オンライン問題で最適なCCSK試験練習問題(最新の336問題) [Q190-Q205]

Share

オンライン問題で最適なCCSK試験練習問題(最新の336問題)

練習問題CCSK素晴らしい練習用のCertificate of Cloud Security Knowledge v5 (CCSKv5.0)テスト問題


CCSK試験は、クラウドセキュリティの概念、ベストプラクティス、および業界標準を理解しているかどうかを候補者がテストするために設計されています。この試験は、セキュリティアーキテクト、エンジニア、コンサルタントなど、自分の組織内でクラウドセキュリティに責任を持つ個人を対象としています。

 

質問 # 190
Use elastic servers when possible and move workloads to new instances.

  • A. False
  • B. True

正解:B


質問 # 191
What are the primary security responsibilities of the cloud provider in compute virtualizations?

  • A. Enforce isolation and monitor and log workloads
  • B. Enforce isolation and configure the security settings
  • C. Monitor and log workloads and configure the security settings
  • D. Maintain a secure virtualization infrastructure and configure the security settings
  • E. Enforce isolation and maintain a secure virtualization infrastructure

正解:E


質問 # 192
An important consideration when performing a remote vulnerability test of a cloud-based application is to

  • A. Use network layer testing tools exclusively
  • B. Obtain provider permission for test
  • C. Use techniques to evade cloud provider's detection systems
  • D. Schedule vulnerability test at night
  • E. Use application layer testing tools exclusively

正解:B

解説:
Explanation/Reference:


質問 # 193
Which practice ensures container security by preventing post-deployment modifications?

  • A. Regular vulnerability scanning of deployed containers
  • B. Implementing dynamic network segmentation policies
  • C. Employing Role-Based Access Control (RBAC) for container access
  • D. Use of immutable containers

正解:D

解説:
Immutable containers are not altered post-deployment, ensuring the integrity of the deployed environment and reducing the risk of unauthorized modifications. Reference: [CCSK v5 Curriculum, Domain 8 - Cloud Workload Security][source 16].


質問 # 194
Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub.

  • A. False
  • B. True

正解:B

解説:
This is true. Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub, because there is a significant chance of discovery and misuse.
Keys need to be appropriately secured and a well- secured public key infrastructure (PKI) is needed to ensure key-management activities are carried out.


質問 # 195
Which principle reduces security risk by granting users only the permissions essential for their role?

  • A. Role-Based Access Control
  • B. Least-Privileged Access
  • C. Unlimited Access
  • D. Mandatory Access Control

正解:B

解説:
The principle of least privilege limits access to only necessary permissions, reducing the risk of misuse and exposure of sensitive data. Reference: [CCSK v5 Curriculum, Domain 5 - IAM]


質問 # 196
A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?

  • A. An access log
  • B. A validation process
  • C. A support table
  • D. An entitlement matrix
  • E. An entry log

正解:B


質問 # 197
According to NIST, what is cloud computing defined as?

  • A. A shared set of resources delivered over the Internet
  • B. A model for on-demand network access to a shared pool of configurable resources
  • C. A model for more-efficient use of network-based resources
  • D. Services that are delivered over the Internet to customers

正解:B

解説:
NIST defines cloud computing as on-demand network access to a shared pool of configurable resources, aligning with the essential characteristics of cloud services. Reference: [Security Guidance v5, Domain 1 - Cloud Computing Models]


質問 # 198
In the context of IaaS, what are the primary components included in infrastructure?

  • A. Network configuration tools, storage encryption, and virtualization platforms
  • B. Compute, network, and storage resource pools
  • C. User authentication systems, application deployment services, and database management
  • D. Load balancers, firewalls, and backup solutions

正解:B

解説:
Correct Option: B. Compute, network, and storage resource pools
In the Infrastructure as a Service (IaaS) model, the term "infrastructure" refers to the core physical and virtualized building blocks that form the basis of a cloud environment. These components are abstracted and pooled to offer on-demand provisioning to cloud consumers.
From the CSA Security Guidance v4.0 - Domain 1: Cloud Computing Concepts and Architectures:
"Infrastructure: The core components of a computing system: compute, network, and storage. The foundation that everything else is built on. The moving parts."
- Section 1.1.4 Logical Model, CSA Security Guidance v4.0
Furthermore:
"IaaS consists of a facility, hardware, an abstraction layer, an orchestration (core connectivity and delivery) layer to tie together the abstracted resources, and APIs to remotely manage the resources and deliver them to consumers."
- Section 1.1.3.1 Infrastructure as a Service, CSA Security Guidance v4.0 These are commonly referred to as resource pools, and form the foundation of what IaaS delivers: virtual machines (compute), virtual networks (networking), and object/block storage systems (storage).
Why the Other Options Are Incorrect:
A . Network configuration tools, storage encryption, and virtualization platforms
➤ These are supporting technologies and security tools, not the actual infrastructure components that make up IaaS.
C . User authentication systems, application deployment services, and database management
➤ These fall under PaaS (Platform as a Service) and SaaS. IaaS does not manage applications or authentication; it provides the foundation upon which these services run.
D . Load balancers, firewalls, and backup solutions
➤ These are add-on services or features, not the core infrastructure components of IaaS. While often used alongside IaaS, they are not the essential building blocks of infrastructure.
Main Topic: Cloud Computing Concepts and Architectures
Source: CSA Security Guidance v4.0, Domain 1, Sections 1.1.3.1 & 1.1.4


質問 # 199
Which type of cloud workload would be most appropriate for running isolated applications with minimum resource overhead?

  • A. Function as a Service (FaaS)
  • B. Containers
  • C. AI Workloads
  • D. Virtual Machines (VMs)

正解:B

解説:
Containersare the most appropriate cloud workload for running isolated applications with minimum resource overhead. Containers provide lightweight, isolated environments that share the host operating system, reducing resource consumption compared to virtual machines (VMs). They are ideal for microservices and applications requiring isolation without the overhead of a full VM.
From theCCSK v5.0 Study Guide, Domain 2 (Cloud Infrastructure and Platform Security), Section 2.5:
"Containers are lightweight, portable, and isolated environments that share the host OS kernel, making them highly efficient for running applications with minimal resource overhead. Unlike VMs, which require a full guest OS, containers provide application isolation with significantly lower resource demands." Option A (Containers) is the correct answer.
* Option B (Function as a Service) is incorrect because FaaS is designed for event-driven, short-lived functions, not for running full applications.
* Option C (AI Workloads) is incorrect because AI workloads are a category of tasks, not a specific workload type, and may run on VMs or containers.
* Option D (Virtual Machines) is incorrect because VMs include a full guest OS, resulting in higher resource overhead compared to containers.
References:
CCSK v5.0 Study Guide, Domain 2, Section 2.5: Containers and Virtualization.


質問 # 200
All assets require the same continuity in the cloud.

  • A. True
  • B. False

正解:B


質問 # 201
Which factor is typically considered in data classification?

  • A. Storage capacity requirements
  • B. CI/CD step
  • C. Data controller
  • D. Sensitivity of data

正解:D

解説:
Data classificationis afundamental security practiceused toprotect sensitive informationbased onrisk, confidentiality, integrity, and regulatory requirements.
Key Factors in Data Classification:
Data Sensitivity:
Organizations classify data based onhow sensitive it is:
Public(e.g., marketing material).
Internal Use Only(e.g., business plans).
Confidential(e.g., financial reports).
Restricted/Highly Confidential(e.g., personal healthcare records, credit card details).
Compliance & Legal Requirements:
Certain data types have strict compliance laws:
PII (Personally Identifiable Information) → GDPR, CCPA
Financial Data → PCI DSS
Healthcare Data HIPAA
Cloud providers must ensure security policies align with compliance frameworks.
Impact on Security Controls:
Highly sensitive data requires encryption at rest and in transit.
Access control must be enforced with least privilege and IAM policies.
Risk Management:
Properdata classification helps organizations define security policiessuch as:
Retention policies(How long data should be stored?).
Backup and disaster recovery strategies.
This is outlined in:
CCSK v5 - Security Guidance v4.0, Domain 11 (Data Security and Encryption) Cloud Controls Matrix (CCM) - Data Security and Data Classification Standards


質問 # 202
Which of the following is a key tool for enabling and enforcing separation and isolation in multitenancy?

  • A. Networking
  • B. Processors
  • C. Control Plane
  • D. Management Plane

正解:D

解説:
The management plane is a key tool for enabling and enforcing separation and isolation in multitenancy.
Limiting who can do what with the APIs is one important means for segregating out customers, or different users within a single tenant. Resources are in the pool, out of the pool, and where they are allocated Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)


質問 # 203
Which of the followinglS0 Standard provides Code of practice for information security controls based on IS0/IEC 27002for cloud services?

  • A. ISO 27018
  • B. ISO 27032
  • C. ISO 27017
  • D. ISO 27034

正解:C

解説:
IS0 27017 provides Code of practice for information security controls based on ISO/IEC27002 for cloud services.


質問 # 204
Which is the leading industry leading standard you will recommend to a web developer when designing web application or an API for a cloud solution?

  • A. ISO 27001
  • B. SOC2
  • C. OWASP
  • D. FIPS 140

正解:C

解説:
OWASP is an open project and is leading industry standard for designing web applications and its security.


質問 # 205
......


CCSK認定試験は、クラウドコンピューティングセキュリティにおける個人の知識と専門知識をテストするために設計された包括的な試験です。この試験は60の複数選択の質問で構成されており、候補者は試験を完了するために90分かかります。試験はオンラインで管理されており、候補者は世界のどこからでも試験を受けることができます。この試験は、英語、フランス語、ドイツ語、日本語、ポルトガル語、スペイン語など、複数の言語でも利用できます。

 

リアルなCCSK試験別格な練習試験問題:https://www.jpntest.com/shiken/CCSK-mondaishu

100%合格率でリアルなCCSK試験成功ゲット:https://drive.google.com/open?id=1-_DkFMVrtZl5d1OSEr7VLCBSJek5auLP

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡