CCSK EXAM SIMULATOR

1. Which deployment model is commonly used to describe a non-cloud data center bridged directly to a cloud provider?

 
 
 
 
 

2. Which common components of big data is focused on the mechanisms used to ingest large volumes of data, often of a streaming nature?

 
 
 
 
 

3. Which attack surfaces, if any, does virtualization technology introduce?

 
 
 
 

4. What factor should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?

 
 
 
 
 

5. ENISA: an example of a user provisioning vulnerability is:

 
 
 
 
 

6. Which tool is the primary tool between the cloud provider and customer that extends governance into business partners and providers

 
 
 
 
 

7. What is resource pooling?

 
 
 
 
 

8. What is the order of the main phases of secure applications design and development?

 
 
 
 
 

9. If a provider’s infrastructure is not in scope, who is responsible for building compliant applications and services?

 
 
 
 
 

10. If in certain litigations and investigations, the actual cloud application or environment itself is relevant to resolving the dispute in the litigation or the investigation, how is likely the information to be obtained?

 
 
 
 
 

11. What is the audit related implications of the outsourced cloud services?

 
 
 
 
 

12. In a cloud environment, how can you best determine data/information security risks and potential controls?

 
 
 
 
 

13. What method can be utilized along with data fragmentation to enhance security?

 
 
 
 
 

14. Which type of application security testing involves manual testing activity that is not necessarily integrated into automated testing

 
 
 
 

15. What are major factor to building and managing secure management plane?

 
 
 
 
 

16. CCM: in the CCM tool (encryption and key management) is an example of which of the following?

 
 
 
 

17. When mapping functions to lifecycle phases, which functions are required to successfully process data?

 
 
 
 
 

18. CCM: a compagny wants to use IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the compagny as a cloud customer?

 
 
 
 

19. You should disable remote access when working with immutable workloads?

 
 

20. If the management plane has been breached, you should confirm the templates/configurations for your infrastructure or applications have not also been compromised

 
 

21. What is a core tenant of risk management?

 
 
 
 
 

22. Of the choices below, which option allows for the most interoperability in security authentication in a cloud environment?

 
 
 
 

23. Virtual appliances can become bottleneck because they cannot fail open and must intercept all traffic

 
 

24. Compute virtualization abstracts the running of code, not including the operating systems, from the underlying hardware

 
 

25. Which type of cloud service provider would you contact to SSO-enable your customers and employees for access all corporate applications?

 
 
 
 
 

26. APIs and services requires extensive hardening and must assume attacks for authenticated and unauthenticated adversaries

 
 

27. ENISA: in infrastructure as as service IaaS, who is responsible for guest system monitoring?

 
 
 
 
 

28. You have a business relationship with a cloud provider for all sales management functionalities. Through the API and SDK, you have customized the interface and some functionality, but the back end service is done through the cloud provider. In this relationship, which service is completed by the cloud provider?

 
 
 
 
 

29. What is true of cloud built-in firewalls?

 
 
 
 
 

30. CCM: which of the following statements about CCM v3.0.1 is NOT true?

 
 
 
 

31. What is true of workload?

 
 
 
 
 

32. which action is part of the containement phase of the incident response lifecycle?

 
 
 
 
 

33. What are the NIST defined essential characteristics for cloud computing?

 
 
 
 
 

34. What makes the metastructure layer of cloud computing so different from traditional computing?

 
 
 
 
 

35. Highly regulated industries such as finance and health care should consider the impact of cloud providers operating in diverse geographic locations and ………..

 
 
 
 
 

36. How does running applications on distinct virtual networks and only connecting networks as needed help?

 
 
 
 
 

37. How can virtual machine communications bypass network security controls?

 
 
 
 

38. Which tools discover internal uses of cloud services through various mechanisms such as network monitoring, integration with existing gateways or monitoring tools, or by monitoring DNS queries?

 
 
 
 
 

39. What can be implemented to help with account granularity and limit blast radius with IaaS and PaaS?

 
 
 
 
 

40. CCM: the following list of control belong to which domain of the CCM:
GRM 06 -Policy
GRM 07 -Policy enforcement
GRM 08 Policy impact on risk assessment
GRM 09 -Policy reviews
GRM 10 -Risk assessments
GRM 11 -Risk management framework?

 
 
 
 

41. Vulnerabilities assessments cannot be easily integrated into CI/CD pipelines because of provider restrictions

 
 

42. Which of the following statements best defines the potential advantages of security as a service SecaaS?

 
 
 
 
 

43. While the cloud consumer is responsible for implementing the security controls, the cloud provider implements the security of the workloads

 
 

44. Which facet is focused on protecting the management plane components, such as web and API servers from attacks?

 
 
 
 
 

45. When the applications components communicate directly with the cloud service, the management and metastructure might fall within the application security scope

 
 

46. Which phase of incident response life cycle includes creating and validating alerts?

 
 
 
 
 

47. What is a potential benefit of using a security as a service SecaaS?

 
 
 
 
 

48. What item below allows disparate directory services and independent security domain to be interconnected?

 
 
 
 
 

49. Which regulations affect data controllers with business in japan?

 
 
 
 
 

50. When configuring properly, logs can track every code, infrastructure and configuration change and connect it back to the submitter and approver, including the tests results

 
 

51. How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?

 
 
 
 
 

52. Database activity monitoring and file activity monitoring are specifically recommended for what type of data migrations into the cloud?

 
 
 
 
 

53. When designing an encryption system, you should start with a threat model

 
 

54. The software defined perimeter SDP includes which components?

 
 
 
 
 

55. Which of the following statements best defines the “authorization” as a component of identity , entitlement and access management

 
 
 
 
 

56. ENISA: which is not one of the following key legal issues common across all scenarios?

 
 
 
 
 

57. Which action is part of the preparation phase of the incident response lifecycle?

 
 
 
 
 

58. The key concern of data backup and recovery schemes is

 
 
 
 
 

59. Immutable workloads make it faster to roll out updates versions because applications must be designed to handle individual nodes going down?

 
 

60. What is true of data collection forensics?

 
 
 
 
 

Question 1 of 60