Real CCSK are Uploaded by PassExamDumps provide 2021 Latest CCSK Practice Tests Dumps.
All CCSK Dumps and Certificate of Cloud Security Knowledge (v4.0) Exam Training Courses Help candidates to study and pass the Certificate of Cloud Security Knowledge (v4.0) Exam Exams hassle-free!
NEW QUESTION 33
Code execution environments that run within an operating system. sharing and leveraging resources of that operating system is called :
- A. Instance
- B. Virtual Machine
- C. Container
- D. Sandbox
Answer: C
Explanation:
Containers are code execution environments that run within an operating system(for now), sharing and leveraging resources of that operating system. While a VM is a full abstraction of an operating system, a container is a constrained place to run segregated processes while still utilizing the kernel and other capabilities of the base 0S. Multiple containers can run on the same virtual machine or be implemented without the use of VMs at all and run directly on hardware.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)
NEW QUESTION 34
Who is responsible for infrastructure Security in Software as a Service(SaaS) service model?
- A. Cloud Customer
- B. Cloud Service Provider
- C. Cloud Carrier
- D. It's a shared responsibility between Cloud Service Provider and Cloud Customer
Answer: B
Explanation:
Cloud service Provider is responsible for infrastructure in Software as a service(SaaS) service Model
NEW QUESTION 35
What is the newer application development methodology and philosophy focused on automation of application development and deployment?
- A. SecDevOps
- B. DevOps
- C. Agile
- D. BusOps
- E. Scrum
Answer: B
NEW QUESTION 36
Big data includes high volume, high variety, and high velocity.
- A. True
- B. False
Answer: A
NEW QUESTION 37
Which of the following is NOT one of the common networks underlying in Cloud Infrastructure?
- A. Storage Network
- B. Security Network
- C. Service Network
- D. Management Network
Answer: B
Explanation:
If you are a cloud provider (including managing a private cloud), physical segregation of networks composing your cloud is important for both operational and security reasons. We most commonly see at least three different networks which are isolated onto dedicated hardware since there is no functional or traffic overlap:
1. The service network for communications between virtual machines and the Internet. This builds the network resource pool for the cloud users.
2. The storage network to connect virtual storage to virtual machines.
3. A management network for management and API traffic.
Ref: Reference: CSA Security GuidelinesV.4 (reproduced here for the educational purpose)
NEW QUESTION 38
A framework of containers for all components of application security. best practices. catalogued and leveraged by the ORGANIZATION is called:
- A. ONF
- B. ANF
- C. CAF
- D. DAF
Answer: A
Explanation:
Please notice that the question is asked for the organisation and therefore, ONF is the correct answer. If the similar question is asked for a particular application then answer would ANF
NEW QUESTION 39
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?
- A. Provider and consumer contracts
- B. EDiscovery tools
- C. Third-party attestations
- D. Provider run audits and reports
- E. Provider documentation
Answer: C
NEW QUESTION 40
Which is the set of technologies that are designed to detect conditions indicative of a security vulnerability in an application in its running state?
- A. Enterprise Threat Modelling
- B. STRIDE
- C. Dynamic application security testing(DAST)
- D. Static application security Testing(SAST)
Answer: C
Explanation:
Definitions:
SAST- Static application security testing(SAST) is a type of security testing that relies on inspecting the source code of an application. ln general, SAST involves looking at the ways the code is designed to pinpoint possible security flaws.
DAST- Dynamic application security testing(DAST) technologies are designed to detect conditions indicative of a security vulnerability in an application in its running state
NEW QUESTION 41
Which one is NOT considered as one of the building blocks of the cloud computing?
- A. Networking
- B. Clock
- C. CPU
- D. RAM
Answer: B
Explanation:
The question is asking for an exception by using "NOT"
The building blocks of cloud computing are composed of random access memory (RAM), the central processing unit(CPU), storage, and networking.
NEW QUESTION 42
An agreed-upon description of the attributes of a product. at a point in time that serves as a basis for defining change is called:
- A. Secured Server
- B. Trusted Module
- C. Baseline
- D. Standardization
Answer: C
Explanation:
A baseline is an agreed-upon description of the attributes of a product. at a point in time that serves as a basis for defining change.
NEW QUESTION 43
Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?
- A. Access control
- B. Authentication
- C. Federated Identity Management
- D. Entitlement
- E. Authoritative source
Answer: D
NEW QUESTION 44
Which is the most important trust mechanism between cloud service provider and cloud customer?
- A. Meeting SLA requirements
- B. Logging and Monitoring reports
- C. Contract
- D. Audit reports
Answer: C
Explanation:
Contract is the most important document which defines trust and relationship between cloud service provider and the customer.
NEW QUESTION 45
Which of the following establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment?
- A. IS0 27017
- B. IS0 27032
- C. IS0 27034
- D. IS0 27018
Answer: D
Explanation:
IS0/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment.
NEW QUESTION 46
"Standards like the SSAE16 have a defined scope. which includes both what is assessed (e.g. which of the provider's services) as well as which controls are assessed. A provider can thus "pass" an audit that doesn't include any security controls. which isn't overly useful for security and risk managers. " True or False?
- A. True
- B. False
Answer: A
Explanation:
This is true, When cloud assessment is done, it is very important to understand the scope of the audit and the standard used. In statement above, we can see that, audit scope ofSSAE16 is decided by cloud provider and can be very limited and one may not be get full visilibility into the security of the cloud service provider.
NEW QUESTION 47
A cloud storage architecture that caches content close to locations of high demand is known as:
- A. Ephemeral Storage
- B. Content Delivery Network(CDN)
- C. Block Data
- D. Volume Data
Answer: B
Explanation:
A content delivery network(CDN) is a system of distributed servers(network) that deliver pages and other Web content to a user. based on the geographic locations of the user. the origin of the webpage and the content delivery server.
NEW QUESTION 48
Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?
- A. Applistructure
- B. Datastructure
- C. Infostructure
- D. Infrastructure
- E. Metastructure
Answer: D
NEW QUESTION 49
Your SLA with your cloud provider ensures continuity for all services.
- A. False
- B. True
Answer: A
NEW QUESTION 50
Cloud architectures necessitate certain roles which are extremely high-risk. Examples of such roles include CP system administrators and auditors and managed security service providers dealing with intrusion detection reports and incident response. They are known as high-risk because their malicious activities can lead to abuse of high privilege roles and can impact confidentiality, integrity and availability of data.
- A. False
- B. True
Answer: A
NEW QUESTION 51
......
Valid Way To Pass Cloud Security Alliance's CCSK Exam with : https://www.passexamdumps.com/CCSK-valid-exam-dumps.html
Free Test Engine For Certificate of Cloud Security Knowledge (v4.0) Exam Certification Exams: https://drive.google.com/open?id=1zjChC5dAkbZc4k_IKcF2a175TEOpJDsN
