March Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

CCSK Questions and Answers

Question # 6

CCM: In the CCM tool, ais a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

A.

Risk Impact

B.

Domain

C.

Control Specification

Full Access
Question # 7

All assets require the same continuity in the cloud.

A.

False

B.

True

Full Access
Question # 8

What is a potential concern of using Security-as-a-Service (SecaaS)?

A.

Lack of visibility

B.

Deployment flexibility

C.

Scaling and costs

D.

Intelligence sharing

E.

Insulation of clients

Full Access
Question # 9

What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

A.

Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.

B.

Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.

C.

Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.

D.

Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.

E.

Both B and D.

Full Access
Question # 10

Use elastic servers when possible and move workloads to new instances.

A.

False

B.

True

Full Access
Question # 11

A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?

A.

An entitlement matrix

B.

A support table

C.

An entry log

D.

A validation process

E.

An access log

Full Access
Question # 12

In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?

A.

Multi-application, single tenant environments

B.

Long distance relationships

C.

Multi-tenant environments

D.

Distributed computing arrangements

E.

Single tenant environments

Full Access
Question # 13

How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?

A.

Use strong multi-factor authentication

B.

Secure backup processes for key management systems

C.

Segregate keys from the provider hosting data

D.

Stipulate encryption in contract language

E.

Select cloud providers within the same country as customer

Full Access
Question # 14

What is true of companies considering a cloud computing business relationship?

A.

The laws protecting customer data are based on the cloud provider and customer location only.

B.

The confidentiality agreements between companies using cloud computing services is limited legally to the company, not the provider.

C.

The companies using the cloud providers are the custodians of the data entrusted to them.

D.

The cloud computing companies are absolved of all data security and associated risks through contracts and data laws.

E.

The cloud computing companies own all customer data.

Full Access
Question # 15

Which concept provides the abstraction needed for resource pools?

A.

Virtualization

B.

Applistructure

C.

Hypervisor

D.

Metastructure

E.

Orchestration

Full Access
Question # 16

ENISA: “VM hopping” is:

A.

Improper management of VM instances, causing customer VMs to be commingled with other customer systems.

B.

Looping within virtualized routing systems.

C.

Lack of vulnerability management standards.

D.

Using a compromised VM to exploit a hypervisor, used to take control of other VMs.

E.

Instability in VM patch management causing VM routing errors.

Full Access