What is true of security as it relates to cloud network infrastructure?
A. You should apply cloud firewalls on a per-network basis.
B. You should deploy your cloud firewalls identical to the existing firewalls.
C. You should always open traffic between workloads in the same virtual subnet for better visibility.
D. You should implement a default allow with cloud firewalls and then restrict as necessary.
E. You should implement a default deny with cloud firewalls.
Which statement best describes the impact of Cloud Computing on business continuity management?
A. A general lack of interoperability standards means that extra focus must be placed on the security aspects of migration between Cloud providers.
B. The size of data sets hosted at a Cloud provider can present challenges if migration to another provider becomes necessary.
C. Customers of SaaS providers in particular need to mitigate the risks of application lock-in.
D. Clients need to do business continuity planning due diligence in case they suddenly need to switch providers.
E. Geographic redundancy ensures that Cloud Providers provide highly available services.
CCM: In the CCM tool, `Encryption and Key Management` is an example of which of the following?
A. Risk Impact
B. Domain
C. Control Specification
In volume storage, what method is often used to support resiliency and security?
A. proxy encryption
B. data rights management
C. hypervisor agents
D. data dispersion
E. random placement
Network logs from cloud providers are typically flow records, not full packet captures.
A. False
B. True
Select the best definition of `compliance` from the options below.
A. The development of a routine that covers all necessary security measures.
B. The diligent habits of good security practices and recording of the same.
C. The timely and efficient ling of security reports.
D. The awareness and adherence to obligations, including the assessment and prioritization of corrective actions deemed necessary and appropriate.
E. The process of completing all forms and paperwork necessary to develop a defensible paper trail.
Which concept provides the abstraction needed for resource pools?
A. Virtualization
B. Applistructure
C. Hypervisor
D. Metastructure
E. Orchestration
Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?
A. Access control
B. Federated Identity Management
C. Authoritative source
D. Entitlement
E. Authentication
ENISA: `VM hopping` is:
A. Improper management of VM instances, causing customer VMs to be commingled with other customer systems.
B. Looping within virtualized routing systems.
C. Lack of vulnerability management standards.
D. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.
E. Instability in VM patch management causing VM routing errors.
How can virtual machine communications bypass network security controls?
A. VM communications may use a virtual network on the same hardware host
B. The guest OS can invoke stealth mode
C. Hypervisors depend upon multiple network interfaces
D. VM images can contain rootkits programmed to bypass firewalls
E. Most network security systems do not recognize encrypted VM traffic
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cloud Security Alliance exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CCSK exam preparations and Cloud Security Alliance certification application, do not hesitate to visit our Vcedump.com to find your solutions here.