
最新 [2022年02月22日]Cloud Security Alliance CCSKリアル試験問題集PDF
CCSK練習テスト問題は更新された300問題あります
質問 70
When the data is transferred to third party. who is ultimately responsible for security of data?
- A. Cloud Security Broker
- B. Cloud Processor
- C. Cloud Controller
- D. Cloud Service Provider
正解: C
解説:
Whatever will be the scenario. Data controller will be responsible for security of data in cloud
質問 71
Which of the following can lead to vendor lock-in?
- A. Lack of transparency in terms of use
- B. Large supplier Redundancy
- C. CSP's vendor utilisation
- D. Big Data sets
正解: A
解説:
Lack of transparency in terms of use can lead to vendor lock-in. Contracts and SLAs should clearly define the relationship between Cloud Service Provider(CSP)and the cloud customer. Clause of data portability should be there.
質問 72
ISO 27001 certification can be taken as proof to achieve Third-party assessment level in CSA star program.
- A. True
- B. False
正解: A
解説:
The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC
27001:2013 management system standard together with the CSA Cloud Controls Matrix.
質問 73
Sending data to a provider's storage over an API is likely as much more reliable and secure than setting up your own SFTP server on a VM in the same provider
- A. True
- B. False
正解: A
質問 74
Whose responsibility is to maintain Data Loss Prevention mechanisms in SaaS(Software as a Service) model ?
- A. Cloud Service provider
- B. Cloud Customer
- C. Cloud Carrier
- D. Cloud Access Security Broker
正解: A
解説:
Although clouds customer is legally responsible for data that he stores on the cloud but Cloud Service Provider has to maintain data loss prevention mechanisms
質問 75
How does virtualized storage help avoid data loss if a drive fails?
- A. Full back ups weekly
- B. Data loss is unavoidable with drive failures
- C. Multiple copies in different locations
- D. Drives are backed up, swapped, and archived constantly
- E. Incremental backups daily
正解: C
質問 76
John said that he is looking for cloud service which is self-serviced and has a on-demand capacity. Which service model is he referring to?
- A. IaaS
- B. XaaS
- C. PaaS
- D. SaaS
正解: A
解説:
Following are the characteristics of IaaS service model of cloud computing:
1. Scale
2. Converged network and IT capacity pool
3. Self-service and on-demand capacity
4. High reliability and resilience
質問 77
Single cloud assets are typically less resilient than in the case of traditional infrastructure.
- A. True
- B. False
正解: A
解説:
Cloud platforms can be incredibly resilient. but single cloud assets are typically less resilient than in the case of traditional infrastructure. This is due to the inherently greater fragility of virtualized resources running in highly-complex environments.
Reference: CSA Security Guidelines V.4 (reproduced here for the educational purpose)
質問 78
Which of the following is NOT true about CSA Cloud control metrix (CCM)?
- A. Define the Cloud Audit Methodolog
- B. Maps controls to existing standards like ISO 27001
- C. Contains security controls divided in several domains
- D. Also includes controls related to processing of personal data.
正解: A
解説:
Remember that CCM is a security framework and does not include any methodology The Cloud Security Alliance Cloud Controls Matrix(CCM) is an essential and up-to-date security controls framework that is addressed to the cloud community and stakeholders. A fundamental richness of the CCM is its ability to provide mapping and cross relationships with the main industry-accepted security
質問 79
Which statement best describes why it is important to know how data is being accessed?
- A. The devices used to access data have different storage formats.
- B. The devices used to access data use a variety of applications or clients and may have different security characteristics.
- C. The devices used to access data use a variety of operating systems and may have different programs installed on them.
- D. The device may affect data dispersion.
- E. The devices used to access data may have different ownership characteristics.
正解: B
質問 80
When your bank or credit card company sends you a notification of changes in how it collects or shares data, it is sending that notification in compliance with:
- A. GDPR
- B. ISO 27001
- C. HIPAA
- D. FERPA
正解: A
解説:
Under GDPR. it is mandatory to notify consumers how their data will be used
質問 81
Which of the following is NOT one of the common networks underlying in Cloud Infrastructure?
- A. Management Network
- B. Storage Network
- C. Service Network
- D. Security Network
正解: D
解説:
If you are a cloud provider (including managing a private cloud), physical segregation of networks composing your cloud is important for both operational and security reasons. We most commonly see at least three different networks which are isolated onto dedicated hardware since there is no functional or traffic overlap:
1. The service network for communications between virtual machines and the Internet. This builds the network resource pool for the cloud users.
2. The storage network to connect virtual storage to virtual machines.
3. A management network for management and API traffic.
Ref: Reference: CSA Security GuidelinesV.4 (reproduced here for the educational purpose)
質問 82
Which of the following should be your top priority when designing a cloud security program for your organization?
- A. Protection of cloud management plan
- B. Consider OWASP guideline
- C. Configure IPSEC tunnels
- D. Prevention of DDoS Attack
正解: A
解説:
In most cases, those APIs are both remotely accessible and wrapped into a web-based user interface.
This combination is the cloud management plane, since consumers use it to manage and configure the cloud resources, such as launching virtual machines (instances) or configuring virtual networks. From a security perspective, it is both the biggest difference from protecting physical infrastructure(since you can't rely on physical access as a control)and the top priority when designing a cloud security program. If an attacker gets into your management plane, they potentially have full remote access to your entire cloud deployment.
Ref: CSA Security Guidelines V4
質問 83
Which cloud storage technology is basically a virtual hard drive for instanced or VMs?
- A. Platform
- B. Database
- C. Application
- D. Object storage
- E. Volume storage
正解: E
質問 84
Which one of the following is the key techniques to create cloud infrastructure?
- A. Authentication
- B. Orientation
- C. Abstraction
- D. Classification
正解: C
解説:
The key techniques to create a cloud are abstraction and orchestration. We abstract the resources from the underlying physical infrastructure to create our pools, and use orchestration (and automation) to coordinate carving out and delivering a set of resources from the pools to the consumers. As you will see, these two techniques create all the essential characteristics we use to define something as a
"cloud."
Ref: CSA Security Guidelines V4.0
質問 85
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
- A. True
- B. False
正解: A
質問 86
NIST defines five characteristics of cloud computing- Rapid Elasticity, Broad Network Access, 0n demand self-service, Metered Usage & Resource pooling. However, IS0/lEC17788 mentions one more characteristic in addition is those 5. Which of the following is that characterstic?
- A. Automation
- B. Isolation
- C. Segregation
- D. Multitenancy
正解: D
解説:
IS0/lEC17788 lists six key characteristics. the first five of which are identical to the NIST characteristics.
The only addition is multitenancy. which is distinct from resource pooling.
Ref: CSA Security Guidelines V4.0
質問 87
Ben was working on a project and hosted all its data on a public cloud. The project is now complete and he wants to remove the data Which of the following is best option for him in order to leave no remanence?
- A. Physically destroy the media
- B. Data-overwriting
- C. Zeroing
- D. Cryptographic erasure
正解: D
解説:
All the options given are correct methods of destroying data but when it comes to data in cloud. the most suitable method is cryptographic erasure.
Definition: Cryptographic Erasure
Cryptographic erasure is the process of using encryption software (either built-in or deployed) on the entire data storage device. and erasing the key used to decrypt the data.
質問 88
Enterprise Risk Management is part of over all information Risk Management of the organization
- A. True
- B. False
正解: B
解説:
It is False and it is other way round. Information Risk management is part of Enterprise Risk.
質問 89
Big data includes high volume, high variety, and high velocity.
- A. True
- B. False
正解: A
質問 90
How can virtual machine communications bypass network security controls?
- A. Most network security systems do not recognize encrypted VM traffic
- B. The guest OS can invoke stealth mode
- C. VM images can contain rootkits programmed to bypass firewalls
- D. Hypervisors depend upon multiple network interfaces
- E. VM communications may use a virtual network on the same hardware host
正解: E
質問 91
Which of the following document defines the roles and responsibilities for risk management between a cloud provider and a cloud customer?
- A. Operational level Agreement
- B. Contract
- C. Service Level Agreement
- D. Risk Management Agreement
正解: B
解説:
Contract defines defines the roles and responsibilities for risk management between a cloud provider and a cloud customer
質問 92
In which service model, cloud consumer is responsible to manage authorizations and entitlements only?
- A. All of them
- B. Infrastructure as a Service (IaaS)
- C. Software as a Service (SaaS)
- D. Platform as a Service (PaaS)
正解: C
解説:
It is important to read the question carefully and then choose the best answer. Although cloud consumer is responsible for authorizations and entitlements across all service models but questions uses
"only''. Therefore, answer is Software as a Service (SaaS) and a SaaS provider is responsible for perimeter security, logging/ monitoring/auditing, and application security.
質問 93
......
Cloud Security Alliance CCSK問題集で一発合格できる問題を試そう!:https://jp.fast2test.com/CCSK-premium-file.html
CCSK問題集を掴み取れ![最新2022]Cloud Security Alliance試験問題を提供しています:https://drive.google.com/open?id=1yZtXiCNXkCrwVh3gruyw7Q63jW1a3VPt