CCSK Certificate of Cloud Security Knowledge (v5.0) Questions and Answers

The on demand self-service nature of cloud computing environments.

Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.

The possibility of data crossing geographic or jurisdictional boundaries.

Object-based storage in a private cloud.

The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.

Use strong multi-factor authentication

Secure backup processes for key management systems

Segregate keys from the provider hosting data

Stipulate encryption in contract language

Select cloud providers within the same country as customer

Public

PaaS

Private

IaaS

Hybrid

False

True

Planned Outages

Resiliency Planning

Expected Engineering

Chaos Engineering

Organized Downtime

By proxying or redirecting web traffic to the cloud provider

By utilizing a partitioned network drive

On the premise through a software or appliance installation

Both A and C

None of the above

Serverless computing

Virtual machineless

Abstraction

Container

Provider managed

A library of data definitions

A group of entities which have decided to exist together in a single

cloud

Identities which share similar attributes

Several countries which have agreed to define their identities with

similar attributes

The connection of one identity repository to another

The physical location of the data and how it is accessed

The fragmentation and encryption algorithms employed

The language of the data and how it affects the user

The implications of storing complex information on simple storage systems

The actual size of the data and the storage format

The cloud consumer

The majority is covered by the consumer

It depends on the agreement

The responsibility is split equally

The cloud provider

The devices used to access data have different storage formats.

The devices used to access data use a variety of operating systems and may have different programs installed on them.

The device may affect data dispersion.

The devices used to access data use a variety of applications or clients and may have different security characteristics.

The devices used to access data may have different ownership characteristics.

Conceptual models or frameworks

Design patterns

Controls models or frameworks

Reference architectures

Cloud Controls Matrix (CCM)

Arbitrary contract termination by acquiring company

Resource isolation may fail

Provider may change physical location

Mass layoffs may occur

Non-binding agreements put at risk

It is a unit of processing that consumes memory

It does not require a hardware stack

It is always a virtual machine

It is configured for specific, established tasks

It must be containerized

Broad Network Access

Measured Service

Third Party Service

Rapid Elasticity

Resource Pooling

Auditors working in the interest of the cloud customer

Independent auditors

Certified by CSA

Auditors working in the interest of the cloud provider

None of the above

It reduces hardware costs

It provides dynamic and granular policies with less management overhead

It locks down access and provides stronger data security

It reduces the blast radius of a compromised system

It enables you to configure applications around business groups

Spam filtering

Authentication

Provisioning

Web filtering

Intrusion detection

False

True

More efficient and timely system updates

ISO 27001 certification

Provider can obfuscate system O/S and versions

Greater compatibility with customer IT infrastructure

Lock-In

Lack of visibility

Deployment flexibility

Scaling and costs

Intelligence sharing

Insulation of clients

Risk Impact

Domain

Control Specification

False

True

Data Security and Encryption

Information Governance

Incident Response, Notification and Remediation

Compliance and Audit Management

Infrastructure Security

To provide cloud service rate comparisons

To certify cloud services for regulatory compliance

To document security and privacy controls of cloud offerings

To manage data residency and localization requirements

To increase data transfer speeds within the cloud environment

To reduce the cost of cloud services

To ensure compliance, security, and efficient management aligned with the organization's goals

To eliminate the need for on-premises data centers

It allows for quick restoration points during updates or changes

It is used for load balancing VMs

It enhances VM performance significantly

It provides real-time analytics on VM applications

To implement detailed procedural instructions for security measures

To organize control objectives for achieving desired security outcomes

To ensure compliance with all regulatory requirements

To provide tools for automated security management

Post-Incident Activity

Detection and Analysis

Preparation

Containment, Eradication, and Recovery

Risk assessment

Audit

Penetration testing

Incident response

Reduces the need for security auditing

Enables consistent security configurations through automation

Increases manual control over security settings

Increases scalability of cloud resources

Cloud sprawl disperses assets, making it harder to monitor assets.

Cloud sprawl centralizes assets, simplifying security monitoring.

Cloud sprawl reduces the number of assets, easing security efforts.

Cloud sprawl has no impact on security monitoring.

High operational costs

Misconfigurations

Limited scalability

Complex deployment pipelines

Enhances security by supporting authorizations based on the current context and status

Reduces log analysis requirements

Simplifies regulatory compliance by using a single sign-on mechanism

These are required for proper implementation of RBAC

Firewalls

Software-Defined Perimeter (SDP)

Virtual Private Network (VPN)

Intrusion Detection System (IDS)

Enhancing data governance and compliance

Simplifying cloud service integrations

Increasing cloud data processing speed

Reducing the cost of cloud storage

Implementing real-time visibility

Deploying container-specific antivirus scanning

Using static code analysis tools in the pipeline

Full packet network monitoring

Developing a cloud service provider evaluation criterion

Deploying automated security monitoring tools across cloud services

Establishing a Cloud Incident Response Team and response plans

Conducting regular vulnerability assessments on cloud infrastructure

Formalizing cloud security policies

Implementing best-practice cloud security control objectives

Negotiating SLAs with cloud providers

Establishing a governance hierarchy

Using access controls as the sole security measure

Encrypting all objects in the repository

Encrypting the access paths only

Encrypting only sensitive objects

Contracts

Shared Responsibility Model

Service Registry

Risk Register

Limited deployment options

Manual management of resources

Automation of deployment and scaling

Increased hardware dependency

To reduce costs associated with physical hardware

To simplify the deployment of virtual machines

To quickly respond to evolving threats and changing infrastructure

To ensure high availability and load balancing

They reduce the cost of cloud services.

They provide visibility into cloud environments.

They enhance physical security.

They encrypt cloud data at rest.

Optimizing cloud infrastructure performance

Managing user authentication for human access

Securely handling stored authentication credentials

Monitoring network traffic for security threats

It consolidates logs into a single location.

It decreases the amount of data that needs to be reviewed.

It encrypts all logs to prevent unauthorized access.

It automatically resolves all detected security threats.

Defining and maintaining the governance plan

Adherence to internal policies, laws, regulations, standards, and best practices

Implementing automation technologies to monitor the control implemented

Conducting regular penetration testing as stated in applicable laws and regulations

Continuous Build, Integration, and Testing

Continuous Delivery and Deployment

Secure Design and Architecture

Secure Coding

It identifies issues before full deployment, saving time and resources.

It increases the overall testing time and costs.

It allows skipping final verification tests.

It eliminates the need for continuous integration.

To create a separation between development and operations

To eliminate the need for IT operations by automating all tasks

To enhance collaboration between development and IT operations for efficient delivery

To reduce the development team size by merging roles