Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cloud Security Alliance CCSK - Certificate of Cloud Security Knowledge v5 (CCSKv5.0)

Cloud Security Alliance CCSK Premium Access     Download Demo    
Page: 2 / 10
Total 332 questions

What is one of the primary advantages of including Static Application Security Testing (SAST) in Continuous Integration (CI) pipelines?

A.

Identifies code vulnerabilities early in the development

B.

Increases the speed of deployment to production

C.

Improves runtime performance of the application

D.

Enhances the user interface of the application

Which aspect of a Cloud Service Provider's (CSPs) infrastructure security involves protecting the interfaces used to manage configurations and resources?

A.

Management plane

B.

Virtualization layers

C.

Physical components

D.

PaaS/SaaS services

For third-party audits or attestations, what is critical for providers to publish and customers to evaluate?

A.

Scope of the assessment and the exact included features and services for the assessment

B.

Provider infrastructure information including maintenance windows and contracts

C.

Network or architecture diagrams including all end point security devices in use

D.

Service-level agreements between all parties

E.

Full API access to all required services

What are the encryption options available for SaaS consumers?

A.

Any encryption option that is available for volume storage, object storage, or PaaS

B.

Provider-managed and (sometimes) proxy encryption

C.

Client/application and file/folder encryption

D.

Object encryption Volume storage encryption

In a cloud environment, what does the Shared Security Responsibility Model primarily aim to define?

A.

The division of security responsibilities between cloud providers and customers

B.

The relationships between IaaS, PaaS, and SaaS providers

C.

The compliance with geographical data residency and sovereignty

D.

The guidance for the cloud compliance framework

What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

A.

Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.

B.

Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.

C.

Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.

D.

Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.

E.

Both B and D.

CCM: A hypothetical company called: “Health4Sure” is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients.

Which of the following approach would be most suitable to assess the overall security posture of Health4Sure’s cloud service?

A.

The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.

B.

The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company’s overall security posture in an efficient manner.

C.

The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.

How does the variability in Identity and Access Management (IAM) systems across cloud providers impact a multi-cloud strategy?

A.

Adds complexity by requiring separate configurations and integrations.

B.

Ensures better security by offering diverse IAM models.

C.

Reduces costs by leveraging different pricing models.

D.

Simplifies the management by providing standardized IAM protocols.

What is the most effective way to identify security vulnerabilities in an application?

A.

Performing code reviews of the application source code just prior to release

B.

Relying solely on secure coding practices by the developers without any testing

C.

Waiting until the application is fully developed and performing a single penetration test

D.

Conducting automated and manual security testing throughout the development

What of the following is NOT an essential characteristic of cloud computing?

A.

Broad Network Access

B.

Measured Service

C.

Third Party Service

D.

Rapid Elasticity

E.

Resource Pooling