Get Latest [Sep-2021] Conduct effective penetration tests using DumpsFree CCSK
Penetration testers simulate CCSK exam PDF
NEW QUESTION 75
What is the process to determine any weaknesses in the application and the potential ingress, egress, and actors involved before the weakness is introduced to production?
- A. Vulnerability Assessment
- B. STRIDE
- C. Threat Detection
- D. Threat Modelling
Answer: D
Explanation:
Threat modelling is performed once an application design is created. The goal of threat modelling is to determine any weaknesses in the application and the potential ingress, egress, and actors involved before the weakness is introduced to production. It is the overall attack surface that is amplified by the cloud, and the threat model has to take that into account.
NEW QUESTION 76
Insufficient Identity. Credential and Access Management can lead to which of the following?
- A. All of the above
- B. Tampering with Data
- C. Spoofing Identity
- D. Information Disclosure
Answer: A
Explanation:
Sufficient Identity and Access Management practice should be followed in cloud environment.
Weakness in Identity, Credential and Access Management can lead to all types of threats as a compromised credential opens door to complete internal infrastructure.
NEW QUESTION 77
ENISA: A reason for risk concerns of a cloud provider being acquired is:
- A. Mass layoffs may occur
- B. Resource isolation may fail
- C. Provider may change physical location
- D. Non-binding agreements put at risk
- E. Arbitrary contract termination by acquiring company
Answer: D
NEW QUESTION 78
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
- A. True
- B. False
Answer: A
NEW QUESTION 79
Amount of risk that the leadership and stakeholders of an organization are willing to accept. is known as:
- A. Risk Limitation
- B. Residual Risk
- C. Risk Avoidance
- D. Risk Tolerance
Answer: D
Explanation:
Risk tolerance is the amount of risk that the leadership and stakeholders of an organization are willing to accept.
NEW QUESTION 80
Who is responsible for Data Security in Software as a Service(SaaS) service mode?
- A. Cloud Customer
- B. Cloud Service Provider
- C. Cloud Carrier
- D. It's a shared responsibility between Cloud Service Provider and Cloud Customer
Answer: A
Explanation:
Remember that data security will always remain responsibility of the cloud customer in all service models
NEW QUESTION 81
Which of the following very important consideration when securing access to the Management Plane?
- A. Remote Access VPN
- B. Service Administrator
- C. Super Administrator
- D. Least Privilege
Answer: D
Explanation:
Both providers and consumers should consistently only allow the least privilege required for users.
applications. and other management plane usage.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)
NEW QUESTION 82
How can virtual machine communications bypass network security controls?
- A. VM images can contain rootkits programmed to bypass firewalls
- B. Hypervisors depend upon multiple network interfaces
- C. VM communications may use a virtual network on the same hardware host
- D. Most network security systems do not recognize encrypted VM traffic
- E. The guest OS can invoke stealth mode
Answer: C
NEW QUESTION 83
Which of the vulnerabilities is inherited from general software development practice in PaaS environment?
- A. DDoS
- B. DNS spoofing
- C. Cross
- D. Backdoors
Answer: D
Explanation:
As a general practice of software development. Developer tend to leave backdoors so that they can come back later to fix issues.
NEW QUESTION 84
Which of the following is NOT part of Risk management process?
- A. Dealing
- B. Assessing
- C. Framing
- D. Responding
Answer: A
Explanation:
The risk-management process has four components
1. Framing risk
2. Assessing risk
3. Responding to risk
4. Monitoring risk
NEW QUESTION 85
ln which service model. does cloud security provider has least responsibility?
- A. IaaS
- B. SaaS
- C. PaaS
- D. XaaS
Answer: A
Explanation:
In IaaS service model. CSP is responsible only for the physical infrastructure.
NEW QUESTION 86
Which of the following is not part of STRIDE model?
- A. Spoofing
- B. Denial of Service
- C. Elevation of Privilege
- D. Distributed Denial of Service
Answer: D
Explanation:
The letters in STRIDE threat model represent Spoofing of identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. The other options are simply mixed up or incorrect versions of the same.
NEW QUESTION 87
When your bank or credit card company sends you a notification of changes in how it collects or shares data, it is sending that notification in compliance with:
- A. HIPAA
- B. ISO 27001
- C. GDPR
- D. FERPA
Answer: C
Explanation:
Under GDPR. it is mandatory to notify consumers how their data will be used
NEW QUESTION 88
Which of the following can lead to vendor lock-in?
- A. Big Data sets
- B. Large supplier Redundancy
- C. Lack of transparency in terms of use
- D. CSP's vendor utilisation
Answer: C
Explanation:
Lack of transparency in terms of use can lead to vendor lock-in. Contracts and SLAs should clearly define the relationship between Cloud Service Provider(CSP)and the cloud customer. Clause of data portability should be there.
NEW QUESTION 89
Which of the following will not be provided by cloud services when requested by the customer?
- A. SIEM logs
- B. DLP solution results
- C. Geographical locations of the datacentre
- D. Details of security controls
Answer: D
Explanation:
The cloud service provider will not provide the details of security controls as it will harm the security of its infrastructure if the adversaries knows the details.
NEW QUESTION 90
CCM: In the CCM tool, a is a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.
- A. Control Specification
- B. Domain
- C. Risk Impact
Answer: A
NEW QUESTION 91
Which of the following is NOT true about CSA Cloud control metrix (CCM)?
- A. Also includes controls related to processing of personal data.
- B. Define the Cloud Audit Methodolog
- C. Maps controls to existing standards like ISO 27001
- D. Contains security controls divided in several domains
Answer: B
Explanation:
Remember that CCM is a security framework and does not include any methodology The Cloud Security Alliance Cloud Controls Matrix(CCM) is an essential and up-to-date security controls framework that is addressed to the cloud community and stakeholders. A fundamental richness of the CCM is its ability to provide mapping and cross relationships with the main industry-accepted security
NEW QUESTION 92
......
Tested Material Used To CCSK Test Engine: https://www.dumpsfree.com/CCSK-valid-exam.html
Steps Necessary To Pass The CCSK Exam: https://drive.google.com/open?id=1-Xg6yrdYquIN7uJePg7N0lDeEYAnT4Zs