JPNTestからの試験合格準備の必需品CCSK試験トレーニング問題 [Q38-Q56]

JPNTestからの試験合格準備の必需品CCSK試験トレーニング問題

有効なパス率はCloud Security KnowledgeのCCSK試験問題

CCSK試験は60の選択問題から成り、オンラインで受験できます。この試験は、クラウドセキュリティに関連するさまざまなトピックをカバーしており、クラウドアーキテクチャ、データセキュリティ、アイデンティティとアクセス管理、コンプライアンス、法的および契約上の問題、および仮想化セキュリティが含まれます。この試験は、経験やバックグラウンドに関わらず、クラウドセキュリティに興味がある人なら誰でも受験できます。

 

質問 # 38
Which of the following pair represents Storage used in IaaS infra-structure?

• A. Volume and object storage
• B. CDN and Ephemeral
• C. Raw and long-term storage
• D. Structured and Unstructured Storage

正解：A

解説：
IaaS uses the following storage types:
Volume storage: A virtual hard drive that can be attached to a virtual machine instance and be used to host data within a file System, Volumes attached to IaaS instances behave just like a physical drive or an array does. Examples include VMware Virtua Machine File System(VMFS), Amazon Elastic Block Store(EBS), RackSpace Redundant Array of Independent Disks (RAID), and OpenStack Cinder.
Object storage: Similar to a file share accessed via APIs or a web interface. Examples include Amazon S3 and Rackspace cloud files.

質問 # 39
Which of the following is a perceived advantage or disadvantage of managing enterprise risk for cloud deployments?

• A. Decreased requirement for proactive management of relationship and adherence to contracts.
• B. More physical control over assets and processes.
• C. Greater reliance on contracts, audits, and assessments due to lack of visibility or management.
• D. None of the above.
• E. Increased need, but reduction in costs, for managing risks accepted by the cloud provider.

正解：C

解説：
Explanation/Reference:

質問 # 40
What is the process to determine any weaknesses in the application and the potential ingress, egress, and actors involved before the weakness is introduced to production?

• A. STRIDE
• B. Vulnerability Assessment
• C. Threat Modelling
• D. Threat Detection

正解：C

解説：
Threat modelling is performed once an application design is created. The goal of threat modelling is to determine any weaknesses in the application and the potential ingress, egress, and actors involved before the weakness is introduced to production. It is the overall attack surface that is amplified by the cloud, and the threat model has to take that into account.

質問 # 41
Which of the following is NOT a characteristic of Object Storage?

• A. Accessed through web interface
• B. Stored in cloud
• C. Cannot be accessed through web interface
• D. Has additional Metadata

正解：C

解説：
Object storage: Similar to a file share accessed via APIs or a web interface. Examples include Amazon S3 and Rackspace cloud files.

質問 # 42
Who is responsible for the security of the physical infrastructure and virtualization platform?

• A. The responsibility is split equally
• B. The cloud consumer
• C. The cloud provider
• D. It depends on the agreement
• E. The majority is covered by the consumer

正解：C

質問 # 43
Code execution environments that run within an operating system. sharing and leveraging resources of that operating system is called :

• A. Container
• B. Instance
• C. Virtual Machine
• D. Sandbox

正解：A

解説：
Containers are code execution environments that run within an operating system(for now), sharing and leveraging resources of that operating system. While a VM is a full abstraction of an operating system, a container is a constrained place to run segregated processes while still utilizing the kernel and other capabilities of the base 0S. Multiple containers can run on the same virtual machine or be implemented without the use of VMs at all and run directly on hardware.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

質問 # 44
In cloud services. risks and responsibilities are shared between the cloud provider and customer.
however. which of the following holds true?

• A. Cloud Customer has ultimate legal liability for unauthorised and illicit data disclosures
• B. Cloud Provider liability is limited to financial responsibility
• C. Cloud Customer liability is limited to financial responsibility
• D. Cloud provider has ultimate legal liability for unauthorised and illicit data disclosures

正解：A

解説：
In a shared responsibility model. Data security is responsibility of the cloud consumer and he is legally liable.

質問 # 45
Which of the following help to intermediate IAM between an organization's existing identity providers and many different cloud services used by the organization?

• A. Active Director
• B. Relying Party
• C. Federated Identity Provider
• D. Cloud Access Security Broker

正解：C

解説：
One of the better-known categories heavily used in cloud security is Federated Identity Brokers. These services help intermediate IAM between an organization's existing identity providers(internal Security Guidance v4.0 Copyright2017. Cloud Security Alliance. All rights reserved or cloud-hosted directories) and the many different cloud services used by the organization. They can provide web-based Single Sign
0n(SS0). helping ease some of the complexity of connecting to a wide range of external services that use different federation configurations.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

質問 # 46
Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub.

• A. True
• B. False

正解：A

解説：
This is true. Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub, because there is a significant chance of discovery and misuse.
Keys need to be appropriately secured and a well- secured public key infrastructure (PKI) is needed to ensure key-management activities are carried out.

質問 # 47
What is it called when you lose control of the amount of content on your image store?

• A. Media Sanitization
• B. Sprawl
• C. Data Loss
• D. Media Contention

正解：B

解説：
Sprawl occurs when you lose control of the amount of content on your image store.
Unnecessary images may be created and run. Each additional image running is another potential point of compromise for an attacker.

質問 # 48
Which provides guidelines for organizational information security standards including the selection, implementation, and management of controls taking into consideration the organization's information security risk environments?

• A. ISO 27001
• B. FIPS 140-2
• C. NIST 800-9
• D. ISO 27002

正解：D

解説：
ISO 27002 is a standard which provides detailed description of security controls and how they need to implemented to provide effective ISMS.

質問 # 49
Which of the following are key Data functions?

• A. Access, Process & Save
• B. Access, Procure & Save
• C. Access, Process & Store
• D. Access, Procure & Store

正解：C

解説：
The key data functions are Access, process & Store

質問 # 50
Which of the following phases of data security lifecycle typically occurs nearly simultaneously with creation?

• A. Save
• B. Store
• C. Encrypt
• D. Use

正解：B

解説：
Storing is the act committing the digital data to some sort of storage repository and typically occurs nearly simultaneously with creation.
Reference: CSA Security Guidelines V.4(reproduced here for the educational purpose)

質問 # 51
What is true of security as it relates to cloud network infrastructure?

• A. You should apply cloud firewalls on a per-network basis.
• B. You should implement a default deny with cloud firewalls.
• C. You should deploy your cloud firewalls identical to the existing firewalls.
• D. You should implement a default allow with cloud firewalls and then restrict as necessary.
• E. You should always open traffic between workloads in the same virtual subnet for better visibility.

正解：B

質問 # 52
Database as a Service is an example of :

• A. Infrastructure as a Service(IaaS)
• B. Platform as a Service(PaaS)
• C. Program as a Service(PaaS)
• D. Software as a Service(SaaS)

正解：B

解説：
One option. frequently seen in the real world and illustrated in our model. is to build a platform on top of IaaS. A layer of integration and middleware is built on IaaS. then pooled together. orchestrated. and exposed to customers using APIs as PaaS. For example, a Database as a Service could be built by deploying modified database management system software on instances running in IaaS. The customer manages the database via API (and a web console) and accesses it either through the normal database network protocols, or, again, via API.
Ref: CSA Security Guidelines V4.0

質問 # 53
Interoperability is the ability that enables the migration of cloud services from one cloud provider to another or between public cloud and a private cloud.

• A. False
• B. True

正解：A

解説：
This is false, as this is the definition of Portability and not interoperability

質問 # 54
Enterprise Risk Management is part of over all information Risk Management of the organization

• A. False
• B. True

正解：A

解説：
It is False and it is other way round. Information Risk management is part of Enterprise Risk.

質問 # 55
The containment phase of the incident response lifecycle requires taking systems offline.

• A. True
• B. False

正解：A

質問 # 56
......

全問CCSK問題集とCertificate of Cloud Security Knowledge (v4.0) Examトレーニングコース：https://www.jpntest.com/shiken/CCSK-mondaishu