
Certificate of Cloud Security Knowledge (v4.0) Exam練習テスト2023年最新のCCSKストレスなしで合格させちゃう!
練習Cloud Security Knowledge CCSK問題集オンライン試験練習テストと詳細な解説付き!
Cloud Security Alliance CCSK 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
質問 44
As we move from Software as a Service Model towards Infrastructure as a service Model. security responsibility decreases from towards cloud consumer from that of Cloud Service Provider.
- A. True
- B. False
正解: B
解説:
The answer is False. This is a very tricky question and it has to be read and understood well before answering.
It is always the other way around. Cloud consumer's security increases when you move from Software as a service model to Infrastructure as a Service Model.
質問 45
Which of the following controls and configures the metastructure, and is also part of the metastructure itself?
- A. Network Firewall
- B. Management Plance
- C. Web Application Firewall
- D. API Gateway
正解: B
解説:
The management plane controls and configures the metastructure, and is also part of the metastructure itself. As a reminder, cloud computing is the act of taking physical assets (like networks and processors) and using them to build resource pools. Meta structure is the glue and guts to create, provision, and deprovision the pools. The management plane includes the interfaces for building and managing the cloud itself, but also the interfaces for cloud users to manage their own allocated resources of the cloud.
Ref: CSA Security Guidelines v4.0
質問 46
Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?
- A. Extensible Markup Language (XML)
- B. Application Programming Interface (API)
- C. Application Binary Interface (ABI)
- D. Resource Description Framework (RDF)
- E. Software Development Kits (SDKs)
正解: B
解説:
Explanation/Reference:
質問 47
In the IaaS hosted environment. who is ultimately responsible for platform security?
- A. Cloud Service Provider
- B. System Administrator
- C. Customer
- D. Joint responsibility
正解: C
解説:
In IaaS hosted environment, Platform security is responsibility of the customer whereas infrastructure security is a shared responsibility between cloud service provider and the customer
質問 48
An incident in which sensitive, protected or confidential information is released, viewed, stolen or used by an individual who is not authorized to do so, is called:
- A. Data Breach
- B. Data Dispersion
- C. Data Disclosure
- D. Data Denial
正解: A
解説:
It is the definition of Data breach. It should not be confused with data disclosure. The incident can lead to information disclosure but incident, itself, will be termed as Data Breach.
質問 49
Identifying the specific threats against servers and determine the effectiveness of existing security controls in counteracting the threats. is known as:
- A. Risk Mitigation
- B. Risk Assessment
- C. Risk Management
- D. Risk Determination
正解: C
解説:
like this, which has similar-looking answers should be carefully answered Risk Management is overall process which covers from identifying threats to ultimately review the effectiveness of the controls.
質問 50
One of key focus of ISO 27001 standard is:
- A. Find the data breaches in the organization
- B. Develop ISMS (Information Security management system)
- C. Define organizational structure
- D. Put security controls in place
正解: B
解説:
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).
An ISMS is a systematic approach to managing sensitive company information so that it remains secure.
It includes people, processes and IT systems by applying a risk management process.
質問 51
The characteristics and traits of an individual that when aggregated could reveal the identity of that person. are known as:
- A. Indirect Identity Marks
- B. Indirect Identifiers
- C. Indirect indicators
- D. Indirect identifications
正解: B
解説:
Indirect identifiers typically consist of demographic or socioeconomic information, dates, or events.
Although each standalone indirect identifier cannot identify the individual, the risk is that combining a number of indirect identifiers with external data can result in exposing the subject of the information.
For example, imagine a scenario in which users were able to combine search engine data, coupled with online streaming recommendations to tie back posts and recommendations to individual users on a website.
質問 52
ENISA: "VM hopping" is:
- A. Lack of vulnerability management standards.
- B. Improper management of VM instances, causing customer VMs to be commingled with other customer systems.
- C. Looping within virtualized routing systems.
- D. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.
- E. Instability in VM patch management causing VM routing errors.
正解: D
質問 53
What is the key difference between Business Continuity and Business Continuity Management?
- A. None of the above
- B. They are same concepts used interchangeably
- C. Business Continuity is the capability of the organization whereas Business Continuity Management is the holistic process.
- D. Business Continuity is the holistic process whereas Business Continuity Management is the capability of the organization
正解: C
解説:
Definitions:
Business continuity: The capability of the organisation to continue delivery of products or services at acceptable predefined levels following a loss of service.
Business continuity management: A holistic management process that identifies potential threats to an organisation and the impacts to business operations those threats, if realised, might cause. It provides a framework for building organisational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities
質問 54
Which of the following is NOT atypical approach of Key Storage in cloud?
- A. Internally managed
- B. Managed by the Third part
- C. Externally managed
- D. Cloud Service Provider Managed
正解: D
解説:
Remember, two key considerations when doing key management
1) Do not save it alongside data
2) Do not let cloud service provider manage the keys
質問 55
CCM: A hypothetical start-up company called "ABC" provides a cloud based IT management solution. They are growing rapidly and therefore need to put controls in place in order to manage any changes in their production environment. Which of the following Change Control & Configuration Management production environment specific control should they implement in this scenario?
- A. Policies and procedures shall be established, and supporting business processes and technical measures implemented, to restrict the installation of unauthorized software on organizationally-owned or managed user end-point devices (e.g. issued workstations, laptops, and mobile devices) and IT infrastructure network and systems components.
- B. None of the above
- C. All cloud-based services used by the company's mobile devices or BYOD shall be pre-approved for usage and the storage of company business data.
- D. Policies and procedures shall be established for managing the risks associated with applying changes to business-critical or customer (tenant)-impacting (physical and virtual) applications and system- system interface (API) designs and configurations, infrastructure network and systems components.
正解: D
質問 56
The Software Defined Perimeter (SDP) includes which components?
- A. Client, Controller, Firewall, and Gateway
- B. Controller, Firewall, and Gateway
- C. Client, Firewall, and Gateway
- D. Client, Controller, and Firewall
- E. Client, Controller, and Gateway
正解: E
質問 57
Policy documentation and training is a:
- A. Technical control
- B. Physical control
- C. Administrative control
- D. Logical control
正解: C
解説:
There are three, commonly accepted forms of Controls:
Administrative-These are the laws, regulations, policies, practices and guidelines that govern the overall requirements and controls for an Information Security or other operational risk program. For example, a law or regulation may require merchants and financial institutions to protect and implement controls for customer account data to prevent identity theft. The business, in order to comply with the law or regulation, may adopt policies and procedures laying out the internal requirements for protecting this data, which requirements are a form of control.
Logical -These are the virtual, application and technical controls (systems and software), such as firewalls, antivirus software, encryption and maker/checker application routines.
Physical -Whereas a firewall provides a "logical" key to obtain access to a network, a "physical" key to a door can be used to gain access to an office space or storage room. Other examples of physical controls are video surveillance systems, gates and barricades, the use of guards or other personnel to govern access to an office, and remote backup facilities.
質問 58
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
- A. False
- B. True
正解: B
質問 59
When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?
- A. The duration of time that a security violation can occur before the client begins assessing regulatory fines.
- B. The metrics defining the service level required to achieve regulatory objectives.
- C. The cost per incident for security breaches of regulated information.
- D. The type of security software which meets regulations and the number of licenses that will be needed.
- E. The regulations that are pertinent to the contract and how to circumvent them.
正解: B
質問 60
An inherent weakness in an information system. security procedures. internal controls, or implementation that could be exploited by a threat source.
- A. Threat
- B. Vulnerbility
- C. Risk
- D. ARO
正解: B
解説:
Thats the definition of vulnerbility
質問 61
GRC is responsibility of ______ in the all cloud services models
- A. Cloud Access Security Broker(CASB)
- B. Customer
- C. Service Provider
- D. Reseller
正解: B
解説:
GRC and data is responsibility of the customer in all service models according to shared responsibility model.
質問 62
Who is responsible for Governance, Risk & Compliance in Software as a Service(SaaS) service model?
- A. Cloud Service Provider
- B. Cloud Customer
- C. Cloud Carrier
- D. It's a shared responsibility between Cloud Service Provider and Cloud Customer
正解: B
解説:
Remember, GRC will always remain responsibility of the cloud customer in all service models
質問 63
......
時間限定!今すぐ無料アクセスCCSK練習問題:https://drive.google.com/open?id=1xZQ0fI2tob4s2eaZFreOeK0abJFmr3hP
最適なCCSK試験学習資料と準備材料を提供しています:https://jp.fast2test.com/CCSK-premium-file.html