Cloud Security Alliance Cloud Security Alliance Certifications CCSK Questions & Answers

• Question 171:

  ENISA: Which of the following is among the vulnerabilities contributing to a high risk ranking for Network Management?

  A. User provisioning vulnerabilities

  B. AAA vulnerabilities

  C. System or O/S vulnerabilities

  D. Hypervisor vulnerabilities

  E. Inadequate physical security procedures

  Correct Answer: C

  C. System or O/S vulnerabilities

  According to ENISA (European Union Agency for Cybersecurity), among the vulnerabilities contributing to a high risk ranking for Network Management, system or operating system (O/S) vulnerabilities can be a significant factor. System or O/ S vulnerabilities refer to weaknesses or flaws in the operating systems or software running within the network management environment. These vulnerabilities can be exploited to gain unauthorized access, disrupt services, or compromise the security of network management systems.

• Question 172:

  When Configuring SDN firewalls, after adding all assets, what is typically the rst configuration you must address?

  A. Creating update rules

  B. Configuring additional access

  C. Disconnecting previous firewalls

  D. Opening connections

  E. Configuring logging

  Correct Answer: D

  D. Opening connections

  When configuring Software-Defined Network (SDN) firewalls, after adding all assets, the first configuration that is typically addressed is opening connections. This involves configuring the necessary rules to allow desired traffic to flow between different assets or components within the network. This step is crucial to ensure that legitimate communication can occur while still enforcing security policies and access controls.

• Question 173:

  Identified issues, risks, and recommended remediations are included when determining compliance.

  A. True

  B. False

  Correct Answer: A

  Audits and assessments are mechanisms to document compliance with internal or external requirements (or identify deficiencies). Reporting needs to include a compliance determination, as well as a list of identified issues, risks, and remediation recommendations.

• Question 174:

  Which common component of big data is focused on the mechanisms used to ingest large volumes of data, often of a streaming nature?

  A. Distributed processing

  B. Distributed storage

  C. Distributed attribution

  D. Distributed data collection

  E. Distributed information

  Correct Answer: D

  D: Distributed data collection SegGuiV4 p.147 - Distributed data collection: Mechanisms to ingest large volumes of data, often of a streaming nature. This could be as “lightweight” as web-click streaming analytics and as complex as highly distributed scientific imaging or sensor data. Not all big data relies on distributed or streaming data collection, but it is a core big data technology.

• Question 175:

  Which statement best describes a data (information) dispersion fragmentation scheme?

  A. A network is split into nodes; all of the nodes store only certain types of files.

  B. Fragmented files are signed and stored together on a local server; data retrieval is arbitrary.

  C. File fragments are sequentially placed on servers based on the physical location of the data user.

  D. A cloud is split into cloudlets; each cloudlet stores a portion of the files based on an encryption algorithm.

  E. A file is split into fragments; all of the fragments are sent to multiple physical storage repositories.

  Correct Answer: E

  E: data dispersion (sometimes also known as data fragmentation of bit splitting). This process takes chunks of data, breaks them up, and then stores multiple copies on different physical storage to provide high durability. Data stored in this way is thus physically dispersed. A single file, for example, would not be located on a single hard drive.

• Question 176:

  To increase network isolation, you should use SDN capabilities for multiple networks and cloud accounts or segments.

  A. False

  B. True

  Correct Answer: B

  B. True

  To increase network isolation, you should indeed use Software-Defined Networking (SDN) capabilities for multiple networks and cloud accounts or segments. SDN allows you to create and manage virtual networks with specific segmentation and isolation, enhancing security and control by logically separating different parts of your infrastructure and preventing unauthorized access between them. This can be particularly useful in multi-tenant cloud environments where various customers' resources need to be isolated from each other.

• Question 177:

  Installing security software designed for physical servers onto a virtualized server can result in severe degradation in performance.

  A. False

  B. True

  Correct Answer: B

  B. True

  Installing security software designed for physical servers onto a virtualized server can result in severe degradation in performance. Security software that is not optimized for virtual environments may consume excessive resources, such as CPU and memory, leading to reduced performance and potentially impacting the overall efficiency and scalability of the virtualized environment. It's important to use security solutions that are specifically designed for virtualized environments to avoid such performance issues.

• Question 178:

  CCM: A hypothetical company called "lnfrastructure4Sure" provides Infrastructure as a Service (IaaS) to its clients. A customer wants to review Infrastructure4Sure's hypervisor security implementation measures. Which of the following measures should Infrastructure4Sure implement?

  A. Choose a hypervisor with a smaller footprint for a reduced attack surface.

  B. Harden the hypervisor's configuration to increase areas of vulnerability (e.g., disabling memory sharing between VMs running within the same hypervisor hosts).

  C. Connect unused physical hardware devices and enable clipboard or le-sharing services.

  D. Monitor for signs of compromise by analyzing hypervisor logs on an ongoing basis.

  E. A and D

  Correct Answer: E

  A. Choose a hypervisor with a smaller footprint for a reduced attack surface.

  D. Monitor for signs of compromise by analyzing hypervisor logs on an ongoing basis.

  For securing the hypervisor in an Infrastructure as a Service (IaaS) environment, Infrastructure4Sure should choose a hypervisor with a smaller footprint, which reduces the attack surface by minimizing unnecessary components and

  functionalities that could be exploited.

  Additionally, Infrastructure4Sure should monitor for signs of compromise by regularly analyzing hypervisor logs. Monitoring logs helps detect any suspicious or unauthorized activities that might indicate a security breach or compromise.

• Question 179:

  CCM: What security requirements does the Identity and Access Management domain in the CCM address?

  A. The requirement to ensure that all files are properly backed up.

  B. The requirement to ensure inappropriate access to resources and to enable the right individuals to access the right resources.

  C. There is no such domain as Identity and Access Management in the CCM.

  D. The requirement to ensure appropriate access to resources and to enable the right individuals to access the right resources at the right times for the right reasons.

  Correct Answer: D

• Question 180:

  Which of the following cloud deployment models represents a composition of two or more clouds that remain unique identities but are bound together by standardized or proprietary technology that enables data and application portability?

  A. Public cloud

  B. Hybrid cloud

  C. Community cloud

  D. Segregated cloud

  E. None of the above

  Correct Answer: B

  Answer is Hybrid cloud - 1.1.2.3: Hybrid Cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or