Cloud Security Alliance Cloud Security Alliance Certifications CCSK Questions & Answers

• Question 111:

  Which type of application security testing involves manual activity that is not necessarily integrated into automated testing?

  A. Code Review

  B. Static Application Security Testing (SAST)

  C. Unit Testing

  D. Functional Testing

  E. Dynamic Application Security Testing (DAST)

  Correct Answer: A

• Question 112:

  Which meta-phase does the Cloud Security Alliance use to focus on the security and testing activities when moving code from an isolated development environment to production?

  A. Secure Networking

  B. Secure Scaling

  C. Secure Deployment

  D. Secure Operations

  E. Secure Design and Development

  Correct Answer: C

• Question 113:

  Even with immutable infrastructures, the production environment, should be actively monitored for changes and deviations from approved baselines.

  A. False

  B. True

  Correct Answer: B

  Section 10.1.4 states "Even when using immutable infrastructure, the production environment should still be actively monitored for changes and deviations from approved baselines."

• Question 114:

  Highly regulated industries such as finance and health care should consider the impact of cloud providers operating in diverse geographic locations and ______________.

  A. Virtual environments

  B. Sparsely populated areas

  C. Without licenses

  D. Legal jurisdictions

  E. None of the above

  Correct Answer: D

• Question 115:

  The key concern of data location is:

  A. Assurance that all data requested by legal authorities has been retrieved

  B. Assurance that prohibited locations cannot access the data

  C. Data is located only on redundant storage subsystems with high MTBF (mean time between failures)

  D. Data is stored only in geographic locations permitted by regulations

  E. Data should not be commingled with other customers

  Correct Answer: D

• Question 116:

  ENISA: Licensing Risks refer to:

  A. Use of country-issued drivers licenses for user identification

  B. Cloud provider employees not maintaining operating system license files

  C. Risk that software company may go out of business, leading to expiration of licenses for mission critical software

  D. A traditional software licensing scheme may lead to high costs or lack of compliance in cloud systems

  E. Cloud provider may not have all appropriate government operating licenses

  Correct Answer: D

  R.24 Licensing Risk

  For example, if software is charged on a per instance basis every time a new machine is instantiated then the cloud customer's licensing costs may increase exponentially even though they are using the same number of machine instances for the same duration.

• Question 117:

  Which architecture for hybrid cloud connectivity allows you to connect multiple, different cloud networks to a data center using a single hybrid connection?

  A. Dataconnect

  B. Multiconnect

  C. Transitional

  D. Bastion

  E. Hybrid

  Correct Answer: D

  Page 84: This scenario allows you to connect multiple, different cloud networks to a data center using a single hybrid connection. The cloud user builds a dedicated virtual network for the hybrid connection and then peers any other networks through the designated bastion network.

• Question 118:

  CCM: Which of the following statement about CSA's CCM and Security Guidance is False?

  A. CSA's CCM provides a set of control objective against which an organization should assess cloud security

  B. CSA's Security Guidance tells you WHAT to do, the CCM tells you HOW to do it

  C. CSAs Security Guidance provides a set of best practices and recommendations

  D. CSA's CCM tells you WHAT to do, the Guidance tells you HOW to do it

  Correct Answer: D

• Question 119:

  What are the barriers to developing full confidence in security as a service (SecaaS)?

  A. Federation bridges, software compatibility, and implementation

  B. Delegations, bipartisan tenancy, and implementation

  C. Single tenancy and vendor lock-in

  D. Provisioning, federation, and compliance

  E. Compliance, multi-tenancy, and vendor lock-in

  Correct Answer: E

  Regulation differences: Given global regulatory requirements, SecaaS providers may be unable to assure compliance in all jurisdictions that an organization operates in

  Data leakage: As with any cloud computing service or product, there is always the concern of data from one cloud user leaking to another. SecaaS providers should be held to the highest standards of multitenant isolation and segregation.

  Changing providers: organizations may be concerned about lock-in due to potentially losing access to data, including historical data needed for compliance or investigative support.

• Question 120:

  Of the choices below which option allows for the most interoperability in security authentication in a cloud environment?

  A. XHTML

  B. SAML

  C. SCORM

  D. WEP

  E. WPA or WPA2

  Correct Answer: B

  B. SAML (Security Assertion Markup Language)

  SAML (Security Assertion Markup Language) is designed specifically for interoperable identity and authentication management in a cloud environment. It enables single sign-on (SSO) across different domains and applications by allowing the exchange of authentication and authorization data between parties securely. SAML is widely used for web-based SSO and is a popular choice for integrating security and authentication across various services and applications in a cloud environment.

  The other options (XHTML, SCORM, WEP, WPA or WPA2) are not primarily related to security authentication interoperability in a cloud environment.