CCSK Dumps - Grab Out For [NEW-2022] Cloud Security Alliance Exam [Q165-Q185]

Share

CCSK Dumps - Grab Out For [NEW-2022] Cloud Security Alliance Exam

CCSK Exam Dumps PDF Guaranteed Success with Accurate & Updated Questions

NEW QUESTION 165
Which of following is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor?

  • A. VM DOS
  • B. VM HBR
  • C. VM Escape
  • D. VM rootkit

Answer: C

Explanation:
Virtual machine escape is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor. Such an exploit could give the attacker access to the host operating system and all other virtual machines(VMs) running on that host.

 

NEW QUESTION 166
Which of the following is NOT a characteristic of cloud computing?

  • A. Resource Pooling
  • B. Metered service
  • C. On-demand self service
  • D. Reduced personnel cost

Answer: D

Explanation:
The characteristics of cloud computing are
1. 0n-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
2. Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms(e.g, mobile phones, tablets, laptops and workstations).
3. Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction(e.g, country, state or datacenter).
Examples of resources include storage, processing, memory and network bandwidth.
4. Rapid elasticity: Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at anytime.
5. Measured service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service(e.g, storage, processing, bandwidth and active user accounts).
Resource usage can be monitored, controlled and reported, providing transparency for the provider and consumer.

 

NEW QUESTION 167
Who is responsible for Governance, Risk & Compliance in Software as a Service(SaaS) service model?

  • A. Cloud Carrier
  • B. Cloud Service Provider
  • C. It's a shared responsibility between Cloud Service Provider and Cloud Customer
  • D. Cloud Customer

Answer: D

Explanation:
Remember, GRC will always remain responsibility of the cloud customer in all service models

 

NEW QUESTION 168
Cloud customer and cloud service provider are jointly responsible legally for data breach or data loss in absence of any written clause regarding same in contract or SLA.

  • A. False
  • B. True

Answer: A

Explanation:
This is false, because, unless, specified cloud customer is legally liable for any loss to data

 

NEW QUESTION 169
Which of the following storages is typically used for swap files and other temporary storage needs and is terminated with its instance?

  • A. Content Deliver
  • B. Raw Storage
  • C. Ephemeral Storage
  • D. Object based Storage

Answer: C

Explanation:
Ephemeral storage: This type of storage is relevant for SaaS instances and exists only as long as its instance is up. It is typically used for swap files and other temporary storage needs and is terminated with its instance.

 

NEW QUESTION 170
Who is responsible for the safe custody, transport, data storage. and implementation of business rules in relation to the privacy?

  • A. Data owner
  • B. Data custodian
  • C. Data processor
  • D. Data controller

Answer: B

Explanation:
Data custodians are responsible for the safe custody. transport. data storage. and implementation of business rules

 

NEW QUESTION 171
Cloud applications can use virtual networks and other structures, for hyper-segregated environments.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 172
Which of the following is NOT a cloud computing characteristic that impacts incidence response?

  • A. The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.
  • B. The on demand self-service nature of cloud computing environments.
  • C. The possibility of data crossing geographic or jurisdictional boundaries.
  • D. Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.
  • E. Object-based storage in a private cloud.

Answer: D

 

NEW QUESTION 173
Which is the set of technologies that are designed to detect conditions indicative of a security vulnerability in an application in its running state?

  • A. Dynamic application security testing(DAST)
  • B. Enterprise Threat Modelling
  • C. STRIDE
  • D. Static application security Testing(SAST)

Answer: A

Explanation:
Definitions:
SAST- Static application security testing(SAST) is a type of security testing that relies on inspecting the source code of an application. ln general, SAST involves looking at the ways the code is designed to pinpoint possible security flaws.
DAST- Dynamic application security testing(DAST) technologies are designed to detect conditions indicative of a security vulnerability in an application in its running state

 

NEW QUESTION 174
A framework of containers for all components of application security. best practices. catalogued and leveraged by the ORGANIZATION is called:

  • A. CAF
  • B. ONF
  • C. DAF
  • D. ANF

Answer: B

Explanation:
Please notice that the question is asked for the organisation and therefore, ONF is the correct answer. If the similar question is asked for a particular application then answer would ANF

 

NEW QUESTION 175
Which form of storage has features are typically minimal. allowing you to only store, retrieve, copy and delete files as well as the ability to control which users can undertake these actions?

  • A. Block Storage
  • B. Object Storage
  • C. Ephemeral Storage
  • D. Volume Storage

Answer: B

Explanation:
Object Storage has features are typically minimal, allowing you to only store, retrieve, copy, and delete files as well as the ability to control which users can undertake these actions.

 

NEW QUESTION 176
Which of the following pair represents Storage used in IaaS infra-structure?

  • A. Raw and long-term storage
  • B. Structured and Unstructured Storage
  • C. Volume and object storage
  • D. CDN and Ephemeral

Answer: C

Explanation:
IaaS uses the following storage types:
Volume storage: A virtual hard drive that can be attached to a virtual machine instance and be used to host data within a file System, Volumes attached to IaaS instances behave just like a physical drive or an array does. Examples include VMware Virtua Machine File System(VMFS), Amazon Elastic Block Store(EBS), RackSpace Redundant Array of Independent Disks (RAID), and OpenStack Cinder.
Object storage: Similar to a file share accessed via APIs or a web interface. Examples include Amazon S3 and Rackspace cloud files.

 

NEW QUESTION 177
In ability to provide enough capacity to the cloud customer can lead to which of the following risk:

  • A. Resource Utilization
  • B. Data Breach
  • C. Data Dispersion
  • D. Resource Exhaustion

Answer: D

Explanation:
Cloud services are on-demand Therefore there is a level of calculated risk in allocating all the resources of a cloud service, because resources are allocated according to statistical projections. In accurate modelling of resources usage common resources allocation algorithms are vulnerable to distortions of fairness or inadequate resource provisioning and inadequate investments in infrastructure.

 

NEW QUESTION 178
As with security. compliance in the cloud is a shared responsibility model.

  • A. True
  • B. False

Answer: A

Explanation:
As with security. compliance in the cloud is a shared responsibility model. Both the cloud provider and customer have responsibilities. But the customer is always ultimately responsible for their own compliance. These responsibilities are defined through contracts, audits/assessments. and specifics of the compliance requirements.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

 

NEW QUESTION 179
An incident in which sensitive, protected or confidential information is released, viewed, stolen or used by an individual who is not authorized to do so, is called:

  • A. Data Breach
  • B. Data Dispersion
  • C. Data Disclosure
  • D. Data Denial

Answer: A

Explanation:
It is the definition of Data breach. It should not be confused with data disclosure. The incident can lead to information disclosure but incident, itself, will be termed as Data Breach.

 

NEW QUESTION 180
Why is a service type of network typically isolated on different hardware?

  • A. It manages resource pools for cloud consumers
  • B. It manages the traffic between other networks
  • C. It requires distinct access controls
  • D. It has distinct functions from other networks
  • E. It requires unique security

Answer: B

 

NEW QUESTION 181
Policy documentation and training is a:

  • A. Logical control
  • B. Administrative control
  • C. Physical control
  • D. Technical control

Answer: B

Explanation:
There are three, commonly accepted forms of Controls:
Administrative-These are the laws, regulations, policies, practices and guidelines that govern the overall requirements and controls for an Information Security or other operational risk program. For example, a law or regulation may require merchants and financial institutions to protect and implement controls for customer account data to prevent identity theft. The business, in order to comply with the law or regulation, may adopt policies and procedures laying out the internal requirements for protecting this data, which requirements are a form of control.
Logical -These are the virtual, application and technical controls (systems and software), such as firewalls, antivirus software, encryption and maker/checker application routines.
Physical -Whereas a firewall provides a "logical" key to obtain access to a network, a "physical" key to a door can be used to gain access to an office space or storage room. Other examples of physical controls are video surveillance systems, gates and barricades, the use of guards or other personnel to govern access to an office, and remote backup facilities.

 

NEW QUESTION 182
Where does the private cloud reside?

  • A. Off-premise
  • B. Remote
  • C. On-premise
  • D. On-premise or off-premise

Answer: D

Explanation:
According to CSA security guide lines. although. private cloud is for organisation's own use. it can reside on-site or off-premise as well.

 

NEW QUESTION 183
The amount of risk that the leadership and stakeholders of an organization are willing to accept is know as:

  • A. Risk Acceptance
  • B. Residual Risk
  • C. Risk Tolerance
  • D. Risk Residual

Answer: C

Explanation:
Risk tolerance is the amount of risk that the leadership and stakeholders of an organization are willing to accept. It varies based on asset and you shouldn't make a blanket risk decision about a particular provider; rather, assessments should align with the value and requirements of the assets Ref: Security Guidance v4.0 Copyright2017, Cloud Security Alliance(used for educational purpose here)

 

NEW QUESTION 184
An adversary stole1 million username and passwords of Pass4test LLCs customers. They took advantage of a security vulnerability in the publically accessible application hosted on the cloud. This is an example of:

  • A. Data breach
  • B. Abuse of Cloud Services
  • C. Data Dispersion
  • D. Malicious Insider

Answer: A

Explanation:
This is an example of Data Breach. Username and passwords were stolen which were stored as Data.

 

NEW QUESTION 185
......

Get New CCSK Certification Practice Test Questions Exam Dumps: https://www.actualvce.com/Cloud-Security-Alliance/CCSK-valid-vce-dumps.html

Pass CCSK Exam - Real Test Engine PDF with 300 Questions: https://drive.google.com/open?id=1w-Q-nPlvuDFnOpbBZwyBIGxU01vmNmpJ