Cloud Security Questions

JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.

Here are 15 Cloud Security and Cloud Audit questions extracted from some sample questions based on CCSP, CCSK and CCAK certificate.

Try not to use more than 30 minutes to answer the questions.

Note: Your email will be collected for the "Special Discount" event and Cloud Security Alliance (HK & Macau Chapter) event.

Email *

Record my email address with my response

Question 1 - (CCAK)

Please mark all answers with items that are part of cloud governance complexities:

1 point

Autoscaling

Direct loss of control

Data ownership

Spans multiple different jurisdictions

Question 4 - (CCAK)

Performing regular pen-testing and scanning for vulnerabilities on an information system is:

1 point

A detective control, because it detects vulnerabilities that may lead to the realization of a threat

A preventive control, because it identifies vulnerabilities that can be corrected before they are exploited.

A corrective control, because it aims to design/implement measures to address what needs to be fixed.

An administrative control because they help identify issues that a system administrator should investigate and premedicate.

Clear selection

Question 16:

Mark all Certificate/Certification you are interested in?

CCSK (Foundation)

CCSK (Plus)

CCSP

CCAK

Question 4 - (CCSK)

Storage encryption usually protects from (best answer):

1 point

SQL injection

Hardware theft

APT

Side channel attacks

Clear selection

Question 3 (CCSP)

Two of the most important aspects of cloud for the consumer to understand are the legal and compliance requirements and how they are addressed by the cloud environment. Which of the following is a requirement directly related to legal and compliance?

1 point

Understand the potential personal and data privacy issues specific to personally identifiable information (PII) within the cloud environment

Understand the requirements of data access within the different service models

Understand the forensic challenges related to cloud environments

Understand the requirements related to addressing risk assessment and risk management

Clear selection

Question 1 - (CCSK)

What of the following is NOT an essential characteristic of cloud computing?

1 point

Broad Network Access

Third Party Service

Rapid Elasticity

Measured Service

Resource Pooling

Clear selection

Question 2 (CCSP)

If an organization wants to realize the most cost savings by reducing administrative overhead, which service and deployment model combination should they choose?

1 point

Platform as a service (PaaS), community

Infrastructure as a service (IaaS), hybrid

Software as a service (SaaS), public

Infrastructure as a service (IaaS), private

Clear selection

Question 5 (CCSP)

A disaster has been declared within a facility, so the emergency response team and the responsible executives activate the business continuity and disaster recovery (BCDR) plan. What is the LEAST important activity during the execution of the plan?

1 point

Human safety and well-being

Disaster recovery steps

Restoration at the original site

Business impact analysis

Clear selection

Question 5 - (CCSK)

ENISA: an example of a user provisioning vulnerability is:

1 point

Government access to biometrics information

Poorly managed backups or archival systems

Credentials are vulnerable to interception and replay

Remote access to management interface

FIPS 140-2 cryptographic implementations

Clear selection

Question 4 (CCSP)

Mark the BEST completion of the sentence. Open source tends to become more secure because it has been:

1 point

Developed by reputable experts

In use for a long time

Tested by community members

Developed by a large community of contributors

Clear selection

Question 2 - (CCAK)

Which of the following is the BEST mechanism on which cloud service customers can base their cloud security assurance?

1 point

ISO 9000 certification and external attestations

The CSP's published privacy policy and published annual financial statements

SOC 3 reports and penetration tests

Clear selection

Question 3 - (CCSK)

When utilizing encryption, which of the following guideline(s) should be followed?

1 point

Encrypt using sufficiently durable encryption strengths

Use open, validated formats

Use proprietary encryption formats whenever possible

both A and B

both A and C

Clear selection

Question 2 - (CCSK)

Which of the following topics might affect logical design of data center?

1 point

Multi tenancy

Cloud management plane

Virtualization technology

All of the above

Clear selection

Question 1 (CCSP)

Alice is the CEO for a software company; she is considering migrating the operation from the current traditional on-premises environment into the cloud. Which cloud service model should she most likely consider for her company’s purposes?

1 point

Platform as a service (PaaS)

Software as a service (SaaS)

Backup as a service (Baas)

Infrastructure as a service (IaaS)

Clear selection

Question 3 - (CCAK)

Based on the shared responsibility model for compliance, both the CSP and the CSC may share responsibility for certain aspects of a cloud deployment. Which of the following statements below is true for different cloud service models?

1 point

In a PaaS environment, the customer has no accountability for the OS.

In an laaS environment, a customer has no accountability for virtualization.

In a SaaS environment, a customer has accountability for the applications.

In a PaaS environment, the CSP is responsible for applications.

Clear selection

Question 5 - (CCAK)

Which of the following audit log artifacts on a Cl/CD server are not necessarily standard but must be in place?

1 point

System logs.

Firewall change logs.

Modification of job settings.

Security testing results.

Clear selection

Send me a copy of my responses.

Submit

Clear form

This form was created inside of eWalker Group. Report Abuse

Forms