Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cloud Security Alliance CCSK - Certificate of Cloud Security Knowledge v5 (CCSKv5.0)

Page: 9 / 10
Total 332 questions

What is a commonly used method by which hybrid cloud integrates data centers with public cloud?

A.

Using VPN or dedicated links

B.

Using peer-to-peer networks

C.

Using local area network (LAN)

D.

Using satellite connections

Which of the following cloud computing models primarily provides storage and computing resources to the users?

A.

Function as a Service (FaaS)

B.

Platform as a Service (PaaS)

C.

Software as a Service (SaaS)

D.

Infrastructure as a Service (laa

A security failure at the root network of a cloud provider will not compromise the security of all customers because of multitenancy configuration.

A.

False

B.

True

What is true of security as it relates to cloud network infrastructure?

A.

You should apply cloud firewalls on a per-network basis.

B.

You should deploy your cloud firewalls identical to the existing firewalls.

C.

You should always open traffic between workloads in the same virtual subnet for better visibility.

D.

You should implement a default allow with cloud firewalls and then restrict as necessary.

E.

You should implement a default deny with cloud firewalls.

When implementing a Zero Trust (ZT) strategy, which approach is considered fundamental for ensuring enterprise security and connectivity?

A.

Allowing unrestricted access to resources within local networks but restricting cloud access

B.

Implementing perimeter-based security as the primary defense mechanism

C.

Enforcing strict access control and verification for all users and devices

D.

Only allowing trusted devices to connect to local/office networks

What is true of companies considering a cloud computing business relationship?

A.

The laws protecting customer data are based on the cloud provider and customer location only.

B.

The confidentiality agreements between companies using cloud computing services is limited legally to the company, not the provider.

C.

The companies using the cloud providers are the custodians of the data entrusted to them.

D.

The cloud computing companies are absolved of all data security and associated risks through contracts and data laws.

E.

The cloud computing companies own all customer data.

Which factors primarily drive organizations to adopt cloud computing solutions?

A.

Scalability and redundancy

B.

Improved software development methodologies

C.

Enhanced security and compliance

D.

Cost efficiency and speed to market

How can the use of third-party libraries introduce supply chain risks in software development?

A.

They are usually open source and do not require vetting

B.

They might contain vulnerabilities that can be exploited

C.

They fail to integrate properly with existing continuous integration pipelines

D.

They might increase the overall complexity of the codebase

In preparing for cloud incident response, why is updating forensics tools for virtual machines (VMs) and containers critical?

A.

To comply with cloud service level agreements (SLAs)

B.

To streamline communication with cloud service providers and customers

C.

To ensure compatibility with cloud environments for effective incident analysis

D.

To increase the speed of incident response team deployments

Which of the following from the governance hierarchy provides specific goals to minimize risk and maintain a secure environment?

A.

Implementation guidance

B.

Control objectives

C.

Policies

D.

Control specifications