CSCI 510 CCSK First Attempt real exam ALL
CORRECT ANSWERS
Table of Contents
No table of contents entries found.
https://www.ccskcloudsecurity.com/ccsk-member-exam/ccsk-exam-simulator-3/
1- What type of information is contained in the Cloud
Security Alliance’s Cloud Control Matrix? (CCM)
a- A List of cloud configurations including traffic logic efficient routes
b- A number of requirements to be implemented based upon numerous standards
and regulatory requirements
c- The command and control management hierarchy of a typical cloud company
d- Network traffic rule for cloud env.
e- Federal legal business requirements for all cloud operator
4- What Makes cloud assets less resilient compared with a
traditional infrastructure? (Domain 1)
a- Greater fragility of virtualized resources
b- Less cost effective
c- Not scalable
d- API access
e- Less management oversight
8- In addition to preventing primary customer data, legal
experts advise cloud providers to protect secondary
information such as (Domain-3)
a- Database of relevant regulations
b- Datacenter visitors log
c- Metadata (if available)
d- Third party contracts (did not have snapshot of my answer not sure of this)
e- Operating system configuration script
9- CCM: A hypothetical company called “Security4 Sure”
provides a cloud based service to share confidential
documents. The confidential documents are stored in
their servers and are encrypted. How will Security4Sure
ensure the protection of client data within their data
center?
a- Encrypt data at rest and put in place appropriate measures for management
of encryption keys
, b- Audit plans should not be adopted and supported by the most senior
governing elements of the organization (e.g. the board and the management)
c- Use a secure transfer channel (i.e TLS)
d- Implement redundant or backup power supplied, redundant data communications
connections, environmental controls (e.g. air conditioning, fire suppression) and
various security devices
10- CCM: In the identity & Access Management (IAM)
domain, what does the number ‘04’ in IAM-04
signify? (CCM)
a- There are 4 controls in that particular domain
b- The control ID is a random number assigned to the control
c- It is the 4th control in the IAM domain (need to check again)
d- None of the above
11- which type of application security testing tests
running applications and includes tests such as web
vulnerability testing and fuzzing? (Domain 10)
a- Functional testing
b- Static Application Security Testing (SAST)
c- Dynamic Application Security Testing (DAST)
d- Code Review
e- Unit Testing
16- if a provider’s infrastructure is not in scope, who is
responsible for building complaint applications and
services? (Domain 7)
a- No one. It is an accepted risk that is written into the terms and conditions
with customers
b- It is up to the consumer and provider to negotiate the solution ( I think I answered this
in test)
c- The provider must create a separate tenant for each customer based on the
various compliance regulations.
d- The customer is responsible for compliant applications and services
e- The provider must update or fix whatever is not in compliance
CORRECT ANSWERS
Table of Contents
No table of contents entries found.
https://www.ccskcloudsecurity.com/ccsk-member-exam/ccsk-exam-simulator-3/
1- What type of information is contained in the Cloud
Security Alliance’s Cloud Control Matrix? (CCM)
a- A List of cloud configurations including traffic logic efficient routes
b- A number of requirements to be implemented based upon numerous standards
and regulatory requirements
c- The command and control management hierarchy of a typical cloud company
d- Network traffic rule for cloud env.
e- Federal legal business requirements for all cloud operator
4- What Makes cloud assets less resilient compared with a
traditional infrastructure? (Domain 1)
a- Greater fragility of virtualized resources
b- Less cost effective
c- Not scalable
d- API access
e- Less management oversight
8- In addition to preventing primary customer data, legal
experts advise cloud providers to protect secondary
information such as (Domain-3)
a- Database of relevant regulations
b- Datacenter visitors log
c- Metadata (if available)
d- Third party contracts (did not have snapshot of my answer not sure of this)
e- Operating system configuration script
9- CCM: A hypothetical company called “Security4 Sure”
provides a cloud based service to share confidential
documents. The confidential documents are stored in
their servers and are encrypted. How will Security4Sure
ensure the protection of client data within their data
center?
a- Encrypt data at rest and put in place appropriate measures for management
of encryption keys
, b- Audit plans should not be adopted and supported by the most senior
governing elements of the organization (e.g. the board and the management)
c- Use a secure transfer channel (i.e TLS)
d- Implement redundant or backup power supplied, redundant data communications
connections, environmental controls (e.g. air conditioning, fire suppression) and
various security devices
10- CCM: In the identity & Access Management (IAM)
domain, what does the number ‘04’ in IAM-04
signify? (CCM)
a- There are 4 controls in that particular domain
b- The control ID is a random number assigned to the control
c- It is the 4th control in the IAM domain (need to check again)
d- None of the above
11- which type of application security testing tests
running applications and includes tests such as web
vulnerability testing and fuzzing? (Domain 10)
a- Functional testing
b- Static Application Security Testing (SAST)
c- Dynamic Application Security Testing (DAST)
d- Code Review
e- Unit Testing
16- if a provider’s infrastructure is not in scope, who is
responsible for building complaint applications and
services? (Domain 7)
a- No one. It is an accepted risk that is written into the terms and conditions
with customers
b- It is up to the consumer and provider to negotiate the solution ( I think I answered this
in test)
c- The provider must create a separate tenant for each customer based on the
various compliance regulations.
d- The customer is responsible for compliant applications and services
e- The provider must update or fix whatever is not in compliance
