[2023年07月]更新のCloud Security Alliance CCSK公式認定ガイドPDF [Q48-Q66]

[2023年07月]更新のCloud Security Alliance CCSK公式認定ガイドPDF

試験CCSK Certificate of Cloud Security Knowledge (v4.0) Exam

CCSK 認定資格は、IT アーキテクト、セキュリティコンサルタント、クラウドサービスプロバイダーなど、クラウドテクノロジーを扱うプロフェッショナルに最適です。この認定資格はクラウドセキュリティに関する包括的な理解を提供し、クラウドセキュリティのベストプラクティスに強い基盤を築くことができます。また、クラウドにおける最高のセキュリティ基準を維持するためのコミットメントを示します。

CCSK試験は60の選択問題から成り、オンラインで受験できます。この試験は、クラウドセキュリティに関連するさまざまなトピックをカバーしており、クラウドアーキテクチャ、データセキュリティ、アイデンティティとアクセス管理、コンプライアンス、法的および契約上の問題、および仮想化セキュリティが含まれます。この試験は、経験やバックグラウンドに関わらず、クラウドセキュリティに興味がある人なら誰でも受験できます。

 

質問 # 48
Any given processor and memory will nearly always be running multiple workloads, often from different tenants.

• A. True
• B. False

正解：A

質問 # 49
ENISA: Which is not one of the five key legal issues common across all scenarios:

• A. Intellectual property
• B. Professional negligence
• C. Outsourcing services and changes in control
• D. Data protection
• E. Globalization

正解：E

質問 # 50
Which of the following is typically a policy set that define ingress and egress rules that can apply to single assets or groups of assets, regardless of network location?

• A. Database Activity Monitor
• B. Security Groups
• C. Intrusion Detection System
• D. API Gateway

正解：B

解説：
SDN firewalls (e.g, security groups) can apply to assets based on more flexible criteria than hardware- based firewalls, since they aren't limited based on physical topology. (Note that this is true of many types of software firewalls, but is distinct from hardware firewalls). SDN firewalls are typically policy sets that define ingress and egress rules that can apply to single assets or groups of assets, regardless of network location (within a given virtual network).
Reference: CSA Security Guidelines V.4 (reproduced here for the educational purpose)

質問 # 51
Under the new EU data protection rules. data destruction and corruption of personal data.

• A. does not guarantee damages that can claimed by cloud customer.
• B. does not need notification but cloud service provider is legally liable
• C. does not attract any additional penalty
• D. are considered forms of data breaches and require notification

正解：D

解説：
They are considered as forms of data breached and require notification. Further cloud customer is legally liable.

質問 # 52
A cloud storage architecture that caches content close to locations of high demand is known as:

• A. Volume Data
• B. Ephemeral Storage
• C. Block Data
• D. Content Delivery Network(CDN)

正解：D

解説：
A content delivery network(CDN) is a system of distributed servers(network) that deliver pages and other Web content to a user. based on the geographic locations of the user. the origin of the webpage and the content delivery server.

質問 # 53
Erin has a picture which he wants to store in the cloud and would like to share its URL so that his friends can see the picture. What type of cloud storage would you recommend for him?

• A. Glacier
• B. Block Storage
• C. Object Storage
• D. Raw storage

正解：C

解説：
Object storage(also referred to as object-based storage) is a general term that refers to the way in which we organize and work with units of storage, called objects.
Every object contains three things:
The data itself: The data can be anything you want to store, from a family photo to a400,000-page manual for assembling an aircraft.
An expandable amount of metadata: The metadata is defined by whoever creates the object storage; it contains contextual information about what the data is, what it should be used for, its confidentiality, or anything else that is relevant to the way in which the data is used.
A globally unique identifier: The identifier is an address given to the object in order for the object to be found over a distributed system. This way, it's possible to find the data without having to know the physical location of the data(which could exist within different parts of a data center or different parts of the world).

質問 # 54
Which statement best describes why it is important to know how data is being accessed?

• A. The devices used to access data have different storage formats.
• B. The devices used to access data may have different ownership characteristics.
• C. The devices used to access data use a variety of operating systems and may have different programs installed on them.
• D. The device may affect data dispersion.
• E. The devices used to access data use a variety of applications or clients and may have different security characteristics.

正解：E

質問 # 55
What are the primary security responsibilities of the cloud provider in compute virtualizations?

• A. Enforce isolation and maintain a secure virtualization infrastructure
• B. Enforce isolation and monitor and log workloads
• C. Enforce isolation and configure the security settings
• D. Maintain a secure virtualization infrastructure and configure the security settings
• E. Monitor and log workloads and configure the security settings

正解：A

質問 # 56
Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?

• A. Software-as-a-service (SaaS)
• B. Platform-as-a-service (PaaS)
• C. Infrastructure-as-a-service (IaaS)
• D. Identity-as-a-service (IDaaS)
• E. Desktop-as-a-service (DaaS)

正解：B

質問 # 57
Which of the following is NOT of the essential characterstics as defined by NIST?

• A. Resource Pooling
• B. Resource Sharing
• C. Rapid Elastici
• D. On-demand self service

正解：A

解説：
All others are characteristics as defined by NIST.

質問 # 58
Your SLA with your cloud provider ensures continuity for all services.

• A. True
• B. False

正解：B

質問 # 59
When a cloud customer uploads PII to a cloud provider. who becomes ultimately responsible for the security of that PII?

• A. Cloud Provider
• B. Regulator
• C. Cloud customer
• D. The individuals who are the subject of the PII

正解：C

解説：
Under current law, the data owner is responsible for any breaches that result in unauthorized disclosure of PII; this includes breaches caused by contracted parties and outsources services. The data owner is the cloud customer.

質問 # 60
Which communication methods within a cloud environment must be exposed for partners or consumers to access database information using a web application?

• A. Application Programming Interface (API)
• B. Extensible Markup Language (XML)
• C. Resource Description Framework (RDF)
• D. Application Binary Interface (ABI)
• E. Software Development Kits (SDKs)

正解：A

質問 # 61
Which of following is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor?

• A. VM DOS
• B. VM Escape
• C. VM rootkit
• D. VM HBR

正解：B

解説：
Virtual machine escape is an exploit in which the attacker runs code on a VM that allows an operating system running within it to break out and interact directly with the hypervisor. Such an exploit could give the attacker access to the host operating system and all other virtual machines(VMs) running on that host.

質問 # 62
What is the characteristic that allows the cloud provider to meet various demands from customers while remaining financially viable?

• A. Broad network access
• B. Measured service
• C. Resource pooling
• D. Rapid elasticit

正解：C

解説：
Resource pooling is characteristic that allows the cloud provider to meet various demands from customers while remaining financially viable.

質問 # 63
Which ISO standards addresses Privacy in the cloud environment?

• A. ISO 27032
• B. ISO 27017
• C. ISO 27034
• D. ISO 27018

正解：D

解説：
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

質問 # 64
Security Governance, Risk and Compliance(GRC) is, generally, responsibility of which of the following across all the platforms (IaaS, PaaS and SaaS)?

• A. Customer
• B. Joint Responsibility
• C. Cloud Service Provider
• D. Shared responsibility

正解：A

解説：
GRC is responsibility of the customer across all service models.

質問 # 65
One of the main reasons and advantage of having external audit is:

• A. Its independent
• B. Better tools used by external provider
• C. Its cheaper
• D. Internal staff is less qualified than external auditors.

正解：A

解説：
All other answers are distractors. One of the primary reasons of doing external auditing is the independence of auditors.

質問 # 66
......

無料CCSK試験問題集試験点数を伸ばそう：https://www.jpntest.com/shiken/CCSK-mondaishu