
あなたのCCSK試験100%合格問題集はここFast2testで一発合格
突破上級者がシミュレーションされたCCSK試験問題集PDF
質問 # 81
Which governance domain focuses on proper and adequate incident detection, response, notification, and remediation?
- A. Infrastructure Security
- B. Incident Response, Notification and Remediation
- C. Data Security and Encryption
- D. Compliance and Audit Management
- E. Information Governance
正解:B
質問 # 82
Policy documentation and training is a:
- A. Logical control
- B. Administrative control
- C. Technical control
- D. Physical control
正解:B
解説:
There are three, commonly accepted forms of Controls:
Administrative-These are the laws, regulations, policies, practices and guidelines that govern the overall requirements and controls for an Information Security or other operational risk program. For example, a law or regulation may require merchants and financial institutions to protect and implement controls for customer account data to prevent identity theft. The business, in order to comply with the law or regulation, may adopt policies and procedures laying out the internal requirements for protecting this data, which requirements are a form of control.
Logical -These are the virtual, application and technical controls (systems and software), such as firewalls, antivirus software, encryption and maker/checker application routines.
Physical -Whereas a firewall provides a "logical" key to obtain access to a network, a "physical" key to a door can be used to gain access to an office space or storage room. Other examples of physical controls are video surveillance systems, gates and barricades, the use of guards or other personnel to govern access to an office, and remote backup facilities.
質問 # 83
CCM: The following list of controls belong to which domain of the CCM?
GRM 06 - Policy GRM 07 - Policy Enforcement GRM 08 - Policy Impact on Risk Assessments GRM 09 - Policy Reviews GRM 10 - Risk Assessments GRM 11 - Risk Management Framework
- A. Governing and Risk Metrics
- B. Governance and Retention Management
- C. Governance and Risk Management
正解:C
質問 # 84
How does network segmentation primarily contribute to limiting the impact of a security breach?
- A. By reducing the threat of breaches and vulnerabilities
- B. Monitoring and detecting unauthorized access attempts
- C. Confining breaches to a smaller portion of the network
- D. Allowing faster data recovery and response
正解:C
解説:
Network segmentation isolates sections of the network, limiting the spread of a breach and containing it to a specific segment. Reference: [Security Guidance v5, Domain 7 - Infrastructure & Networking]
質問 # 85
When your bank or credit card company sends you a notification of changes in how it collects or shares data, it is sending that notification in compliance with:
- A. GDPR
- B. HIPAA
- C. ISO 27001
- D. FERPA
正解:A
解説:
Under GDPR. it is mandatory to notify consumers how their data will be used
質問 # 86
What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?
- A. The actual size of the data and the storage format
- B. The fragmentation and encryption algorithms employed
- C. The physical location of the data and how it is accessed
- D. The language of the data and how it affects the user
- E. The implications of storing complex information on simple storage systems
正解:E
質問 # 87
Which of the following decouples the network control plane from the data plane and allows to abstract networking from the tradition a limitations of a LAN?
- A. Converged Networking
- B. Software defined networking
- C. Traditional Networking
- D. VLANS
正解:B
解説:
Software Defined Networking(SDN):A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data plane(you can read more on SDN principles at this Wikipedia entry).This allows us to abstract networking from the traditional limitations of a LAN.
Reference: CSA Security Guidelines V4.0
質問 # 88
Containers can be implemented without the use of VMs at all and run directly on hardware.
- A. True
- B. False
正解:A
解説:
Multiple containers can run on the same virtual machine or be implemented without the use of VMs at all and run directly on hardware. The container provides code running inside a restricted environment with only access to the processes and capabilities defined in the container configuration. This allows containers to launch incredibly rapidly. since they don't need to boot an operating system or launch many(sometimes any) new services; the container only needs access to already-running services in the host 0S and some can launch in milliseconds.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)
質問 # 89
Which of the following is not part of STRIDE model?
- A. Spoofing
- B. Elevation of Privilege
- C. Denial of Service
- D. Distributed Denial of Service
正解:D
解説:
The letters in STRIDE threat model represent Spoofing of identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. The other options are simply mixed up or incorrect versions of the same.
質問 # 90
Private clouds can be hosted off-premises as well.
- A. True
- B. False
正解:A
解説:
It is true. This is how Private cloud is defined.
Private Cloud: The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or by a third party and may be located on-premises or off-premises.
質問 # 91
What is the key difference between Business Continuity and Business Continuity Management?
- A. None of the above
- B. Business Continuity is the holistic process whereas Business Continuity Management is the capability of the organization
- C. Business Continuity is the capability of the organization whereas Business Continuity Management is the holistic process.
- D. They are same concepts used interchangeably
正解:C
解説:
Definitions:
Business continuity: The capability of the organisation to continue delivery of products or services at acceptable predefined levels following a loss of service.
Business continuity management: A holistic management process that identifies potential threats to an organisation and the impacts to business operations those threats, if realised, might cause. It provides a framework for building organisational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities
質問 # 92
Which of the following is most commonly used to program Application Programming Interface(API)?
- A. HTTP
- B. JSON
- C. REST
- D. SOAP
正解:C
解説:
APIs are typically REST for cloud services, since REST is easy to implement across the Internet. REST APIs have become the standard for web-based services since they run over Hl'-P/S and thus work well across diverse environments.
Reference: CSA Security GuidelinesV.4 (reproduced here for the educational purpose)
質問 # 93
Which of the following is NOT a component of Software Defined Perimeter as defined by Cloud Security Alliance Working group on SDP?
- A. SDP Host
- B. SDP Gateway
- C. SDP Controller
- D. SDP Client
正解:A
解説:
The CSA Software Defined Perimeter Working Group has developed a model and specification that combines device and user authentication to dynamically provision network access to resources and enhance security. SDP includes three components:
An SDP client on the connecting asset (e.g. a laptop).
* The SDP controller for authenticating and authorizing SDP clients and configuring the connections to SDP gateways.
* The SDP gateway for terminating SDP client network traffic and enforcing policies in communication with the SDP controller. Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)
質問 # 94
The containment phase of the incident response lifecycle requires taking systems offline.
- A. True
- B. False
正解:A
質問 # 95
Which of following is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor?
- A. VM HBR
- B. VM DOS
- C. VM rootkit
- D. VM Escape
正解:D
解説:
Virtual machine escape is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor. Such an exploit could give the attacker access to the host operating system and all other virtual machines(VMs) running on that host.
質問 # 96
What defines easiness to move and reuse application components regardless of the provider, platform,
0S, infrastructure, location, storage, format of data or APIs, how well applications work together, and how well new applications work with other solutions present in the business, organization, or provider's existing architecture?
- A. Scalability
- B. Interoperability
- C. Elasticity
- D. Portability
正解:B
解説:
Interoperability is an important characteristic.
Definition: Interoperability
Interoperability is the ability of a system or a product to work with other systems or products without special effort on the part of the customer.
質問 # 97
"Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. " Which of the following characteristics defines this?
- A. Rapid elasticity
- B. Resource pooling
- C. Broad network access
- D. Measured service
正解:D
解説:
Measured service is defined as "Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service. "
質問 # 98
Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?
- A. Desktop-as-a-service (DaaS)
- B. Infrastructure-as-a-service (IaaS)
- C. Software-as-a-service (SaaS)
- D. Identity-as-a-service (IDaaS)
- E. Platform-as-a-service (PaaS)
正解:E
質問 # 99
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?
- A. Provider run audits and reports
- B. Provider documentation
- C. Provider and consumer contracts
- D. EDiscovery tools
- E. Third-party attestations
正解:E
質問 # 100
Which of the following is key component of regulated PII components?
- A. Data disclosure
- B. E-discovery
- C. Mandatory Breach Reporting
- D. Cloud Service Provider Consent
正解:C
解説:
The key component and differentiator related to regulated PII is mandatory breach reporting requirements. At present. 47 states and territories within the United States, including the District of Columbia. Puerto Rico. and the Virgin Islands, have legislation in place that requires both private and government entities to notify and inform individuals of any security breaches involving PII.
質問 # 101
What is true of a workload?
- A. It is a unit of processing that consumes memory
- B. It must be containerized
- C. It is configured for specific, established tasks
- D. It is always a virtual machine
- E. It does not require a hardware stack
正解:A
質問 # 102
Cloud Service Provider and Cloud Customer are jointly responsible for ownership of the all risks in shared responsibility model for security across all service models.
- A. False
- B. True
正解:A
解説:
This is false. This is again a tricky question and one should be careful when answering this type of question. It is the cloud customer is who is ultimately responsible for the ownership of risk in the cloud environment. Consumer just passes some of risk management responsibilities to the cloud service provider.
質問 # 103
......
Cloud Security Alliance CCSK(Certificate of Cloud Security Knowledge)認定試験は、クラウドセキュリティの原則、コンセプト、ベストプラクティスに関する知識と理解を検証する、グローバルに認知された資格です。この試験は、ITおよびセキュリティプロフェッショナル、クラウドアーキテクト、クラウドセキュリティに関心のある人などを対象としています。CCSK認定は、特定のクラウドプラットフォームやテクノロジーに結び付けられていないため、クラウドセキュリティの知識と専門知識を誇示するための理想的な認定資格です。
CCSK問題集トレーニングコース完全版:https://jp.fast2test.com/CCSK-premium-file.html
お客様を合格させる試験学習材料Certificate of Cloud Security Knowledge (v4.0) Exam:https://drive.google.com/open?id=1bv7VZnGfrP7KIo9sv1T7gU5_Bopdng6X