Exam A QUESTION 1
All cloud services utilize virtualization technologies.
A. False B. True
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 2
If there are gaps in network logging data, what can you do?
A. Nothing.Therearesimplylimitationsaroundthedatathatcanbeloggedinthecloud. B. Askthecloudprovidertoopenmoreports.
C. You can instrument the technology stack with your own logging.
D. Ask the cloud provider to close more ports.
E. Nothing.Thecloudprovidermustmaketheinformationavailable.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 3
What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?
A. Thephysicallocationofthedataandhowitisaccessed
B. Thefragmentationandencryptionalgorithmsemployed
C. The language of the data and how it affects the user
D. The implications of storing complex information on simple storage systems E. Theactualsizeofthedataandthestorageformat
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
CCM: The following list of controls belong to which domain of the CCM?
GRM 06 – Policy GRM 07 – Policy Enforcement GRM 08 – Policy Impact on Risk Assessments GRM 09 – Policy Reviews GRM 10 – Risk Assessments GRM 11 – Risk Management Framework
A. GovernanceandRetentionManagement B. GovernanceandRiskManagement
C. Governing and Risk Metrics
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Big data includes high volume, high variety, and high velocity.
A. False B. True
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Cloud applications can use virtual networks and other structures, for hyper-segregated environments.
A. False B. True
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 7
An important consideration when performing a remote vulnerability test of a cloud-based application is to
A. Obtainproviderpermissionfortest
B. Usetechniquestoevadecloudprovider’sdetectionsystems C. Use application layer testing tools exclusively
D. Use network layer testing tools exclusively
E. Schedulevulnerabilitytestatnight
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Cloud services exhibit five essential characteristics that demonstrate their relation to, and differences from, traditional computing approaches. Which one of the five characteristics is described as: a consumer can unilaterally provision computing capabilities such as server time and network storage as needed.
A. Rapidelasticity B. Resourcepooling
C. Broad network access D. Measured service
E. On-demandself-service
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 9
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
A. False B. True
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment?
A. Inspectandaccountforrisksinheritedfromothermembersofthecloudsupplychainandtakeactivemeasurestomitigateandcontainrisksthroughoperational resiliency.
B. Respecttheinterdependencyoftherisksinherentinthecloudsupplychainandcommunicatethecorporateriskpostureandreadinesstoconsumersand dependent parties.
C. Negotiate long-term contracts with companies who use well-vetted software application to avoid the transient nature of the cloud environment.
D. Provide transparency to stakeholders and shareholders demonstrating fiscal solvency and organizational transparency.
E. BothBandC.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 11
What is defined as the process by which an opposing party may obtain private documents for use in litigation?
A. Discovery
B. Custody
C. Subpoena
D. Risk Assessment E. Scope
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Use elastic servers when possible and move workloads to new instances.
A. False B. True
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 13
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?
A. Providerdocumentation
B. Providerrunauditsandreports C. Third-partyattestations
D. Provider and consumer contracts E. EDiscoverytools
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?
A. Morephysicalcontroloverassetsandprocesses.
B. Greaterrelianceoncontracts,audits,andassessmentsduetolackofvisibilityormanagement. C. Decreased requirement for proactive management of relationship and adherence to contracts. D. Increased need, but reduction in costs, for managing risks accepted by the cloud provider.
E. Noneoftheabove.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 15
What is true of searching data across cloud environments?
A. Youmightnothavetheabilityoradministrativerightstosearchoraccessallhosteddata.
B. Thecloudprovidermustconductthesearchwiththefulladministrativecontrols.
C. Allcloud-hostedemailaccountsareeasilysearchable.
D. Search and discovery time is always factored into a contract between the consumer and provider. E. YoucaneasilysearchacrossyourenvironmentusinganyE-Discoverytool.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 16
How does running applications on distinct virtual networks and only connecting networks as needed help?
A. Itreduceshardwarecosts
B. Itprovidesdynamicandgranularpolicieswithlessmanagementoverhead C. It locks down access and provides stronger data security
D. It reduces the blast radius of a compromised system
E. Itenablesyoutoconfigureapplicationsaroundbusinessgroups
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 17
ENISA: “VM hopping” is:
A. ImpropermanagementofVMinstances,causingcustomerVMstobecommingledwithothercustomersystems. B. Loopingwithinvirtualizedroutingsystems.
C. Lack of vulnerability management standards.
D. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.
E. InstabilityinVMpatchmanagementcausingVMroutingerrors.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 18
CCM: In the CCM tool, “Encryption and Key Management” is an example of which of the following?
A. Risk Impact
B. Domain
C. Control Specification
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
What is true of companies considering a cloud computing business relationship?
A. Thelawsprotectingcustomerdataarebasedonthecloudproviderandcustomerlocationonly.
B. Theconfidentialityagreementsbetweencompaniesusingcloudcomputingservicesislimitedlegallytothecompany,nottheprovider. C. The companies using the cloud providers are the custodians of the data entrusted to them.
D. The cloud computing companies are absolved of all data security and associated risks through contracts and data laws.
E. Thecloudcomputingcompaniesownallcustomerdata.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 20
How is encryption managed on multi-tenant storage?
A. Singlekeyforalldataowners
B. Onekeyperdataowner
C. Multiple keys per data owner
D. The answer could be A, B, or C depending on the provider
E. CfordatasubjecttotheEUDataProtectionDirective;Bforallothers
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 21
In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?
A. Multi-application,singletenantenvironments B. Longdistancerelationships
C. Multi-tenant environments
D. Distributed computing arrangements
E. Singletenantenvironments
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 22
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:
A. Lackofcompletenessandtransparencyintermsofuse B. Lackofinformationonjurisdictions
C. No source escrow agreement
D. Unclear asset ownership
E. Auditorcertificationnotavailabletocustomers
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 23
ENISA: A reason for risk concerns of a cloud provider being acquired is:
A. Arbitrarycontractterminationbyacquiringcompany B. Resourceisolationmayfail
C. Provider may change physical location
D. Mass layoffs may occur
E. Non-bindingagreementsputatrisk
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 24
Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?
A. SoftwareDevelopmentKits(SDKs)
B. ResourceDescriptionFramework(RDF) C. Extensible Markup Language (XML)
D. ApplicationBinaryInterface(ABI)
E. ApplicationProgrammingInterface(API)
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Exam A QUESTION 1
If there are gaps in network logging data, what can you do?
A. Nothing. There are simply limitations around the data that can be logged in the cloud. B. Ask the cloud provider to open more ports.
C. You can instrument the technology stack with your own logging.
D. Ask the cloud provider to close more ports.
E. Nothing. The cloud provider must make the information available.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
CCM: In the CCM tool, a _____________________ is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.
A. Risk Impact
B. Domain
C. Control Specification
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 3
CCM: The following list of controls belong to which domain of the CCM?
GRM 06 – Policy GRM 07 – Policy Enforcement GRM 08 – Policy Impact on Risk Assessments GRM 09 – Policy Reviews GRM 10 – Risk Assessments GRM 11 – Risk Management Framework
A. Governance and Retention Management B. Governance and Risk Management
C. Governing and Risk Metrics
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Which attack surfaces, if any, does virtualization technology introduce?
A. The hypervisor
B. Virtualization management components apart from the hypervisor C. Configuration and VM sprawl issues
D. All of the above
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 5
APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.
A. False B. True
Correct Answer: B Section: (none)
Explanation Explanation/Reference:
QUESTION 6
Which of the following is NOT a cloud computing characteristic that impacts incidence response?
A. The on demand self-service nature of cloud computing environments.
B. Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident. C. The possibility of data crossing geographic or jurisdictional boundaries.
D. Object-based storage in a private cloud.
E. The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Big data includes high volume, high variety, and high velocity.
A. False B. True
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 8
CCM: A hypothetical company called: “Health4Sure” is located in the United States and provides cloud based services for tracking patient health. The company is compliant with HIPAA/HITECH Act among other industry standards. Health4Sure decides to assess the overall security of their cloud service against the CCM toolkit so that they will be able to present this document to potential clients.
Which of the following approach would be most suitable to assess the overall security posture of Health4Sure’s cloud service?
A. The CCM columns are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered ad a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls. This approach will save time.
B. The CCM domain controls are mapped to HIPAA/HITECH Act and therefore Health4Sure could verify the CCM controls already covered as a result of their compliance with HIPPA/HITECH Act. They could then assess the remaining controls thoroughly. This approach saves time while being able to assess the company’s overall security posture in an efficient manner.
C. The CCM domains are not mapped to HIPAA/HITECH Act. Therefore Health4Sure should assess the security posture of their cloud service against each and every control in the CCM. This approach will allow a thorough assessment of the security posture.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which governance domain deals with evaluating how cloud computing affects compliance with internal security policies and various legal requirements, such as regulatory and legislative?
A. Legal Issues: Contracts and Electronic Discovery B. Infrastructure Security
C. Compliance and Audit Management
D. Information Governance
E. Governance and Enterprise Risk Management
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 10
An important consideration when performing a remote vulnerability test of a cloud-based application is to
A. Obtain provider permission for test
B. Use techniques to evade cloud provider’s detection systems C. Use application layer testing tools exclusively
D. Use network layer testing tools exclusively E. Schedule vulnerability test at night
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 11
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?
A. Provider documentation
B. Provider run audits and reports C. Third-party attestations
D. Provider and consumer contracts E. EDiscovery tools
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?
A. More physical control over assets and processes.
B. Greater reliance on contracts, audits, and assessments due to lack of visibility or management. C. Decreased requirement for proactive management of relationship and adherence to contracts. D. Increased need, but reduction in costs, for managing risks accepted by the cloud provider.
E. None of the above.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Which data security control is the LEAST likely to be assigned to an IaaS provider?
A. Application logic
B. Access controls
C. Encryption solutions
D. Physical destruction
E. Asset management and tracking
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 14
How does virtualized storage help avoid data loss if a drive fails?
A. Multiple copies in different locations
B. Drives are backed up, swapped, and archived constantly C. Full back ups weekly
D. Data loss is unavoidable with drive failures
E. Incremental backups daily
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 15
What is the newer application development methodology and philosophy focused on automation of application development and deployment? A. Agile
B. BusOps
C. DevOps
D. SecDevOps E. Scrum
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 16
What is true of searching data across cloud environments?
A. You might not have the ability or administrative rights to search or access all hosted data.
B. The cloud provider must conduct the search with the full administrative controls.
C. All cloud-hosted email accounts are easily searchable.
D. Search and discovery time is always factored into a contract between the consumer and provider. E. You can easily search across your environment using any E-Discovery tool.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 17
How does running applications on distinct virtual networks and only connecting networks as needed help?
A. It reduces hardware costs
B. It provides dynamic and granular policies with less management overhead C. It locks down access and provides stronger data security
D. It reduces the blast radius of a compromised system
E. It enables you to configure applications around business groups
Correct Answer: D Section: (none)
Explanation Explanation/Reference:
QUESTION 18
ENISA: “VM hopping” is:
A. Improper management of VM instances, causing customer VMs to be commingled with other customer systems. B. Looping within virtualized routing systems.
C. Lack of vulnerability management standards.
D. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.
E. Instability in VM patch management causing VM routing errors.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Select the best definition of “compliance” from the options below.
A. The development of a routine that covers all necessary security measures.
B. The diligent habits of good security practices and recording of the same.
C. The timely and efficient filing of security reports.
D. The awareness and adherence to obligations, including the assessment and prioritization of corrective actions deemed necessary and appropriate. E. The process of completing all forms and paperwork necessary to develop a defensible paper trail.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 20
What is true of security as it relates to cloud network infrastructure?
A. You should apply cloud firewalls on a per-network basis.
B. You should deploy your cloud firewalls identical to the existing firewalls.
C. You should always open traffic between workloads in the same virtual subnet for better visibility. D. You should implement a default allow with cloud firewalls and then restrict as necessary.
E. You should implement a default deny with cloud firewalls.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 21
Which statement best describes the impact of Cloud Computing on business continuity management?
A. A general lack of interoperability standards means that extra focus must be placed on the security aspects of migration between Cloud providers. B. The size of data sets hosted at a Cloud provider can present challenges if migration to another provider becomes necessary.
C. Customers of SaaS providers in particular need to mitigate the risks of application lock-in.
D. Clients need to do business continuity planning due diligence in case they suddenly need to switch providers.
E. Geographic redundancy ensures that Cloud Providers provide highly available services.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 22
What is known as a code execution environment running within an operating system that shares and uses the resources of the operating system?
A. Platform-based Workload B. Pod
C. Abstraction
D. Container
E. Virtual machine Correct Answer: D
Section: (none) Explanation
Explanation/Reference:
QUESTION 23
Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?
A. Planned Outages
B. Resiliency Planning C. Expected Engineering D. Chaos Engineering
E. Organized Downtime
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 24
Which cloud storage technology is basically a virtual hard drive for instanced or VMs?
A. Volume storage B. Platform
C. Database
D. Application
E. Object storage
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 25
How is encryption managed on multi-tenant storage?
A. Single key for all data owners
B. One key per data owner
C. Multiple keys per data owner
D. The answer could be A, B, or C depending on the provider
E. C for data subject to the EU Data Protection Directive; B for all others
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 26
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:
A. Lack of completeness and transparency in terms of use B. Lack of information on jurisdictions
C. No source escrow agreement
D. Unclear asset ownership
E. Audit or certification not available to customers
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 27
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?
A. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.
B. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.
C. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
D. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
E. Both B and D.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 28
ENISA: A reason for risk concerns of a cloud provider being acquired is:
A. Arbitrary contract termination by acquiring company B. Resource isolation may fail
C. Provider may change physical location
D. Mass layoffs may occur
E. Non-binding agreements put at risk
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Certificate of Cloud Security Knowledge CCSK CSA - Questions + Answers
-
answerhappygod
- Site Admin
- Posts: 899603
- Joined: Mon Aug 02, 2021 8:13 am