CCSK Online Practice Questions and Answers

Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?

A. Platform-as-a-service (PaaS)

B. Desktop-as-a-service (DaaS)

C. Infrastructure-as-a-service (IaaS)

D. Identity-as-a-service (IDaaS)

E. Software-as-a-service (SaaS)

ENISA: `VM hopping` is:

A. Improper management of VM instances, causing customer VMs to be commingled with other customer systems.

B. Looping within virtualized routing systems.

C. Lack of vulnerability management standards.

D. Using a compromised VM to exploit a hypervisor, used to take control of other VMs.

E. Instability in VM patch management causing VM routing errors.

Which statement best describes why it is important to know how data is being accessed?

A. The devices used to access data have different storage formats.

B. The devices used to access data use a variety of operating systems and may have different programs installed on them.

C. The device may affect data dispersion.

D. The devices used to access data use a variety of applications or clients and may have different security characteristics.

E. The devices used to access data may have different ownership characteristics.

What is the best way to ensure that all data has been removed from a public cloud environment including all media such as back-up tapes?

A. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.

B. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.

C. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.

D. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.

E. Both B and D.

Why do blind spots occur in a virtualized environment, where network-based security controls may not be able to monitor certain types of traffic ?

A. The network stack is out of alignment

B. Clouds do not occur in networked environments

C. Traffic is undetectable in virtual machines

D. Virtual machines may communicate with each other over a virtual network all on the same host rather than a physical network between servers

E. None of the above

Cloud storage will most often utilize the same types of data storage used in traditional data storage technologies.

A. True

B. False

Prominent recommended standards to enable federation of identity in cloud environments include:

A. FIDO

B. Kerberos

C. SSO

D. SAML

E. X 509

How can you reduce the blast radius if an attacker compromises one system?

A. Configure distinct firewall rules

B. Configure applications on distinct virtual networks only connecting where needed

C. Configure role-based access controls

D. Configure a default deny

E. Use different cloud providers

ENISA: Because it is practically impossible to process data in encrypted form, customers should have the following expectation of cloud providers:

A. Provider should be PCI compliant

B. Provider should immediately notify customer whenever data is in plaintext form

C. Provider must be highly trustworthy and have compensating controls to protect customer data when it is in plaintext form

D. Provider should always manage customer encryption keys with hardware security module (HSM) storage

E. Homomorphic encryption should be implemented where necessary

Why, in the event that an enterprise seeks a new provider for Security as a Service, must they concern themselves with the problems of translating and transporting existing data and log files in a forensically sound manner?

A. The logging and reporting files are often heavily encrypted

B. Providers may operate in foreign languages

C. Providers don't want to lose business so they do not help the customer move out

D. Logging and reporting is often treated haphazardly

E. Providers often have proprietary standards for logging and reporting