provider is responsible for managing and securing the underlying infrastructure, including the network, servers, storage, and physical data centers. They are also responsible for implementing security measures at the platform level, such as access controls, authentication mechanisms, and data encryption.

  The cloud provider ensures the availability, scalability, and reliability of the SaaS application, as well as the protection of customer data stored within the service. They employ various security measures to safeguard against threats and vulnerabilities that could impact the SaaS environment.

• Question 9:

  Which of the following encryption methods would be utilized when object storage is used as the back-end for an application?

  A. Database encryption

  B. Media encryption

  C. Asymmetric encryption

  D. Object encryption

  E. Client/application encryption

  Correct Answer: E

  11.1.4.2 Client-side encryption: When object storage is used as the back-end for an application (including mobile applications), encrypt the data using an encryption engine embedded in the application or client.

• Question 10:

  If the management plane has been breached, you should confirm the templates/configurations for your infrastructure or applications have not also been compromised.

  A. False

  B. True

  Correct Answer: B

  If the management plane of a cloud environment has been breached, it is important to confirm that the templates and configurations for infrastructure or applications have not been compromised as well. The management plane is responsible for managing and controlling the cloud resources, including the templates and configurations used to provision and manage those resources. A breach in the management plane can potentially lead to unauthorized access or modifications to the templates and configurations, compromising the overall security of the cloud environment. Therefore, it is necessary to verify the integrity of these templates and configurations after a management plane breach.