Certificate Of Cloud Security Knowledge Exam

Question 1

Which communication methods within a cloud environment must be exposed for partners or
consumers to access database information using a web application?

A. Software Development Kits (SDKs)
B. Resource Description Framework (RDF)
C. Extensible Markup Language (XML)
D. Application Binary Interface (ABI)
E. Application Programming Interface (API)

Answer:

E

Discussions

Question 2

ENISA: A reason for risk concerns of a cloud provider being acquired is:

A. Arbitrary contract termination by acquiring company
B. Resource isolation may fail
C. Provider may change physical location
D. Mass layoffs may occur
E. Non-binding agreements put at risk

Answer:

E

Discussions

Question 3

What is the best way to ensure that all data has been removed from a public cloud environment
including all media such as back-up tapes?

A. Allowing the cloud provider to manage your keys so that they have the ability to access and delete the data from the main and back-up storage.
B. Maintaining customer managed key management and revoking or deleting keys from the key management system to prevent the data from being accessed again.
C. Practice Integration of Duties (IOD) so that everyone is able to delete the encrypted data.
D. Keep the keys stored on the client side so that they are secure and so that the users have the ability to delete their own data.
E. Both B and D.

Answer:

B

Discussions

Question 4

ENISA: Lock-in is ranked as a high risk in ENISA research, a key underlying vulnerability causing lock
in is:

A. Lack of completeness and transparency in terms of use
B. Lack of information on jurisdictions
C. No source escrow agreement
D. Unclear asset ownership
E. Audit or certification not available to customers

Answer:

A

Discussions

Question 5

In which type of environment is it impractical to allow the customer to conduct their own audit,
making it important that the data center operators are required to provide auditing for the
customers?

A. Multi-application, single tenant environments
B. Long distance relationships
C. Multi-tenant environments
D. Distributed computing arrangements
E. Single tenant environments

Answer:

C

Discussions

Question 6

Which of the following is NOT normally a method for detecting and preventing data migration into
the cloud?

A. Intrusion Prevention System
B. URL filters
C. Data Loss Prevention
D. Cloud Access and Security Brokers (CASB)
E. Database Activity Monitoring

Answer:

A

Discussions

Question 7

Your SLA with your cloud provider ensures continuity for all services.

A. False
B. True

Answer:

A

Discussions

Question 8

What is resource pooling?

A. The provider’s computing resources are pooled to serve multiple consumers.
B. Internet-based CPUs are pooled to enable multi-threading.
C. The dedicated computing resources of each client are pooled together in a colocation facility.
D. Placing Internet (cloud) data centers near multiple sources of energy, such as hydroelectric dams.
E. None of the above.

Answer:

A

Discussions

Question 9

Which statement best describes why it is important to know how data is being accessed?

A. The devices used to access data have different storage formats.
B. The devices used to access data use a variety of operating systems and may have different programs installed on them.
C. The device may affect data dispersion.
D. The devices used to access data use a variety of applications or clients and may have different security characteristics.
E. The devices used to access data may have different ownership characteristics.

Answer:

D

Discussions

Question 10

How is encryption managed on multi-tenant storage?

A. Single key for all data owners
B. One key per data owner
C. Multiple keys per data owner
D. The answer could be A, B, or C depending on the provider
E. C for data subject to the EU Data Protection Directive; B for all others

Answer:

B

Discussions

CSA ccsk practice test