Practice Free CCSK Exam Online Questions
CCM: The Architectural Relevance column in the CCM indicates the applicability of the cloud security control to which of the following elements?
- A . Service Provider or Tenant/Consumer
- B . Physical, Network, Compute, Storage, Application or Data
- C . SaaS, PaaS or IaaS
Who is responsible for the security of the physical infrastructure and virtualization platform?
- A . The cloud consumer
- B . The majority is covered by the consumer
- C . It depends on the agreement
- D . The responsibility is split equally
- E . The cloud provider
If the management plane has been breached, you should confirm the templates/configurations for your infrastructure or applications have not also been compromised.
- A . False
- B . True
What can be implemented to help with account granularity and limit blast radius with laaS an PaaS?
- A . Configuring secondary authentication
- B . Establishing multiple accounts
- C . Maintaining tight control of the primary account holder credentials
- D . Implementing least privilege accounts
- E . Configuring role-based authentication
Why is a service type of network typically isolated on different hardware?
- A . It requires distinct access controls
- B . It manages resource pools for cloud consumers
- C . It has distinct functions from other networks
- D . It manages the traffic between other networks
- E . It requires unique security
ENISA: An example high risk role for malicious insiders within a Cloud Provider includes
- A . Sales
- B . Marketing
- C . Legal counsel
- D . Auditors
- E . Accounting
Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?
- A . Inspect and account for risks inherited from other members of the cloud supply chain and take active measures to mitigate and contain risks through operational resiliency.
- B . Respect the interdependency of the risks inherent in the cloud supply chain and communicate the corporate risk posture and readiness to consumers and dependent parties.
- C . Negotiate long-term contracts with companies who use well-vetted software application to avoid the transient nature of the cloud environment.
- D . Provide transparency to stakeholders and shareholders demonstrating fiscal solvency and organizational transparency.
- E . Both B and C.
Which of the following is a primary purpose of establishing cloud risk registries?
- A . In order to establish cloud service level agreements
- B . To monitor real-lime cloud performance
- C . To manage and update cloud account credentials
- D . Identify and manage risks associated with cloud services
D
Explanation:
A cloud risk registry is primarily used to identify and manage risks associated with cloud services. It serves as a tool for documenting, tracking, and assessing potential risks to the organization that arise from using cloud services. This includes risks related to security, compliance, availability, and performance. The risk registry helps organizations prioritize and mitigate these risks effectively to ensure the security and resilience of their cloud infrastructure.
Establishing SLAs is related to cloud contract management but not the primary purpose of a risk registry. Monitoring real-time cloud performance is a performance monitoring task, not the focus of a risk registry. Managing cloud account credentials is an aspect of identity and access management, not related to risk registries.
Which Cloud Service Provider (CSP) security measure is primarily used to filter and monitor HTTP requests to protect against SQL injection and XSS attacks?
- A . CSP firewall
- B . Virtual Appliance
- C . Web Application Firewall
- D . Intrusion Detection System
C
Explanation:
A Web Application Firewall (WAF) is primarily used to filter and monitor HTTP requests to protect web applications from various types of attacks, including SQL injection and cross-site scripting (XSS). WAFs work by analyzing incoming traffic and blocking malicious requests based on predefined rules or patterns, thus preventing attackers from exploiting vulnerabilities in web applications.
CSP firewall is more focused on general network security, not specifically on application layer attacks like SQL injection or XSS. Virtual Appliance refers to a virtualized instance of a security appliance, but it is not specifically designedfor protecting against SQL injection and XSS attacks like a WAF. Intrusion Detection System (IDS) is used for detecting suspicious network activity and potential intrusions, but it is not focused on filtering web application traffic like a WAF.
Why is snapshot management crucial for the virtual machine (VM) lifecycle?
- A . It allows for quick restoration points during updates or changes
- B . It is used for load balancing VMs
- C . It enhances VM performance significantly
- D . It provides real-time analytics on VM applications
A
Explanation:
Snapshots serve as recovery points, enabling quick rollback to previous states if issues arise during updates or changes. This is crucial for VM lifecycle management.
Reference: [Security Guidance v5, Domain 7 – Infrastructure & Networking]