CCSK Linked

Question 1

Ongoing monthly cloud costs are referred to as:

A. IaaS
B. OPEX
C. CaaS
D. CAPEX

Answer 1

B. OPEX

Explanation:
Ongoing monthly cloud charges are operating expenditures, or OPEX

Question 2

What physical server role hosts virtual machine guests?

A. directory server
B. hypervisor server
C. file server
D. SMTP server

Answer 2

B. hypervisor server

Explanation:
A hypervisor host runs virtual machine guests.

Question 3

You have manually deployed a cloud based virtual machine.

Which of the following is your responsibility?

A. virtual machine OS updates
B. firmware updates to storage hardware
C. hypervisor host high availability
D. cloud tenant isolation

Answer 3

A. virtual machine OS updates

Explanation:
Applying OS updates to a cloud based virtual machine deployed manually by the cloud customer is the responsible of the cloud customer

Question 4

Which of the following would normally be present in a cloud service SLA?

A. encryption settings
B. monthly pricing of the cloud service
C. guaranteed uptime
D. cloud subscription payment details

Answer 4

C. guaranteed uptime

Explanation:
SLAs are contracts between a cloud provider and customer detailing items such as guaranteed uptime for a particular cloud service

Question 5

Which term is synonymous with cloud computing measured services?

A. right sizing
B. SLA
C. autoscaling
D. metered usage

Answer 5

D. metered usage

Explanation:
Metered usage refers to cloud service usage tracking and billing

Question 6

How is cloud reserved instance pricing applied?

A. virtual machine attributes
B. new virtual machines only
C. virtual machine clusters of 2 or more
D. existing virtual machines only

Answer 6

A. virtual machine attributes

Explanation:
Reserved instance configuration settings are matched against existing and future virtual machines. When there is a match, reserved instance pricing is applied to the virtual machine

Question 7

You have configured a cloud application such that virtual machines are added when the average CPU utilization exceeds 90 percent. Which term best describes this scenario?

A. scaling in
B. autoscaling
C. SaaS
D. XaaS

Answer 7

B. autoscaling

Explanation:
Autoscaling configurations allow the addition and removal of virtual machines in response to application demand

Question 8

On demand cloud service provisioning means submitting tickets to deploy resources

A. False
B. True

Answer 8

A. False

Explanation:
On demand means the cloud customer can provision or deprovision cloud resources at any time

Question 9

Broad network access for cloud services applies to private networks

A. True
B. False

Answer 9

A. True

Explanation:
Private clouds are owned and used by a single organization. Private clouds adhere to all cloud characteristics including broad network access

Question 10

Cloud provider pooled storage makes which type of cloud service model available to cloud customers?

A. PaaS
B. SaaS
C. XaaS
D. IaaS

Answer 10

D. IaaS

Explanation:
Cloud based storage is referred to as IaaS

Question 11

What is a disadcantage to using a private cloud?

A. OPEX
B. CAPEX
C. less security than a public cloud
D. lack of configuration control

Answer 11

B. CAPEX

Explanation:

Question 12

How do public and private cloud differ?

A. Public clouds are not related to OPEX
B. Public clouds are available to everyone, private clouds are used by a single organization.
C. Private clouds are available to everyone, public clouds are used by single organization
D. Private clouds are not related to CAPEX

Answer 12

B. Public clouds are available to everyone, private clouds are used by a single organization.

Explanation:
Anybody can potentially access a public cloud which might require creating an account. Private clouds are accessible to only a single organization

Question 13

Which type of limited access cloud applies to groups of cloud customers with similar IT needs?

A. hybrid
B. community
C. private
D. public

Answer 13

B. community

Explanation
Community clouds are designed for groups with similar IT needs such as government agencies or specific industries such as health care

Question 14

What type of network connectivity is commonly used with hybrid clouds?

A. site to site VPN
B. client to site VPN
C. intranet
D. VLAN

Answer 14

A. site to site VPN

Explanation:
Site to Site VPNs provide an encrypted tunnel linking networks together, such as linking a private cloud to a public cloud

Question 15

Which cloud service is considered to be PaaS?

A. managed database
B. virtual machine
C. storage
D. end user productivity software

Answer 15

A. managed database

Explanation:
Managed databases are PaaS. Deployment and management of the underlying virtual machines and database software is the responsibility of the cloud provider

Question 16

Which characteristic defines as a service?

A. on demand
B. IT services running on hardware in a remote location where those services are accessible over a network
C. metered usage
D. IT services running on local hosts where the services are being used

Answer 16

B. IT services running on hardware in a remote location where those services are accessible over a network

Explanation:
“as a service” is used to describe cloud services running on remote hardware where those services are accessible over a network.

Question 17

Which benefit is directly derived from software defined networking?

A. protection of data at rest
B. facilitated cloud network configuration
C. improved web application performance
D. enhanced user sign in security

Answer 17

B. facilitated cloud network configuration

Explanation:
SDN allows cloud users to configure cloud based virtual network settings using a command line or GUI interface without requiring knowledge of how to configure vendor specific underlying network equipment

Question 18

What benefit is derived from peering cloud virtual networks together?

A. Transmissions are encrypted through an IPSec VPN tunnel
B. inter network transmissions a securely sent over the Internet
C. All devices on both peered networks get configured using a single subnet IP address range
D. transmissions between virtual networks occur over a backbone network, not the internet

Answer 18

D. transmissions between virtual networks occur over a backbone network, not the internet

Explanation:
Cloud virtual network peering uses the cloud provider backbone network which provides better performance than over the internet

Question 19

Which cloud security tool maps cloud security control specifications to security standards such as PCI DSS?

A. Cloud Controls Matrix (CCM)
B. Consensus Assessments Initiative Questionnaire (CAIQ)
C. Security Trust Assurance and Risk Registry (STAR)
D. General Data Protection Regulation (GDPR)

Answer 19

A. Cloud Controls Matrix (CCM)

Explanation:
The CCM is a free excel spreadsheet that can be downloaded from the CSA website. The CCM lists cloud security controls and maps them to a variety of regulations and security standards such as HIPAA and PCIDSS to name just a few

Question 20

Which mechanism can be used to determine cloud service provider compliance with the cloud controls matrix (CCM)?

A. Consensus Assessments Initiative Questionnaire (CAIQ)
B. General Data Protection Regulation (GDPR)
C. Security Trust Assurance and Risk (STAR) registry
D. Cloud Controls Matrix (CCM)

Answer 20

A. Consensus Assessments Initiative Questionnaire (CAIQ)

Explanation:
The CAIQ is a series of yes/no questions answered by a cloud service provider to determine if the provider is compliant with security controls listed in the CLoud Controls Matrix (CCM)

Question 21

You are assessing cloud service providers as part of your organizations cloud adoption strategy. Which centralized service list providers that have demonstrated their compliance with various security standards?

A. Cloud Controls Matrix (CCM)
B. General Data Protection Regulation (GDPR)
C. Security Trust Assurance and Risk (STAR)
Consensus Assessments Initiative Questionnaire (CAIQ)

Answer 21

C. Security Trust Assurance and Risk (STAR)

Explanation:
The STAR registry is a central repo of cloud service providers that have demonstrated their security posture. Potential cloud customers can query the STAR registry to view this compliance with security standards

Question 22

Your organization uses the cloud. For regulatory compliance reasions, you have been asked to identify cloud resource deployments that do not comply with organizational security standards

A. Create a security baseline and compare it to deploy cloud resources
B. Send a cloud security configuration questionnaire out to all cloud techs
C. Use Microsoft Group policy to deploy security configuration settings
D. View logs for cloud based HTTPS applications to identify security misconfiguration

Answer 22

A. Create a security baseline and compare it to deploy cloud resources

Explanation:
You can use a pre configured or custom security baseline that contains items that will be checked against cloud resources for compliance
`

Question 23

How is cloud storage replication related to data sovereignty?

A. Replicated cloud data is affected by the laws in effect where the data is physically stored
B. Replicated cloud data provides resiliency against disruptions in the primary region
C. Replicated cloud data is encrypted to provide protection for data at rest
D. Replicated cloud data is labeled to determine its sensitivity

Answer 23

A. Replicated cloud data is affected by the laws in effect where the data is physically stored

Explanation:
Replicating cloud data could potentially place the data in a different geographical region affected by different laws than the source region

Question 24

What layer do storage arrays and lifecycle policies support?

A. Data structure
B. Management
C. Metastructure
D. Infrastructure

Answer 24

A. Data structure

Explanation:
The data stricture layer focuses on how data is managed during the data lifecycle, and is supported by underlying mechanisms such as storage and lifecycle policies

Question 25

You need to ensure that production data is not used in a cloud test sandbox environment. Which top level CCM control domain applies to this situation?

A. Governance and Risk Management
B. Datacenter Security Asset Management
C. Encryption and Key Management
D. Data Security and Information Lifecycle Management

Answer 25

D. Data Security and Information Lifecycle Management

Explanation:
Making sure that production data is not used in testing environments relates to data security and information lifecycle management

Question 26

Which term identifies authentication toke assertions made by an identity provider?

A. Role
B. SSO
C. Claim
D. SAML

Answer 26

C. Claim

Explanation:
Claims are assertions about users or devices and are issued by a trusted identity provider. Example include user email address, data of birth, department and so on

Question 27

Which strategy produces secure, high quality IT solutions in a timely fashion?

A. CI/CD
B. TLS
C. SAML
D. IPsec

Answer 27

A. CI/CD

Explanation:
Continuous Integration and continuous deployment (CI/CD) integrated software development, deployment and management which results in secure solutions that can be delivered quickly

Question 28

To which logical cloud computing model layer does cloud replication apply to?

A. Metastructure
B. Infostructure
C. Infrastructure
D. Applistructure

Answer 28

B. Infostructure

Explanation:
The Info structure layer deals with cloud based data including replication and data security including encryption

Question 29

Why do application containers have a very fast startup time?

A. The OS is already running
B. The container artifacts are already cached
C. The OS is compressed within the container
D.

Answer 29

A. The OS is already running

Question 30

Which term describes a dependency on cloud provider services or file formats?

A. Hybrid cloud
B. Vendor lock in
C. SLA
D. Cloud Migration

Answer 30

B. Vendor lock in

Explanation:
Vendor lock-in refers to CSP proprietary software or file formats that make it difficult to transition to a different CSP.