[2023年11月26日] 365日更新、有効なCCSK知能問題集 [Q25-Q47]

[2023年11月26日] 365日更新、有効なCCSK知能問題集

ベスト品質のCCSK試験問題集でCloud Security Allianceテスト高得点を目指そう

質問 # 25
Which of the following very important consideration when securing access to the Management Plane?

• A. Super Administrator
• B. Least Privilege
• C. Service Administrator
• D. Remote Access VPN

正解：B

解説：
Both providers and consumers should consistently only allow the least privilege required for users.
applications. and other management plane usage.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

質問 # 26
What is true of security as it relates to cloud network infrastructure?

• A. You should deploy your cloud firewalls identical to the existing firewalls.
• B. You should apply cloud firewalls on a per-network basis.
• C. You should implement a default allow with cloud firewalls and then restrict as necessary.
• D. You should always open traffic between workloads in the same virtual subnet for better visibility.
• E. You should implement a default deny with cloud firewalls.

正解：E

解説：
Explanation

質問 # 27
According to Cloud Security Alliance logical model of cloud computing, which of the following defines the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers.

• A. Infrastructure
• B. Infostructure
• C. Metastructure
• D. Applistructure

正解：C

解説：
According to CSA Securityguidelines4.0. Metastucture is defined as the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration.

質問 # 28
Which of the following is true after your organization migrates the data to the cloud?

• A. Cloud service provider will be legally liable for any data breach.
• B. Breaches will be termed as loss of Intellectual property.
• C. It is totally secure because cloud service providers have more security.
• D. In case of data breach, you as a customer, will be still legally liable.

正解：D

解説：
Even after cloud migration. cloud customer is responsible for the data and ultimately liable for any data loss or breaches.

質問 # 29
In Platform as a Service (PaaS), platform security is a responsibility of:

• A. Cloud service provider
• B. Customer
• C. It's a shared responsibility
• D. Neither of them

正解：C

解説：
This is a very confusing question and we need to understand that its a shared responsibility between cloud service provider and customer.

質問 # 30
What is a potential concern of using Security-as-a-Service (SecaaS)?

• A. Scaling and costs
• B. Intelligence sharing
• C. Insulation of clients
• D. Deployment flexibility
• E. Lack of visibility

正解：E

質問 # 31
The Software Defined Perimeter (SDP) includes which components?

• A. Client, Controller, and Gateway
• B. Client, Firewall, and Gateway
• C. Client, Controller, Firewall, and Gateway
• D. Controller, Firewall, and Gateway
• E. Client, Controller, and Firewall

正解：A

質問 # 32
Which of the following is key benefit of private cloud model?

• A. Distributed data location
• B. Off-loading IT Management
• C. Less expensive
• D. Assurance of Data Location

正解：D

解説：
One of the key challenges in cloud computing is its distributed environment and dispersed data centers across the globe. It is very difficult to trace data location in public clouds.
Therefore. Assurance of data location is key advantage of private cloud.

質問 # 33
Which are the two major categories of network virtualization commonly seen in cloud computing today?

• A. Software Defined Networks and Virtual Private Networks
• B. Virtual Private Networks and Converged Network
• C. Virtual LANS(VLANs)and Converged Networks
• D. Software Defined Networks and Virtual LANs(VLANs)

正解：C

解説：
There are two major categories of network virtualization commonly seen in cloud computing today:
. Virtual Local Area Networks (VLANs): VLANs leverage existing network technology implemented in most network hardware.
VLANs are extremely common in enterprise networks, even without Management Storage Service Management plane to nodes storage nodes (volumes) to compute nodes (instances) Internet to compute nodes Instances to instance Common networks underlying IaaS. They are designed for use in single-tenant networks (enterprise data centers) to separate different business units, functions, etc. (like guest networks). VLANs are not designed for cloud-scale virtualization or security and shouldn't be considered, on their own, an effective security control for isolating networks. They are also never a substitute for physical network segregation.
. Software Defined Networking(SDN): A more complete abstraction layer on top of networking hardware, SDNs decouple the network control plane from the data. This allows us to abstract networking from the traditional limitations of a LAN.
Ref: CSA Security Guidelines V.4 (reproduced here for the educational purpose)

質問 # 34
In cloud services. risks and responsibilities are shared between the cloud provider and customer.
however. which of the following holds true?

• A. Cloud Provider liability is limited to financial responsibility
• B. Cloud provider has ultimate legal liability for unauthorised and illicit data disclosures
• C. Cloud Customer has ultimate legal liability for unauthorised and illicit data disclosures
• D. Cloud Customer liability is limited to financial responsibility

正解：C

解説：
In a shared responsibility model. Data security is responsibility of the cloud consumer and he is legally liable.

質問 # 35
Your SLA with your cloud provider ensures continuity for all services.

• A. False
• B. True

正解：A

解説：
Explanation

質問 # 36
Which of the following document includes responsibilities and mechanisms for governance in cloud environment?

• A. Governance memo
• B. Contract
• C. Operational level Agreement
• D. Service Level Agreement

正解：B

解説：
Cloud computing changes the responsibilities and mechanisms for implementing and managing governance. Responsibilities and mechanisms for governance are defined in the contract. as with any business relationship. If the area of concern isnt in the contract. there are no mechanisms available to enforce. and there is a governance gap. Governance gaps dont necessarily exclude using the provider, but they do require the customer to adjust their own processes to close the gaps or accept the associated risks.
Ref: Security Guidance v4.0 Copyright2017, Cloud Security Alliance (used for educational purpose here)

質問 # 37
"Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms" Which of the following characterstics defines this

• A. Broad network access
• B. Rapid elasticity
• C. 0n-demand self-service
• D. Resource pooling

正解：C

質問 # 38
When designing an encryption system, you should start with a threat model.

• A. True
• B. False

正解：A

質問 # 39
The risk left in any system after all countermeasures and strategies have been applied is called:

• A. Mitigated Risk
• B. Residual Risk
• C. Annualised Risk
• D. Leftover risk

正解：B

解説：
Thats the definition of residual risk

質問 # 40
CCM: The Cloud Service Delivery Model Applicability column in the CCM indicates the applicability of the cloud security control to which of the following elements?

• A. Service Provider or Tenant/Consumer
• B. SaaS, PaaS or IaaS
• C. Physical, Network, Compute, Storage, Application or Data
• D. Mappings to well-known standards and frameworks

正解：B

質問 # 41
Like security and compliance. BC/DR is not a shared responsibility.

• A. True
• B. False

正解：A

解説：
This is True
Like security and compliance, BC/DR is a shared responsibility. There are aspects that the cloud provider has to manage, but the cloud customer is also ultimately responsible for how they use and manage the cloud service. This is especially true when planning for outages of the cloud provider (or parts of the cloud provider's service).
Ref Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

質問 # 42
Which of the following is most commonly used to program Application Programming Interface(API)?

• A. REST
• B. HTTP
• C. SOAP
• D. JSON

正解：A

解説：
APIs are typically REST for cloud services, since REST is easy to implement across the Internet. REST APIs have become the standard for web-based services since they run over Hl'-P/S and thus work well across diverse environments.
Reference: CSA Security GuidelinesV.4 (reproduced here for the educational purpose)

質問 # 43
What refers refer the model that allows customers to scale their computer and/ or storage needs with little or no intervention from or prior communication with the provider. The services happen in real time?

• A. Broad network access
• B. Rapid elasticity
• C. On-demand self-service
• D. Resource pooling

正解：C

解説：
It is the characteristic of 0n-demand self-service that allows customers to scale their computer and/ or storage needs with little or no intervention from or prior communication with the provider

質問 # 44
Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?

• A. Code Review
• B. Unit Testing
• C. Functional Testing
• D. Static Application Security Testing (SAST)
• E. Dynamic Application Security Testing (DAST)

正解：E

質問 # 45
Big data includes high volume, high variety, and high velocity.

• A. True
• B. False

正解：A

質問 # 46
Who is responsible for Data Security in Software as a Service(SaaS) service mode?

• A. It's a shared responsibility between Cloud Service Provider and Cloud Customer
• B. Cloud Carrier
• C. Cloud Customer
• D. Cloud Service Provider

正解：C

解説：
Remember that data security will always remain responsibility of the cloud customer in all service models

質問 # 47
......

注目すべき時短になるCCSKオールインワン試験ガイド：https://www.jpntest.com/shiken/CCSK-mondaishu