New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Certensure Logo
  1. Home
  2. Cloud Security Alliance
  3. Cloud Security Knowledge
  4. CCSK - Certificate of Cloud Security Knowledge (v5.0)

Cloud Security Alliance CCSK Certificate of Cloud Security Knowledge (v5.0) Exam Practice Test

Demo: 53 questions
Total 177 questions
Get CCSK Full Access Download CCSK PDF

Certificate of Cloud Security Knowledge (v5.0) Questions and Answers

Question 1

Which of the following items is NOT an example of Security as a Service (SecaaS)?

Options:

A.

Spam filtering

B.

Authentication

C.

Provisioning

D.

Web filtering

E.

Intrusion detection

Question 2

Which cloud storage technology is basically a virtual hard drive for instanced or VMs?

Options:

A.

Volume storage

B.

Platform

C.

Database

D.

Application

E.

Object storage

Question 3

When designing an encryption system, you should start with a threat model.

Options:

A.

False

B.

True

Question 4

All cloud services utilize virtualization technologies.

Options:

A.

False

B.

True

Question 5

To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?

Options:

A.

Provider documentation

B.

Provider run audits and reports

C.

Third-party attestations

D.

Provider and consumer contracts

E.

EDiscovery tools

Question 6

ENISA: A reason for risk concerns of a cloud provider being acquired is:

Options:

A.

Arbitrary contract termination by acquiring company

B.

Resource isolation may fail

C.

Provider may change physical location

D.

Mass layoffs may occur

E.

Non-binding agreements put at risk

Question 7

How can web security as a service be deployed for a cloud consumer?

Options:

A.

By proxying or redirecting web traffic to the cloud provider

B.

By utilizing a partitioned network drive

C.

On the premise through a software or appliance installation

D.

Both A and C

E.

None of the above

Question 8

Select the statement below which best describes the relationship between identities and attributes

Options:

A.

Attributes belong to entities and identities belong to attributes. Each attribute can have multiple identities but only one entity.

B.

An attribute is a unique object within a database. Each attribute it has a number of identities which help define its parameters.

C.

An identity is a distinct and unique object within a particular namespace. Attributes are properties which belong to an identity. Each identity can have multiple attributes.

D.

Attributes are made unique by their identities.

E.

Identities are the network names given to servers. Attributes are the characteristics of each server.

Question 9

ENISA: Which is not one of the five key legal issues common across all scenarios:

Options:

A.

Data protection

B.

Professional negligence

C.

Globalization

D.

Intellectual property

E.

Outsourcing services and changes in control

Question 10

CCM: The Architectural Relevance column in the CCM indicates the applicability of the cloud security control to which of the following elements?

Options:

A.

Service Provider or Tenant/Consumer

B.

Physical, Network, Compute, Storage, Application or Data

C.

SaaS, PaaS or IaaS

Question 11

What are the primary security responsibilities of the cloud provider in the management infrastructure?

Options:

A.

Building and properly configuring a secure network infrastructure

B.

Configuring second factor authentication across the network

C.

Properly configuring the deployment of the virtual network, especially the firewalls

D.

Properly configuring the deployment of the virtual network, except the firewalls

E.

Providing as many API endpoints as possible for custom access and configurations

Question 12

The containment phase of the incident response lifecycle requires taking systems offline.

Options:

A.

False

B.

True

Question 13

Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?

Options:

A.

Code Review

B.

Static Application Security Testing (SAST)

C.

Unit Testing

D.

Functional Testing

E.

Dynamic Application Security Testing (DAST)

Question 14

What should every cloud customer set up with its cloud service provider (CSP) that can be utilized in the event of an incident?

Options:

A.

A data destruction plan

B.

A communication plan

C.

A back-up website

D.

A spill remediation kit

E.

A rainy day fund

Question 15

How does virtualized storage help avoid data loss if a drive fails?

Options:

A.

Multiple copies in different locations

B.

Drives are backed up, swapped, and archived constantly

C.

Full back ups weekly

D.

Data loss is unavoidable with drive failures

E.

Incremental backups daily

Question 16

Which statement best describes the impact of Cloud Computing on business continuity management?

Options:

A.

A general lack of interoperability standards means that extra focus must be placed on the security aspects of migration between Cloud providers.

B.

The size of data sets hosted at a Cloud provider can present challenges if migration to another provider becomes necessary.

C.

Customers of SaaS providers in particular need to mitigate the risks of application lock-in.

D.

Clients need to do business continuity planning due diligence in case they suddenly need to switch providers.

E.

Geographic redundancy ensures that Cloud Providers provide highly available services.

Question 17

What is true of security as it relates to cloud network infrastructure?

Options:

A.

You should apply cloud firewalls on a per-network basis.

B.

You should deploy your cloud firewalls identical to the existing firewalls.

C.

You should always open traffic between workloads in the same virtual subnet for better visibility.

D.

You should implement a default allow with cloud firewalls and then restrict as necessary.

E.

You should implement a default deny with cloud firewalls.

Question 18

How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?

Options:

A.

Use strong multi-factor authentication

B.

Secure backup processes for key management systems

C.

Segregate keys from the provider hosting data

D.

Stipulate encryption in contract language

E.

Select cloud providers within the same country as customer

Question 19

Which governance domain deals with evaluating how cloud computing affects compliance with internal

security policies and various legal requirements, such as regulatory and legislative?

Options:

A.

Legal Issues: Contracts and Electronic Discovery

B.

Infrastructure Security

C.

Compliance and Audit Management

D.

Information Governance

E.

Governance and Enterprise Risk Management

Question 20

Who is responsible for the security of the physical infrastructure and virtualization platform?

Options:

A.

The cloud consumer

B.

The majority is covered by the consumer

C.

It depends on the agreement

D.

The responsibility is split equally

E.

The cloud provider

Question 21

What is the newer application development methodology and philosophy focused on automation of application development and deployment?

Options:

A.

Agile

B.

BusOps

C.

DevOps

D.

SecDevOps

E.

Scrum

Question 22

What item below allows disparate directory services and independent security domains to be interconnected?

Options:

A.

Coalition

B.

Cloud

C.

Intersection

D.

Union

E.

Federation

Question 23

Which opportunity helps reduce common application security issues?

Options:

A.

Elastic infrastructure

B.

Default deny

C.

Decreased use of micro-services

D.

Segregation by default

E.

Fewer serverless configurations

Question 24

ENISA: “VM hopping” is:

Options:

A.

Improper management of VM instances, causing customer VMs to be commingled with other customer systems.

B.

Looping within virtualized routing systems.

C.

Lack of vulnerability management standards.

D.

Using a compromised VM to exploit a hypervisor, used to take control of other VMs.

E.

Instability in VM patch management causing VM routing errors.

Question 25

Which data security control is the LEAST likely to be assigned to an IaaS provider?

Options:

A.

Application logic

B.

Access controls

C.

Encryption solutions

D.

Physical destruction

E.

Asset management and tracking

Question 26

Which of the following is one of the five essential characteristics of cloud computing as defined by NIST?

Options:

A.

Multi-tenancy

B.

Nation-state boundaries

C.

Measured service

D.

Unlimited bandwidth

E.

Hybrid clouds

Question 27

Your SLA with your cloud provider ensures continuity for all services.

Options:

A.

False

B.

True

Question 28

How can Identity and Access Management (IAM) policies on keys ensure adherence to the principle of least privilege?

Options:

A.

By rotating keys on a regular basis

B.

By using default policies for all keys

C.

By specifying fine-grained permissions

D.

By granting root access to administrators

Question 29

Why is early integration of pre-deployment testing crucial in a cybersecurity project?

Options:

A.

It identifies issues before full deployment, saving time and resources.

B.

It increases the overall testing time and costs.

C.

It allows skipping final verification tests.

D.

It eliminates the need for continuous integration.

Question 30

Which of the following strategies best enhances infrastructure resilience against Cloud Service Provider (CSP) technical failures?

Options:

A.

Local backup

B.

Multi-region resiliency

C.

Single-region resiliency

D.

High Availability within one data center

Question 31

Which best practice is recommended when securing object repositories in a cloud environment?

Options:

A.

Using access controls as the sole security measure

B.

Encrypting all objects in the repository

C.

Encrypting the access paths only

D.

Encrypting only sensitive objects

Question 32

According to NIST, what is cloud computing defined as?

Options:

A.

A shared set of resources delivered over the Internet

B.

A model for more-efficient use of network-based resources

C.

A model for on-demand network access to a shared pool of configurable resources

D.

Services that are delivered over the Internet to customers

Question 33

How does artificial intelligence pose both opportunities and risks in cloud security?

Options:

A.

AI enhances security without any adverse implications

B.

AI mainly reduces manual work with no significant security impacts

C.

AI enhances detection mechanisms but could be exploited for sophisticated attacks

D.

AI is only beneficial in data management, not security

Question 34

What is the primary focus during the Preparation phase of the Cloud Incident Response framework?

Options:

A.

Developing a cloud service provider evaluation criterion

B.

Deploying automated security monitoring tools across cloud services

C.

Establishing a Cloud Incident Response Team and response plans

D.

Conducting regular vulnerability assessments on cloud infrastructure

Question 35

What is the primary purpose of secrets management in cloud environments?

Options:

A.

Optimizing cloud infrastructure performance

B.

Managing user authentication for human access

C.

Securely handling stored authentication credentials

D.

Monitoring network traffic for security threats

Question 36

In a containerized environment, what is fundamental to ensuring runtime protection for deployed containers?

Options:

A.

Implementing real-time visibility

B.

Deploying container-specific antivirus scanning

C.

Using static code analysis tools in the pipeline

D.

Full packet network monitoring

Question 37

What tool allows teams to easily locate and integrate with approved cloud services?

Options:

A.

Contracts

B.

Shared Responsibility Model

C.

Service Registry

D.

Risk Register

Question 38

Which practice ensures container security by preventing post-deployment modifications?

Options:

A.

Implementing dynamic network segmentation policies

B.

Employing Role-Based Access Control (RBAC) for container access

C.

Regular vulnerability scanning of deployed containers

D.

Use of immutable containers

Question 39

In the shared security model, how does the allocation of responsibility vary by service?

Options:

A.

Shared responsibilities should be consistent across all services.

B.

Based on the per-service SLAs for security.

C.

Responsibilities are the same across IaaS, PaaS, and SaaS in the shared model.

D.

Responsibilities are divided between the cloud provider and the customer based on the service type.

Question 40

Which factors primarily drive organizations to adopt cloud computing solutions?

Options:

A.

Scalability and redundancy

B.

Improved software development methodologies

C.

Enhanced security and compliance

D.

Cost efficiency and speed to market

Question 41

What is a key advantage of using Policy-Based Access Control (PBAC) for cloud-based access management?

Options:

A.

PBAC eliminates the need for defining and managing user roles and permissions.

B.

PBAC is easier to implement and manage compared to Role-Based Access Control (RBAC).

C.

PBAC allows enforcement of granular, context-aware security policies using multiple attributes.

D.

PBAC ensures that access policies are consistent across all cloud providers and platforms.

Question 42

In a cloud environment, what does the Shared Security Responsibility Model primarily aim to define?

Options:

A.

The division of security responsibilities between cloud providers and customers

B.

The relationships between IaaS, PaaS, and SaaS providers

C.

The compliance with geographical data residency and sovereignty

D.

The guidance for the cloud compliance framework

Question 43

Which activity is a critical part of the Post-Incident Analysis phase in cybersecurity incident response?

Options:

A.

Notifying affected parties

B.

Isolating affected systems

C.

Restoring services to normal operations

D.

Documenting lessons learned and improving future responses

Question 44

What goal is most directly achieved by implementing controls and policies that aim to provide a complete view of data use and exposure in a cloud environment?

Options:

A.

Enhancing data governance and compliance

B.

Simplifying cloud service integrations

C.

Increasing cloud data processing speed

D.

Reducing the cost of cloud storage

Question 45

What is the primary reason dynamic and expansive cloud environments require agile security approaches?

Options:

A.

To reduce costs associated with physical hardware

B.

To simplify the deployment of virtual machines

C.

To quickly respond to evolving threats and changing infrastructure

D.

To ensure high availability and load balancing

Question 46

How does the variability in Identity and Access Management (IAM) systems across cloud providers impact a multi-cloud strategy?

Options:

A.

Adds complexity by requiring separate configurations and integrations.

B.

Ensures better security by offering diverse IAM models.

C.

Reduces costs by leveraging different pricing models.

D.

Simplifies the management by providing standardized IAM protocols.

Question 47

Which feature in cloud enhances security by isolating deployments similar to deploying in distinct data centers?

Options:

A.

A single deployment for all applications

B.

Shared deployments for similar applications

C.

Randomized deployment configurations

D.

Multiple independent deployments for applications

Question 48

Which of the following best describes how cloud computing manages shared resources?

Options:

A.

Through virtualization, with administrators allocating resources based on SLAs

B.

Through abstraction and automation to distribute resources to customers

C.

By allocating physical systems to a single customer at a time

D.

Through manual configuration of resources for each user need

Question 49

Which of the following best describes the primary purpose of cloud security frameworks?

Options:

A.

To implement detailed procedural instructions for security measures

B.

To organize control objectives for achieving desired security outcomes

C.

To ensure compliance with all regulatory requirements

D.

To provide tools for automated security management

Question 50

What is the primary purpose of cloud governance in an organization?

Options:

A.

To increase data transfer speeds within the cloud environment

B.

To reduce the cost of cloud services

C.

To ensure compliance, security, and efficient management aligned with the organization's goals

D.

To eliminate the need for on-premises data centers

Question 51

What is the primary goal of implementing DevOps in a software development lifecycle?

Options:

A.

To create a separation between development and operations

B.

To eliminate the need for IT operations by automating all tasks

C.

To enhance collaboration between development and IT operations for efficient delivery

D.

To reduce the development team size by merging roles

Question 52

How does cloud sprawl complicate security monitoring in an enterprise environment?

Options:

A.

Cloud sprawl disperses assets, making it harder to monitor assets.

B.

Cloud sprawl centralizes assets, simplifying security monitoring.

C.

Cloud sprawl reduces the number of assets, easing security efforts.

D.

Cloud sprawl has no impact on security monitoring.

Question 53

Which of the following is a common security issue associated with serverless computing environments?

Options:

A.

High operational costs

B.

Misconfigurations

C.

Limited scalability

D.

Complex deployment pipelines

Load More CCSK Questions
Demo: 53 questions
Total 177 questions
Get CCSK Full Access Download CCSK PDF