Certificate of Cloud Security Knowledge (CCSK v5.0) Questions and Answers
Which of the following functionalities is provided by Data Security Posture Management (DSPM) tools?
Which type of security tool is essential for enforcing controls in a cloud environment to protect endpoints?
Which type of controls should be implemented when required controls for a cybersecurity framework cannot be met?
Which of the following best describes a risk associated with insecure interfaces and APIs?
Which of the following best describes the Identity Provider (IdP) and its role in managing access to deployments?
What is the primary function of a Load Balancer Service in a Software Defined Network (SDN) environment?
What is the primary purpose of Identity and Access Management (IAM) systems in a cloud environment?
What is a primary benefit of implementing Zero Trust (ZT) architecture in cloud environments?
Which term describes the practice in cloud compliance where a customer acquires a set of pre-approved regulatory or standards-based controls from a compliant provider?
Which of the following is used for governing and configuring cloud resources and is a top priority in cloud security programs?
In securing virtual machines (VMs), what is the primary role of using an “image factory" in VM deployment?
Why is identity management at the organization level considered a key aspect in cybersecurity?
What Identity and Access Management (IAM) process decides to permit or deny a subject access to system objects like networks, data, or applications?
When comparing different Cloud Service Providers (CSPs), what should a cybersecurity professional be mindful of regarding their organizational structures?
Which technique is most effective for preserving digital evidence in a cloud environment?
What is a primary objective of cloud governance in an organization?
Which aspect of assessing cloud providers poses the most significant challenge?
What are the essential characteristics of cloud computing as defined by the NIST model?
What is the primary role of Identity and Access Management (IAM)?
What are the most important practices for reducing vulnerabilities in virtual machines (VMs) in a cloud environment?
What is a cloud workload in terms of infrastructure and platform deployment?
Which type of AI workload typically requires large data sets and substantial computing resources?
What key characteristic differentiates cloud networks from traditional networks?
What is the primary purpose of Cloud Infrastructure Entitlement Management (CIEM) in cloud environments?
Which of the following enhances Platform as a Service (PaaS) security by regulating traffic into PaaS components?
What does orchestration automate within a cloud environment?
Which of the following best describes a primary risk associated with the use of cloud storage services?
What's the best way for organizations to establish a foundation for safeguarding data, upholding privacy, and meeting regulatory requirements in cloud applications?
What is a key advantage of using Infrastructure as Code (IaC) in application development?
CCM: The following list of controls belong to which domain of the CCM?
GRM 06 – Policy GRM 07 – Policy Enforcement GRM 08 – Policy Impact on Risk Assessments GRM 09 – Policy Reviews GRM 10 – Risk Assessments GRM 11 – Risk Management Framework
Which statement best describes the Data Security Lifecycle?
Which cloud storage technology is basically a virtual hard drive for instanced or VMs?
What should every cloud customer set up with its cloud service provider (CSP) that can be utilized in the event of an incident?
If there are gaps in network logging data, what can you do?
What is a potential concern of using Security-as-a-Service (SecaaS)?
Network logs from cloud providers are typically flow records, not full packet captures.
Which statement best describes the impact of Cloud Computing on business continuity management?
What is resource pooling?
Audits should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. They should also use what type of auditors?
Which concept is a mapping of an identity, including roles, personas, and attributes, to an authorization?
What is the most significant security difference between traditional infrastructure and cloud computing?
Which of the following encryption methods would be utilized when object storage is used as the back-end for an application?
ENISA: Which is not one of the five key legal issues common across all scenarios:
Which of the following is one of the five essential characteristics of cloud computing as defined by NIST?
What are the primary security responsibilities of the cloud provider in compute virtualizations?
Which governance domain deals with evaluating how cloud computing affects compliance with internal
security policies and various legal requirements, such as regulatory and legislative?
CCM: The Cloud Service Delivery Model Applicability column in the CCM indicates the applicability of the cloud security control to which of the following elements?
An important consideration when performing a remote vulnerability test of a cloud-based application is to
How does running applications on distinct virtual networks and only connecting networks as needed help?
ENISA: Which is a potential security benefit of cloud computing?
Your SLA with your cloud provider ensures continuity for all services.
Which concept provides the abstraction needed for resource pools?
Containers are highly portable code execution environments.
A cloud deployment of two or more unique clouds is known as:
How is encryption managed on multi-tenant storage?
CCM: In the CCM tool, “Encryption and Key Management” is an example of which of the following?
What is true of searching data across cloud environments?
Why is a service type of network typically isolated on different hardware?
Which aspect is most important for effective cloud governance?
How can Identity and Access Management (IAM) policies on keys ensure adherence to the principle of least privilege?
What is the primary reason dynamic and expansive cloud environments require agile security approaches?
Which practice ensures container security by preventing post-deployment modifications?
Which principle reduces security risk by granting users only the permissions essential for their role?
Which of the following is the MOST common cause of cloud-native security breaches?
In a cloud environment, what does the Shared Security Responsibility Model primarily aim to define?
How does centralized logging simplify security monitoring and compliance?
Which concept focuses on maintaining the same configuration for all infrastructure components, ensuring they do not change once deployed?
Which principle reduces security risk by granting users only the permissions essential for their role?
What process involves an independent examination of records, operations, processes, and controls within an organization to ensure compliance with cybersecurity policies, standards, and regulations?
In a cloud environment, what does the Shared Security Responsibility Model primarily aim to define?
How does cloud sprawl complicate security monitoring in an enterprise environment?
What is a key advantage of using Policy-Based Access Control (PBAC) for cloud-based access management?
In the shared security model, how does the allocation of responsibility vary by service?
Which of the following is a common security issue associated with serverless computing environments?
How does artificial intelligence pose both opportunities and risks in cloud security?
What is the primary goal of implementing DevOps in a software development lifecycle?
What is the primary purpose of implementing a systematic data/asset classification and catalog system in cloud environments?
In the Incident Response Lifecycle, which phase involves identifying potential security events and examining them for validity?
Which of the following best explains how Multifactor Authentication (MFA) helps prevent identity-based attacks?
Which feature in cloud enhances security by isolating deployments similar to deploying in distinct data centers?
What primary purpose does object storage encryption serve in cloud services?
How does network segmentation primarily contribute to limiting the impact of a security breach?
What is a key advantage of using Policy-Based Access Control (PBAC) for cloud-based access management?
Which aspect is crucial for crafting and enforcing CSP (Cloud Service Provider) policies?
Which factors primarily drive organizations to adopt cloud computing solutions?
What tool allows teams to easily locate and integrate with approved cloud services?