This page was exported from Free Exam Dumps Collection [ http://free.examcollectionpass.com ] Export date:Mon Jul 7 22:55:40 2025 / +0000 GMT ___________________________________________________ Title: New 2024 Realistic Free Cloud Security Alliance CCSK Exam Dump Questions & Answer [Q52-Q75] --------------------------------------------------- New 2024 Realistic Free Cloud Security Alliance CCSK Exam Dump Questions and Answer CCSK Practice Test Engine: Try These 120 Exam Questions NEW QUESTION 52Which of the following processes plays a major role in managing system vulnerabilities?  Capacity Management  Patch Management  Incident Management  Release Management Although other process are part of overall security strategy proper patch management plays key role in keeping control on system vulnerabilities.NEW QUESTION 53Logs, documentation, and other materials needed for audits and compliance and often serve as evidence of compliance activities are known as:  Log Trail  Documented Evidence  Proof of Audit  Artifacts Artifacts are the logs, documentation, and other materials needed for audits and compliance; they are the evidence to support compliance activities. Both providers and customers have responsibilities for producing and managing their respective artifacts.Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)NEW QUESTION 54Which statement best describes the impact of Cloud Computing on business continuity management?  A general lack of interoperability standards means that extra focus must be placed on the security aspects of migration between Cloud providers.  The size of data sets hosted at a Cloud provider can present challenges if migration to another provider becomes necessary.  Customers of SaaS providers in particular need to mitigate the risks of application lock-in.  Clients need to do business continuity planning due diligence in case they suddenly need to switch providers.  Geographic redundancy ensures that Cloud Providers provide highly available services. NEW QUESTION 55The example of two administrators required to complete an operation in cloud is an example of:  Conflict of interest  Mandy  Separy  Collaborative effons Separation of duties(SoD)(also known as “Segregation of duties”) is the concept of having more than one person required to complete a task. ln business the separation by sharing of more than one individual in one single task is an internal control intended to prevent fraud and error.NEW QUESTION 56Which is the primary tool used to manage identity and access management of resources spread across hundreds of different clouds and resources?  Active Directory  Federation  SAML 2.0  Entitlement Matrix In cloud computing, the fundamental problem is that multiple organizations are now managing the identity and access management to resources, which can greatly complicate the process. For example, imagine having to provision the same user on dozens-or hundreds-of different cloud services.Federation is the primary tool used to manage this problem, by building trust relationships between organizations and enforcing them through standards-based technologies.Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)NEW QUESTION 57What are the primary security responsibilities of the cloud provider in the management infrastructure?  Building and properly configuring a secure network infrastructure  Configuring second factor authentication across the network  Properly configuring the deployment of the virtual network, especially the firewalls  Properly configuring the deployment of the virtual network, except the firewalls  Providing as many API endpoints as possible for custom access and configurations NEW QUESTION 58Which of the following is not part of STRIDE model?  Spoofing  Denial of Service  Distributed Denial of Service  Elevation of Privilege The letters in STRIDE threat model represent Spoofing of identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. The other options are simply mixed up or incorrect versions of the same.NEW QUESTION 59What is true of security as it relates to cloud network infrastructure?  You should apply cloud firewalls on a per-network basis.  You should deploy your cloud firewalls identical to the existing firewalls.  You should always open traffic between workloads in the same virtual subnet for better visibility.  You should implement a default allow with cloud firewalls and then restrict as necessary.  You should implement a default deny with cloud firewalls. ExplanationNEW QUESTION 60Which governance domain deals with evaluating how cloud computing affects compliance with internalsecurity policies and various legal requirements, such as regulatory and legislative?  Legal Issues: Contracts and Electronic Discovery  Infrastructure Security  Compliance and Audit Management  Information Governance  Governance and Enterprise Risk Management NEW QUESTION 61ln order to determine critical assets and processes of the organization, it must first conduct a:  Risk Assessment  Business Impact Analysis(BIA)  Datacentre monitoring  Host hardening This is a process known as the business impact analysis(BIA). We determine a value for every asset(usually in terms of dollars),,what it would cost the organization if we lost that asset(either temporarily or permanently), what it would cost to replace or repair that asset, and any alternate methods for dealing with that loss.NEW QUESTION 62An adversary uses a cloud Platform to launch a DDoS attack against XYZ company. This type of risk is termed as:  Malicious Insider  Data Breaches  Abuse of Cloud services  Account Hijacking Malicious actors may leverage cloud computing resources to target users, Organizations or other cloud providers. Examples of misuse of cloud service-based resources include launching DDoS attacks, email spam and phishing campaigns; “mining” for digital currency; large-scale automated click fraud; brute- force compute attacks of stolen credential databases; and hosting of malicious or pirated content.NEW QUESTION 63CCM: In the CCM tool, a _____________________ is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.  Risk Impact  Domain  Control Specification NEW QUESTION 64Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub.  True  False This is true. Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub, because there is a significant chance of discovery and misuse.Keys need to be appropriately secured and a well- secured public key infrastructure (PKI) is needed to ensure key-management activities are carried out.NEW QUESTION 65The entity that has the primary relationship with an individual from whom his/her PII is collected is known as:  Data Controller  Data processor  Data custodian  Data Manager The data controller(typically the entity that has the primary relationship with an individual) is prohibited from collecting and processing personal data unless certain criteria are met. For example, if the data subject has consented to the collection and proposed uses of his or her data, then the controller may collect and process data, according to the consent agreement.Ref: Security Guidance v4.0 Copyright2017, Cloud Security AllianceNEW QUESTION 66“Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms” Which of the following characterstics defines this  0n-demand self-service  Broad network access  Resource pooling  Rapid elasticity NEW QUESTION 67Which data security control is the LEAST likely to be assigned to an IaaS provider?  Application logic  Access controls  Encryption solutions  Physical destruction  Asset management and tracking NEW QUESTION 68Which of the following is true when we talk about compliance inheritance?  Cloud Service Provider’s infrastructure should be included in the customer’s compliance audit  Cloud Service Provider’s infrastructure is out of scope in the customer’s compliance audit  Everything the customer configures and builds on top of the certified services is out of sec  There is no need for compliance audit by customer since the Cloud Service Provider is already compliant. With compliance inheritance, the cloud provider’s infrastructure is out of scope fora customer’s compliance audit, but everything the customer configures and builds on top of the certified services is still within scope.Reference: CSA Security GuidelinesV.4 (reproduced here for the educational purpose)NEW QUESTION 69Vulnerability assessments cannot be easily integrated into CI/CD pipelines because of provider restrictions.  False  True NEW QUESTION 70ENISA: An example high risk role for malicious insiders within a Cloud Provider includes  Sales  Marketing  Legal counsel  Auditors  Accounting NEW QUESTION 71Which of the following is NOT a cloud computing characteristic that impacts incidence response?  The on demand self-service nature of cloud computing environments.  Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.  The possibility of data crossing geographic or jurisdictional boundaries.  Object-based storage in a private cloud.  The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures. NEW QUESTION 72An agreed-upon description of the attributes of a product. at a point in time that serves as a basis for defining change is called:  Standardization  Baseline  Trusted Module  Secured Server A baseline is an agreed-upon description of the attributes of a product. at a point in time that serves as a basis for defining change.NEW QUESTION 73In ability to provide enough capacity to the cloud customer can lead to which of the following risk:  Resource Exhaustion  Data Breach  Resource Utilization  Data Dispersion Cloud services are on-demand Therefore there is a level of calculated risk in allocating all the resources of a cloud service, because resources are allocated according to statistical projections. In accurate modelling of resources usage common resources allocation algorithms are vulnerable to distortions of fairness or inadequate resource provisioning and inadequate investments in infrastructure.NEW QUESTION 74When virtual machines may communicate with each other over a hardware backplane, Rather than a network, It gives rise to:  Multi-tenancy  Blind spot  DDoS  Inter VM attack It’s the definition of Blind spot and it is very difficult to monitor this traffic.NEW QUESTION 75A framework of containers for all components of application security. best practices. catalogued and leveraged by the ORGANIZATION is called:  ANF  ONF  CAF  DAF Please notice that the question is asked for the organisation and therefore, ONF is the correct answer. If the similar question is asked for a particular application then answer would ANF Loading … Guaranteed Success in Cloud Security Knowledge CCSK Exam Dumps: https://www.examcollectionpass.com/Cloud-Security-Alliance/CCSK-practice-exam-dumps.html --------------------------------------------------- Images: https://free.examcollectionpass.com/wp-content/plugins/watu/loading.gif https://free.examcollectionpass.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-01-17 13:11:53 Post date GMT: 2024-01-17 13:11:53 Post modified date: 2024-01-17 13:11:53 Post modified date GMT: 2024-01-17 13:11:53