Cloud Security Alliance Cloud Security Alliance Certifications CCSK Questions & Answers

• Question 161:

  A key element of the "Destroy" phase of the Data Security Lifecycle is:

  A. Application Security

  B. Crypto-Shredding

  C. Assign Rights

  D. Encryption

  E. Classify

  Correct Answer: B

  B. Crypto-Shredding

  In the "Destroy" phase of the Data Security Lifecycle, a key element is "Crypto-Shredding." Crypto-shredding involves securely deleting sensitive data by destroying the cryptographic keys used to encrypt the data. This ensures that even if the

  encrypted data is retained, it remains unreadable and unrecoverable without the corresponding keys.

  The other options (A, C, D, E) might be relevant in the broader context of data security, but they are not specifically associated with the "Destroy" phase and the concept of securely removing data.

• Question 162:

  CCM: A hypothetical start-up company called "CertBus4Sure" provides a cloud based IT management solution. They are growing rapidly and have some security measures in place but the employees are still using their personal mobile devices for storing and communicating company confidential information. So they decide to provide the employees with company mobile devices and implement a Mobile Device Management policy. Two months later, a customer wants to review CertBus4Sure's mobile device security practices. Which of the following basic protection measures should the client look for in the company's Mobile Device Management policy?

  A. Registration of mobile devices

  B. Requirements for physical protection

  C. Requirements for mobile device software versions and for applying patches

  D. Malware protection

  E. All of the above

  Correct Answer: E

• Question 163:

  What is a benefit of application security in a cloud environment?

  A. Increased application scope

  B. Limited detailed visibility

  C. Reduced transparency

  D. Non-uni ed interface

  E. Isolated environments

  Correct Answer: E

  E. Isolated environments

  A benefit of application security in a cloud environment is the concept of isolated environments. Cloud environments can provide the ability to isolate applications and their associated resources from each other. This isolation helps prevent the

  impact of security incidents or breaches in one application from affecting others. It adds a layer of protection and containment, contributing to overall security and reducing the potential for cross-application vulnerabilities or exploits.

  The other options (A, B, C, D) do not accurately describe benefits of application security in a cloud environment.

• Question 164:

  You have a business relationship with a cloud provider for all sales management functionality. Through the APIs and SDKs, you have customized the interface and some functionality, but the back end service is done through the cloud provider. In this relationship, which service is completed by the cloud provider?

  A. Software-as-a-service (SaaS)

  B. Platform-as-a-service (PaaS)

  C. Desktop-as-a-service (DaaS)

  D. Infrastructure-as-a-service (IaaS)

  E. Identity-as-a-service (IDaaS)

  Correct Answer: B

  B. Platform-as-a-service (PaaS)

  In the described scenario, where you have a business relationship with a cloud provider and you are customizing the interface and functionality through APIs and SDKs while relying on the cloud provider's back-end service, the service model is Platform-as-a-Service (PaaS). In a PaaS model, the cloud provider offers a platform that allows you to develop, deploy, and manage applications while handling the underlying infrastructure, including servers, storage, and networking. You are responsible for customizing the applications and their functionality, while the cloud provider takes care of the platform and infrastructure.

• Question 165:

  Absent other evidence, such as tampering or hacking, documents should not be considered more or less admissible or credible because they were created or stored in the cloud.

  A. True

  B. False

  Correct Answer: A

  A. True

  Absent other evidence such as tampering or hacking, documents should not be considered more or less admissible or credible solely because they were created or stored in the cloud. The method of storage or creation, such as using cloud services, should not inherently impact the admissibility or credibility of documents in a legal context. The focus should be on the authenticity, integrity, and reliability of the documents themselves, regardless of where they are stored.

• Question 166:

  What are the encryption options available for SaaS consumers?

  A. Provider-managed and (sometimes) proxy encryption

  B. Any encryption option that is available for volume storage, object storage, or PaaS

  C. Volume storage encryption

  D. Client/application and file/folder encryption

  E. Object encryption

  Correct Answer: A

  A. Provider-managed and (sometimes) proxy encryption

  The encryption options available for Software-as-a-Service (SaaS) consumers typically include provider-managed encryption, where the SaaS provider handles encryption and decryption of data, and sometimes proxy encryption, where the

  consumer encrypts data before sending it to the SaaS application through a proxy. These options help enhance the security of data within the SaaS environment.

  Option B is not accurate because SaaS encryption options might differ from those available for volume storage, object storage, or Platform-as-a-Service (PaaS).

  Options C, D, and E are not specifically representative of encryption options available for SaaS consumers.

• Question 167:

  When the application components communicate directly with the cloud service, the management plane and metastructure might fall within the application security scope.

  A. True

  B. False

  Correct Answer: A

  A. True

  The management plane and metastructure may now be within the application security scope, especially when the application components communicate directly with the cloud service.

• Question 168:

  In the case of Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) the responsibility to effectively manage the security of the application running in the cloud primarily belongs to who?

  A. The cloud consumer's administrators

  B. The internet service provider (ISP)

  C. The government

  D. The software as a service (SaaS) provider

  E. The provider's system administrators

  Correct Answer: A

  A. The cloud consumer's administrators

  In the case of Infrastructure as a Service (IaaS) or Platform as a Service (PaaS), the responsibility to effectively manage the security of the application running in the cloud primarily belongs to the cloud consumer's administrators. While the cloud provider is responsible for the security of the underlying infrastructure and platform, the cloud consumer is responsible for securing the applications, data, and configurations that they deploy on top of that infrastructure or platform. This is known as the shared responsibility model in cloud computing.

• Question 169:

  At a minimum, how often should incident response testing occur?

  A. Monthly

  B. Quarterly

  C. Whenever an event occurs

  D. Semi-annually

  E. Annually and whenever a significant change occurs

  Correct Answer: E

  Security Guideance:9.2 Recommendations - Testing will be conducted at least annually or whenever there are significant changes to the application architecture. Customers should seek to integrate their testing procedures with that of their provider (and other partners) to the greatest extent possible.

• Question 170:

  CCM: A hypothetical company called "CertBus4Sure" provides a cloud based service to share con dential documents. The con dential documents are stored in their servers and are encrypted. How will CertBus4Sure ensure the protection of client data within their data center?

  A. Audit plans should not be adopted and supported by the most senior governing elements of the organization (e.g. the board and the management)

  B. Encrypt the data at rest and put in place appropriate measures for management of encryption keys

  C. Implement redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, re suppression) and various security devices

  D. Use a secure transfer channel (i.e. TLS)

  Correct Answer: B

  To ensure the protection of client data within their data center, Security4Sure should encrypt the data at rest. Encrypting data at rest helps safeguard sensitive information even if physical access to the servers is obtained.

  Additionally, Security4Sure should put in place appropriate measures for the management of encryption keys. Proper key management ensures that only authorized individuals have access to the encryption keys, which are crucial for decrypting the data.