Certificate of Cloud Security Knowledge (CCSKv5.0) Questions and Answers
What is a primary benefit of using Identity and Access Management (IAM) roles/identities provided by cloud providers instead of static secrets?
When deploying Security as a Service in a highly regulated industry or environment, what should both parties agree on in advance and include in the SLA?
What is the primary focus during the Preparation phase of the Cloud Incident Response framework?
Which of the following best describes the purpose of cloud security control objectives?
What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?
What is a core tenant of risk management?
How does artificial intelligence pose both opportunities and risks in cloud security?
What is the primary purpose of cloud governance in an organization?
Which statement best describes the impact of Cloud Computing on business continuity management?
What is a primary benefit of implementing micro-segmentation within a Zero Trust Architecture?
How does the variability in Identity and Access Management (IAM) systems across cloud providers impact a multi-cloud strategy?
Which cloud storage technology is basically a virtual hard drive for instanced or VMs?
Select the statement below which best describes the relationship between identities and attributes
Which of the following functionalities is provided by Data Security Posture Management (DSPM) tools?
Which of the following best describes a risk associated with insecure interfaces and APIs?
How is encryption managed on multi-tenant storage?
Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.
In volume storage, what method is often used to support resiliency and security?
Which opportunity helps reduce common application security issues?
Which of the following best describes the primary benefit of utilizing cloud telemetry sources in cybersecurity?
Which phase of the CSA secure software development life cycle (SSDLC) focuses on ensuring that an application or product is deployed onto a secure infrastructure?
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
Which term describes any situation where the cloud consumer does
not manage any of the underlying hardware or virtual machines?
What is known as a code execution environment running within an operating system that shares and uses the resources of the operating system?
What is the primary reason dynamic and expansive cloud environments require agile security approaches?
Which of the following best describes the primary purpose of cloud security frameworks?
Which of the following cloud computing models primarily provides storage and computing resources to the users?
Which governance domain focuses on proper and adequate incident detection, response, notification, and remediation?
Which Identity and Access Management (IAM) principle focuses on implementing multiple security layers to dilute access power, thereby averting a misuse or compromise?
When designing a cloud-native application that requires scalable and durable data storage, which storage option should be primarily considered?
How can the use of third-party libraries introduce supply chain risks in software development?
Which aspect is crucial for crafting and enforcing CSP (Cloud Service Provider) policies?
In Identity and Access Management (IAM) containment, why is it crucial to understand if an attacker escalated their identity?
What does it mean if the system or environment is built automatically from a template?
What does orchestration automate within a cloud environment?
CCM: In the CCM tool, ais a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.
For third-party audits or attestations, what is critical for providers to publish and customers to evaluate?
Without virtualization, there is no cloud.
Which of the following BEST describes a benefit of Infrastructure as Code (IaC) in cybersecurity contexts?
Which cloud service model allows users to access applications hosted and managed by the provider, with the user only needing to configure the application?
Which tool is most effective for ensuring compliance and identifying misconfigurations in cloud management planes?
What are the primary security responsibilities of the cloud provider in compute virtualizations?
CCM: A company wants to use the IaaS offering of some CSP. Which of the following options for using CCM is NOT suitable for the company as a cloud customer?
Which of the following strategies best enhances infrastructure resilience against Cloud Service Provider (CSP) technical failures?
What is an advantage of using Kubernetes for container orchestration?
Why is consulting with stakeholders important for ensuring cloud security strategy alignment?
How can Identity and Access Management (IAM) policies on keys ensure adherence to the principle of least privilege?
Which aspect of assessing cloud providers poses the most significant challenge?
What tool allows teams to easily locate and integrate with approved cloud services?
Why is a service type of network typically isolated on different hardware?
Which type of AI workload typically requires large data sets and substantial computing resources?
Which of the following best describes the shift-left approach in software development?
Which of the following is a primary benefit of using Infrastructure as Code (IaC) in a security context?
Why is snapshot management crucial for the virtual machine (VM) lifecycle?
How does SASE enhance traffic management when compared to traditional network models?
What is the primary purpose of the CSA Security, Trust, Assurance, and Risk (STAR) Registry?
What is a primary benefit of consolidating traffic through a central bastion/transit network in a hybrid cloud environment?
Audits should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. They should also use what type of auditors?
What is the primary objective of posture management in a cloud environment?
What is a key advantage of using Policy-Based Access Control (PBAC) for cloud-based access management?
What is a primary objective during the Detection and Analysis phase of incident response?
Use elastic servers when possible and move workloads to new instances.
ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock in is:
Any given processor and memory will nearly always be running multiple workloads, often from different tenants.
What is a key component of governance in the context of cybersecurity?
What is the primary function of a Load Balancer Service in a Software Defined Network (SDN) environment?
In the context of cloud workload security, which feature directly contributes to enhanced performance and resource utilization without incurring excess costs?
To understand their compliance alignments and gaps with a cloud provider, what must cloud customers rely on?
What is true of a workload?
ENISA: “VM hopping” is:
Which Cloud Service Provider (CSP) security measure is primarily used to filter and monitor HTTP requests to protect against SQL injection and XSS attacks?
Which of the following best explains how Multifactor Authentication (MFA) helps prevent identity-based attacks?
In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?
Which technique involves assessing potential threats through analyzing attacker capabilities, motivations, and potential targets?
Which aspect of a Cloud Service Provider's (CSPs) infrastructure security involves protecting the interfaces used to manage configurations and resources?
Which feature in cloud enhances security by isolating deployments similar to deploying in distinct data centers?
Which areas should be initially prioritized for hybrid cloud security?
What is resource pooling?
All cloud services utilize virtualization technologies.
Which of the following statements is true in regards to Data Loss Prevention (DLP)?
In the context of server-side encryption handled by cloud providers, what is the key attribute of this encryption?
Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?
Which type of security tool is essential for enforcing controls in a cloud environment to protect endpoints?
Which type of controls should be implemented when required controls for a cybersecurity framework cannot be met?
How does running applications on distinct virtual networks and only connecting networks as needed help?
What can be implemented to help with account granularity and limit
blast radius with laaS an PaaS?
What is one of the primary advantages of including Static Application Security Testing (SAST) in Continuous Integration (CI) pipelines?
ENISA: A reason for risk concerns of a cloud provider being acquired is:
When mapping functions to lifecycle phases, which functions are required to successfully process data?
Which of the following best describes an aspect of PaaS services in relation to network security controls within a cloud environment?
CCM: The following list of controls belong to which domain of the CCM?
GRM 06 – Policy GRM 07 – Policy Enforcement GRM 08 – Policy Impact on Risk Assessments GRM 09 – Policy Reviews GRM 10 – Risk Assessments GRM 11 – Risk Management Framework