
New 2021 CCSK exam questions Welcome to download the newest Fast2test CCSK PDF dumps (300 Q&As)
P.S. Free 2021 Cloud Security Knowledge CCSK dumps are available on Google Drive shared by Fast2test
NEW QUESTION 53
According to CSA Security Guidelines, there are four layers of Logical Model for cloud computing. Which of the following is not one of the layers as defined by Cloud Security Alliance?
- A. Applistructure
- B. Softstructure
- C. Infrasturcture
- D. Metastructure
Answer: B
Explanation:
The four layers of Logical Model for cloud computing according to Cloud Security Alliance are:
1. Infrastructure: The core components of a computing system: compute, network, and storage. The foundation that everything else is built on. The moving parts.
2. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration.
3. Infostructure: The data and information. Content in a database, file storage, etc.
4. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services.
NEW QUESTION 54
Which of following is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor?
- A. VM DOS
- B. VM Escape
- C. VM HBR
- D. VM rootkit
Answer: B
Explanation:
Virtual machine escape is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor. Such an exploit could give the attacker access to the host operating system and all other virtual machines(VMs) running on that host.
NEW QUESTION 55
CCM: In the CCM tool, a is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.
- A. Control Specification
- B. Domain
- C. Risk Impact
Answer: A
NEW QUESTION 56
Exploitable bugs in programs that attackers can use to infiltrate a computer system for the purpose of stealing data, taking control of the system or disrupting service operations, are called:
- A. Honepots
- B. Threat Agents
- C. Vulnerbilities
- D. Threats
Answer: C
Explanation:
It's a definition of System Vulnerability.
NEW QUESTION 57
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
- A. True
- B. False
Answer: A
NEW QUESTION 58
Which of the following is an effective way of segregating different cloud networks and datacenters in a hybrid cloud environment?
- A. Dedicated Hosting
- B. Virtual Private Networks
- C. Bastion Virtual Network
- D. Virtual LANs
Answer: C
Explanation:
One emerging architecture for hybrid cloud connectivity is "bastion" or "transit" virtual networks:
. This scenario allows you to connect multiple, different cloud networks to a data center using a single hybrid connection. The cloud user builds a dedicated virtual network for the hybrid connection and then peers any other networks through the designated bastion network.
. Second-level networks connect to the data center through the bastion network, but since they aren't peered to each other they can't talk to each other and are effectively segregated. Also, you can deploy different security tools, firewall rulesets, and Access Control Lists in the bastion network to further protect traffic in and out of the hybrid connection.
Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)
NEW QUESTION 59
"Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. " Which of the following characteristics defines this?
- A. Measured service
- B. Broad network access
- C. Resource pooling
- D. Rapid elasticity
Answer: A
Explanation:
Measured service is defined as "Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. "
NEW QUESTION 60
An adversary uses a cloud Platform to launch a DDoS attack against XYZ company. This type of risk is termed as:
- A. Abuse of Cloud services
- B. Data Breaches
- C. Malicious Insider
- D. Account Hijacking
Answer: A
Explanation:
Malicious actors may leverage cloud computing resources to target users, Organizations or other cloud providers. Examples of misuse of cloud service-based resources include launching DDoS attacks, email spam and phishing campaigns; "mining" for digital currency; large-scale automated click fraud; brute- force compute attacks of stolen credential databases; and hosting of malicious or pirated content.
NEW QUESTION 61
IT Risk management is best described in:
- A. FIPS 140-2
- B. ISO 27017
- C. NIST SP800-14
- D. ISO 27005
Answer: D
Explanation:
IS027005 standards describes IT Risk Management process
NEW QUESTION 62
ISO 27001 certification can be taken as proof to achieve Third-party assessment level in CSA star program.
- A. True
- B. False
Answer: A
Explanation:
The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC
27001:2013 management system standard together with the CSA Cloud Controls Matrix.
NEW QUESTION 63
Database as a Service is an example of :
- A. Software as a Service(SaaS)
- B. Program as a Service(PaaS)
- C. Platform as a Service(PaaS)
- D. Infrastructure as a Service(IaaS)
Answer: C
Explanation:
One option. frequently seen in the real world and illustrated in our model. is to build a platform on top of IaaS. A layer of integration and middleware is built on IaaS. then pooled together. orchestrated. and exposed to customers using APIs as PaaS. For example, a Database as a Service could be built by deploying modified database management system software on instances running in IaaS. The customer manages the database via API (and a web console) and accesses it either through the normal database network protocols, or, again, via API.
Ref: CSA Security Guidelines V4.0
NEW QUESTION 64
The example of two administrators required to complete an operation in cloud is an example of:
- A. Conflict of interest
- B. Collaborative effons
- C. Separy
- D. Mandy
Answer: C
Explanation:
Separation of duties(SoD)(also known as "Segregation of duties") is the concept of having more than one person required to complete a task. ln business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error.
NEW QUESTION 65
Which one of the following is NOT one of phases for cloud auditing?
- A. Conduct Audit
- B. Define Audit objectives
- C. Report data breaches
- D. Report lesson learned
Answer: C
Explanation:
Reporting data breaches is not part of Auditing and not a function of Auditors.
NEW QUESTION 66
When creating business strategies for cloud migration. which is the most important aspect?
- A. Choosing the right auditor
- B. Valuating current staff for their capabilities
- C. Hiring a cloud broker
- D. Due Diligence when inspecting technologies and choosing cloud provider
Answer: D
Explanation:
Due Diligence is most important aspect when considering adoption to the cloud
NEW QUESTION 67
Which is the leading industry leading standard you will recommend to a web developer when designing web application or an API for a cloud solution?
- A. SOC2
- B. FIPS 140
- C. ISO 27001
- D. OWASP
Answer: D
Explanation:
OWASP is an open project and is leading industry standard for designing web applications and its security.
NEW QUESTION 68
......
CCSK exam questions from Fast2test dumps: https://www.fast2test.com/CCSK-premium-file.html (300 Q&As)
Free 2021 Cloud Security Knowledge CCSK dumps are available on Google Drive shared by Fast2test: https://drive.google.com/open?id=1UQtwthIWzIJYyQeFjVjoXaHlzKt2mY8J