Cloud Security Alliance Cloud Security Alliance Certifications CCSK Questions & Answers

• Question 131:

  Which part of the incident response process is greatly complicated by the resource pooling and rapid elasticity of cloud infrastructure?

  A. Recovery

  B. Ballistics

  C. Detection

  D. Forensics

  E. Preparation

  Correct Answer: D

• Question 132:

  What best describes the tradeoff of Infrastructure as a Service as compared to other cloud service models?

  A. Less security features and greater extensibility

  B. Greater initial costs and greater security features

  C. Lower initial costs and greater long terms costs

  D. Greater security features and less extensibility

  E. Lower initial cost and greater security features

  Correct Answer: C

  IaaS models typically have lower upfront costs because they eliminate the need for businesses to invest in expensive hardware. Instead, infrastructure (like servers, storage, and networking) is provided over the internet on a pay-as-you-go basis. This model allows businesses to start small and scale up as needed, without the heavy initial investment in physical infrastructure.

• Question 133:

  How can you monitor and filter data in a virtual network when traffic might not cross the physical network?

  A. Route traffic to the physical network for capturing

  B. Route traffic to a virtual appliance on the same virtual network

  C. Route traffic to a virtual network monitoring or filtering tool on the same hardware

  D. A and B

  E. B and C

  Correct Answer: E

  To monitor and filter data in a virtual network when traffic might not cross the physical network, you can use the following methods:

  B. Route traffic to a virtual appliance on the same virtual network: You can direct the network traffic within the virtual environment to a virtual appliance, which could be a dedicated monitoring or filtering tool. This appliance can analyze and filter the traffic within the virtual network itself.

  C. Route traffic to a virtual network monitoring or filtering tool on the same hardware: Virtual network monitoring or filtering tools can run on the same hardware as the virtual machines and monitor the traffic directly within the virtual environment.

  Option D (A and B) suggests routing traffic to the physical network, which might not be feasible or efficient in virtualized environments where traffic often stays within the virtual network.

• Question 134:

  Which concept is defined as the unique expression of an entity within a given namespace?

  A. Persona

  B. Role

  C. Attribute

  D. Identifier

  E. Identity

  Correct Answer: E

  Identity: the unique expression of an entity within a given namespace. An entity can have multiple digital identities, such as a single individual having a work identity (or even multiple identities, depending on the systems), a social media identity, and a personal identity.

• Question 135:

  What is a method used to decouple the network control plane from the data plane?

  A. Information Management Policies

  B. Multitenancy

  C. Network Intrusion Detect on Systems (NIDS)

  D. Software defined Networking (SDN)

  E. Virtual LANs (VLANs)

  Correct Answer: D

  SecGuiV4 P.79

  D: Software Defined Networking (SDN): A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data plane. This allows us to abstract networking from the traditional limitations of a LAN

• Question 136:

  For cloud consumers to be able to properly configure and manage their network security, what must cloud providers do?

  A. Expose security controls

  B. Provide security templates

  C. Configure a default deny and enable controls as requested

  D. Provide administrator access to the tenant

  E. Provide API access

  Correct Answer: A

  A. Expose security controls

  For cloud consumers to be able to properly configure and manage their network security, cloud providers must expose security controls. Cloud providers should provide customers with the necessary tools, interfaces, and options to configure and manage security settings and controls according to their specific needs and requirements. This allows cloud consumers to define and implement their desired security policies, firewall rules, access controls, and other security measures within the cloud environment.

  While options B, C, and E might also play a role in facilitating cloud consumer control over network security, option A directly addresses the need for cloud providers to expose security controls, enabling consumers to have the flexibility and control to configure their network security settings.

• Question 137:

  What is true of Software defined Network firewalls?

  A. They are policy sets that can only be applied to similar grouped assets

  B. They require the use of static IP addresses

  C. They are more difficult to manage

  D. They are limited based on physical topology

  E. They are not limited based on physical topology

  Correct Answer: E

• Question 138:

  Which deployment model is commonly used to describe a non-cloud data center bridged directly to a cloud provider?

  A. Hosted Cloud

  B. Hybrid Cloud

  C. Community Cloud

  D. Private Cloud

  E. Public Cloud

  Correct Answer: B

  Hybrid is also commonly used to describe a non-cloud data center bridged directly to a cloud provider

• Question 139:

  What is a core tenant of risk management?

  A. If there is still residual risk after assessments and controls are in place, you must accept the risk.

  B. Risk insurance covers all financial losses, including loss of customers.

  C. The consumers are completely responsible for all risk.

  D. The provider is accountable for all risk management.

  E. You can manage, transfer, accept, or avoid risks.

  Correct Answer: E

  loud risk management tools The following processes help form the foundation of managing risk in cloud computing deployments. One of the core tenants of risk management is that you can manage, transfer, accept, or avoid risks. But everything starts with a proper assessment:

  The supplier assessment sets the groundwork for the cloud risk management program: * Request or acquire documentation. * Review their security program and documentation. * Review any legal, regulatory, contractual, and jurisdictional requirements for both the provider and yourself. (See the Domain 3: Legal for more.) * Evaluate the contracted service in the context of your information assets. * Separately evaluate the overall provider, such as finances/stability, reputation, and outsourcers.

• Question 140:

  The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what?

  A. The size of the cloud computing environment

  B. The value of the information at risk

  C. The operating system and firewall type

  D. Whether the cloud is IaaS, PaaS, or SaaS

  E. Both A and C

  Correct Answer: B