ExamGecko
Login
Home / CSA - Cloud Security Alliance / CCSK / List of questions
Ask Question

CSA - Cloud Security Alliance CCSK Practice Test - Questions Answers, Page 10

List of questions

Question 91

Report Export Collapse

CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?

Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs
Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs
Use CCM to build a detailed list of requirements and controls that they want their CSP to implement
Use CCM to build a detailed list of requirements and controls that they want their CSP to implement
Use CCM to help assess the risk associated with the CSP
Use CCM to help assess the risk associated with the CSP
None of the above
None of the above
Suggested answer: D
asked 16/09/2024
Christopher Castillo
41 questions

Question 92

Report Export Collapse

If the management plane has been breached, you should confirm the templates/configurations for your infrastructure or applications have not also been compromised.

False
False
True
True
Suggested answer: A
asked 16/09/2024
Mihai Stefanescu
36 questions

Question 93

Report Export Collapse

CCM: A hypothetical start-up company called "ABC" provides a cloud based IT management solution.

They are growing rapidly and therefore need to put controls in place in order to manage any changes in their production environment. Which of the following Change Control & Configuration Management production environment specific control should they implement in this scenario?

Policies and procedures shall be established for managing the risks associated with applying changes to business-critical or customer (tenant)-impacting (physical and virtual) applications and systemsystem interface (API) designs and configurations, infrastructure network and systems components.
Policies and procedures shall be established for managing the risks associated with applying changes to business-critical or customer (tenant)-impacting (physical and virtual) applications and systemsystem interface (API) designs and configurations, infrastructure network and systems components.
Policies and procedures shall be established, and supporting business processes and technical measures implemented, to restrict the installation of unauthorized software on organizationallyowned or managed user end-point devices (e.g. issued workstations, laptops, and mobile devices) and IT infrastructure network and systems components.
Policies and procedures shall be established, and supporting business processes and technical measures implemented, to restrict the installation of unauthorized software on organizationallyowned or managed user end-point devices (e.g. issued workstations, laptops, and mobile devices) and IT infrastructure network and systems components.
All cloud-based services used by the company's mobile devices or BYOD shall be pre-approved for usage and the storage of company business data.
All cloud-based services used by the company's mobile devices or BYOD shall be pre-approved for usage and the storage of company business data.
None of the above
None of the above
Suggested answer: A
asked 16/09/2024
Nicholas Stoner
46 questions

Question 94

Report Export Collapse

Containers are highly portable code execution environments.

False
False
True
True
Suggested answer: B
asked 16/09/2024
WONG CHUN KIT WONG CHUN KIT
29 questions

Question 95

Report Export Collapse

Which statement best describes the Data Security Lifecycle?

The Data Security Lifecycle has six stages, is strictly linear, and never varies.
The Data Security Lifecycle has six stages, is strictly linear, and never varies.
The Data Security Lifecycle has six stages, can be non-linear, and varies in that some data may never pass through all stages.
The Data Security Lifecycle has six stages, can be non-linear, and varies in that some data may never pass through all stages.
The Data Security Lifecycle has five stages, is circular, and varies in that some data may never pass through all stages.
The Data Security Lifecycle has five stages, is circular, and varies in that some data may never pass through all stages.
The Data Security Lifecycle has six stages, can be non-linear, and is distinct in that data must always pass through all phases.
The Data Security Lifecycle has six stages, can be non-linear, and is distinct in that data must always pass through all phases.
The Data Security Lifecycle has five stages, can be non-linear, and is distinct in that data must always pass through all phases.
The Data Security Lifecycle has five stages, can be non-linear, and is distinct in that data must always pass through all phases.
Suggested answer: B
asked 16/09/2024
Ayyaz Rehan Ikram
31 questions

Question 96

Report Export Collapse

Which of the following encryption methods would be utilized when object storage is used as the back-end for an application?

Database encryption
Database encryption
Media encryption
Media encryption
Asymmetric encryption
Asymmetric encryption
Object encryption
Object encryption
Client/application encryption
Client/application encryption
Suggested answer: E
asked 16/09/2024
Ilias Akarkach
43 questions

Question 97

Report Export Collapse

In the Software-as-a-service relationship, who is responsible for the majority of the security?

Application Consumer
Application Consumer
Database Manager
Database Manager
Application Developer
Application Developer
Cloud Provider
Cloud Provider
Web Application CISO
Web Application CISO
Suggested answer: D
asked 16/09/2024
Cynan Jones
43 questions

Question 98

Report Export Collapse

What method can be utilized along with data fragmentation to enhance security?

Encryption
Encryption
Organization
Organization
Knowledge management
Knowledge management
IDS
IDS
Insulation
Insulation
Suggested answer: E
asked 16/09/2024
Luis Maciel
47 questions

Question 99

Report Export Collapse

Which of the following statements best defines the "authorization" as a component of identity, entitlement, and access management?

The process of specifying and maintaining access policies
The process of specifying and maintaining access policies
Checking data storage to make sure it meets compliance requirements
Checking data storage to make sure it meets compliance requirements
Giving a third party vendor permission to work on your cloud solution
Giving a third party vendor permission to work on your cloud solution
Establishing/asserting the identity to the application
Establishing/asserting the identity to the application
Enforcing the rules by which access is granted to the resources
Enforcing the rules by which access is granted to the resources
Suggested answer: D
asked 16/09/2024
Yung-Shuen Chang
40 questions

Question 100

Report Export Collapse

How can web security as a service be deployed for a cloud consumer?

By proxying or redirecting web traffic to the cloud provider
By proxying or redirecting web traffic to the cloud provider
By utilizing a partitioned network drive
By utilizing a partitioned network drive
On the premise through a software or appliance installation
On the premise through a software or appliance installation
Both A and C
Both A and C
None of the above
None of the above
Suggested answer: A
asked 16/09/2024
Chris Ngobili
42 questions
Total 260 questions
Go to page: of 26
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is a potential concern of using Security-as-a-Service (SecaaS)?
REST APIs are the standard for web-based services because they run over HTTPS and work wellacross diverse environments.
Which of the following statements best describes an identity federation?
Containers are highly portable code execution environments.
What are the primary security responsibilities of the cloud provider in compute virtualizations?
Which cloud security model type provides generalized templates for helping implement cloud security?
What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?
ENISA: “VM hopping” is:
All cloud services utilize virtualization technologies.
In the cloud provider and consumer relationship, which entity manages the virtual or abstracted infrastructure?