Which of the following statements is true in regards to Data Loss Prevention (DLP)?

DLP can provide options for how data found in violation of a policy can be handled.

DLP can provide options for quickly deleting all of the data stored in a cloud environment.

DLP can classify all data in a storage repository.

DLP never provides options for how data found in violation of a policy can be handled.

DLP can provide options for where data is stored.

DLP can provide options for how data found in violation of a policy can be handled.

CCM: The Architectural Relevance column in the CCM indicates the applicability of the cloud security control to which of the following elements?

Service Provider or Tenant/Consumer

Physical, Network, Compute, Storage, Application or Data

For third-party audits or attestations, what is critical for providers to publish and customers to evaluate?

Network or architecture diagrams including all end point security devices in use

Scope of the assessment and the exact included features and services for the assessment

Provider infrastructure information including maintenance windows and contracts

Network or architecture diagrams including all end point security devices in use

Service-level agreements between all parties

Full API access to all required services

What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?

A number of requirements to be implemented, based upon numerous standards and regulatory requirements

Network traffic rules for cloud environments

A number of requirements to be implemented, based upon numerous standards and regulatory requirements

Federal legal business requirements for all cloud operators

A list of cloud configurations including traffic logic and efficient routes

The command and control management hierarchy of typical cloud company

How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?

Segregate keys from the provider hosting data

Use strong multi-factor authentication

Secure backup processes for key management systems

Segregate keys from the provider hosting data

Stipulate encryption in contract language

Select cloud providers within the same country as customer

CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?

Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs

Use CCM to build a detailed list of requirements and controls that they want their CSP to implement

Use CCM to help assess the risk associated with the CSP

CCM: A hypothetical start-up company called "ABC" provides a cloud based IT management solution.They are growing rapidly and therefore need to put controls in place in order to manage any changes in their production environment. Which of the following Change Control & Configuration Management production environment specific control should they implement in this scenario?

Policies and procedures shall be established for managing the risks associated with applying changes to business-critical or customer (tenant)-impacting (physical and virtual) applications and systemsystem interface (API) designs and configurations, infrastructure network and systems components.

Policies and procedures shall be established, and supporting business processes and technical measures implemented, to restrict the installation of unauthorized software on organizationallyowned or managed user end-point devices (e.g. issued workstations, laptops, and mobile devices) and IT infrastructure network and systems components.

All cloud-based services used by the company's mobile devices or BYOD shall be pre-approved for usage and the storage of company business data.

Which statement best describes the Data Security Lifecycle?

The Data Security Lifecycle has six stages, can be non-linear, and varies in that some data may never pass through all stages.

The Data Security Lifecycle has six stages, is strictly linear, and never varies.

The Data Security Lifecycle has six stages, can be non-linear, and varies in that some data may never pass through all stages.

The Data Security Lifecycle has five stages, is circular, and varies in that some data may never pass through all stages.

The Data Security Lifecycle has six stages, can be non-linear, and is distinct in that data must always pass through all phases.

The Data Security Lifecycle has five stages, can be non-linear, and is distinct in that data must always pass through all phases.

Which of the following statements best defines the "authorization" as a component of identity, entitlement, and access management?

Establishing/asserting the identity to the application

The process of specifying and maintaining access policies

Checking data storage to make sure it meets compliance requirements

Giving a third party vendor permission to work on your cloud solution

Establishing/asserting the identity to the application

Enforcing the rules by which access is granted to the resources

How can web security as a service be deployed for a cloud consumer?

By proxying or redirecting web traffic to the cloud provider

By utilizing a partitioned network drive

On the premise through a software or appliance installation

Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?

Dynamic Application Security Testing (DAST)

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

CCM: The Cloud Service Delivery Model Applicability column in the CCM indicates the applicability of the cloud security control to which of the following elements?

Mappings to well-known standards and frameworks

Service Provider or Tenant/Consumer

Physical, Network, Compute, Storage, Application or Data

What does it mean if the system or environment is built automatically from a template?

Changes made in test are overwritten by the next code or template change.

It depends on how the automation is configured.

Changes made in production are overwritten by the next code or template change.

Changes made in test are overwritten by the next code or template change.

Changes made in production are untouched by the next code or template change.

What are the encryption options available for SaaS consumers?

Provider-managed and (sometimes) proxy encryption

Any encryption option that is available for volume storage, object storage, or PaaS

Provider-managed and (sometimes) proxy encryption

Client/application and file/folder encryption

Object encryption Volume storage encryption

In the cloud provider and consumer relationship, which entity manages the virtual or abstracted infrastructure?

Both the cloud provider and consumer

It is determined in the agreement between the entities

It is outsourced as per the entity agreement

Which of the following statements best describes an identity federation?

The connection of one identity repository to another

A group of entities which have decided to exist together in a single cloud

Identities which share similar attributes

Several countries which have agreed to define their identities with similar attributes

The connection of one identity repository to another

What is a core tenant of risk management?

You can manage, transfer, accept, or avoid risks.

The provider is accountable for all risk management.

You can manage, transfer, accept, or avoid risks.

The consumers are completely responsible for all risk.

If there is still residual risk after assessments and controls are in place, you must accept the risk.

Risk insurance covers all financial losses, including loss of customers.

What can be implemented to help with account granularity and limit blast radius with laaS an PaaS?

Configuring secondary authentication

Maintaining tight control of the primary account holder credentials

Implementing least privilege accounts

Configuring role-based authentication

How does cloud sprawl complicate security monitoring in an enterprise environment?

Cloud sprawl disperses assets, making it harder to monitor assets.

Cloud sprawl centralizes assets, simplifying security monitoring.

Cloud sprawl reduces the number of assets, easing security efforts.

Cloud sprawl has no impact on security monitoring.

In the Incident Response Lifecycle, which phase involves identifying potential security events and examining them for validity?

Containment, Eradication, and Recovery

How does centralized logging simplify security monitoring and compliance?

It consolidates logs into a single location.

It decreases the amount of data that needs to be reviewed.

It encrypts all logs to prevent unauthorized access.

It automatically resolves all detected security threats.

CSA - Cloud Security Alliance CCSK Practice Test 3 - Free Online Exam Prep & Questions

Audits should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. They should also use what type of auditors?

A.

Auditors working in the interest of the cloud customer

B.

Independent auditors

C.

Certified by CSA

D.

Auditors working in the interest of the cloud provider

E.

None of the above

CSA - Cloud Security Alliance CCSK Practice Test 3

Question

CSA - Cloud Security Alliance CCSK Practice Tests

Practice Tests