CCSK Linked Flashcards
Ongoing monthly cloud costs are referred to as:
A. IaaS
B. OPEX
C. CaaS
D. CAPEX
B. OPEX
Explanation:
Ongoing monthly cloud charges are operating expenditures, or OPEX
What physical server role hosts virtual machine guests?
A. directory server
B. hypervisor server
C. file server
D. SMTP server
B. hypervisor server
Explanation:
A hypervisor host runs virtual machine guests.
You have manually deployed a cloud based virtual machine.
Which of the following is your responsibility?
A. virtual machine OS updates
B. firmware updates to storage hardware
C. hypervisor host high availability
D. cloud tenant isolation
A. virtual machine OS updates
Explanation:
Applying OS updates to a cloud based virtual machine deployed manually by the cloud customer is the responsible of the cloud customer
Which of the following would normally be present in a cloud service SLA?
A. encryption settings
B. monthly pricing of the cloud service
C. guaranteed uptime
D. cloud subscription payment details
C. guaranteed uptime
Explanation:
SLAs are contracts between a cloud provider and customer detailing items such as guaranteed uptime for a particular cloud service
Which term is synonymous with cloud computing measured services?
A. right sizing
B. SLA
C. autoscaling
D. metered usage
D. metered usage
Explanation:
Metered usage refers to cloud service usage tracking and billing
How is cloud reserved instance pricing applied?
A. virtual machine attributes
B. new virtual machines only
C. virtual machine clusters of 2 or more
D. existing virtual machines only
A. virtual machine attributes
Explanation:
Reserved instance configuration settings are matched against existing and future virtual machines. When there is a match, reserved instance pricing is applied to the virtual machine
You have configured a cloud application such that virtual machines are added when the average CPU utilization exceeds 90 percent. Which term best describes this scenario?
A. scaling in
B. autoscaling
C. SaaS
D. XaaS
B. autoscaling
Explanation:
Autoscaling configurations allow the addition and removal of virtual machines in response to application demand
On demand cloud service provisioning means submitting tickets to deploy resources
A. False
B. True
A. False
Explanation:
On demand means the cloud customer can provision or deprovision cloud resources at any time
Broad network access for cloud services applies to private networks
A. True
B. False
A. True
Explanation:
Private clouds are owned and used by a single organization. Private clouds adhere to all cloud characteristics including broad network access
Cloud provider pooled storage makes which type of cloud service model available to cloud customers?
A. PaaS
B. SaaS
C. XaaS
D. IaaS
D. IaaS
Explanation:
Cloud based storage is referred to as IaaS
What is a disadcantage to using a private cloud?
A. OPEX
B. CAPEX
C. less security than a public cloud
D. lack of configuration control
B. CAPEX
Explanation:
How do public and private cloud differ?
A. Public clouds are not related to OPEX
B. Public clouds are available to everyone, private clouds are used by a single organization.
C. Private clouds are available to everyone, public clouds are used by single organization
D. Private clouds are not related to CAPEX
B. Public clouds are available to everyone, private clouds are used by a single organization.
Explanation:
Anybody can potentially access a public cloud which might require creating an account. Private clouds are accessible to only a single organization
Which type of limited access cloud applies to groups of cloud customers with similar IT needs?
A. hybrid
B. community
C. private
D. public
B. community
Explanation
Community clouds are designed for groups with similar IT needs such as government agencies or specific industries such as health care
What type of network connectivity is commonly used with hybrid clouds?
A. site to site VPN
B. client to site VPN
C. intranet
D. VLAN
A. site to site VPN
Explanation:
Site to Site VPNs provide an encrypted tunnel linking networks together, such as linking a private cloud to a public cloud
Which cloud service is considered to be PaaS?
A. managed database
B. virtual machine
C. storage
D. end user productivity software
A. managed database
Explanation:
Managed databases are PaaS. Deployment and management of the underlying virtual machines and database software is the responsibility of the cloud provider
Which characteristic defines as a service?
A. on demand
B. IT services running on hardware in a remote location where those services are accessible over a network
C. metered usage
D. IT services running on local hosts where the services are being used
B. IT services running on hardware in a remote location where those services are accessible over a network
Explanation:
“as a service” is used to describe cloud services running on remote hardware where those services are accessible over a network.
Which benefit is directly derived from software defined networking?
A. protection of data at rest
B. facilitated cloud network configuration
C. improved web application performance
D. enhanced user sign in security
B. facilitated cloud network configuration
Explanation:
SDN allows cloud users to configure cloud based virtual network settings using a command line or GUI interface without requiring knowledge of how to configure vendor specific underlying network equipment
What benefit is derived from peering cloud virtual networks together?
A. Transmissions are encrypted through an IPSec VPN tunnel
B. inter network transmissions a securely sent over the Internet
C. All devices on both peered networks get configured using a single subnet IP address range
D. transmissions between virtual networks occur over a backbone network, not the internet
D. transmissions between virtual networks occur over a backbone network, not the internet
Explanation:
Cloud virtual network peering uses the cloud provider backbone network which provides better performance than over the internet
Which cloud security tool maps cloud security control specifications to security standards such as PCI DSS?
A. Cloud Controls Matrix (CCM)
B. Consensus Assessments Initiative Questionnaire (CAIQ)
C. Security Trust Assurance and Risk Registry (STAR)
D. General Data Protection Regulation (GDPR)
A. Cloud Controls Matrix (CCM)
Explanation:
The CCM is a free excel spreadsheet that can be downloaded from the CSA website. The CCM lists cloud security controls and maps them to a variety of regulations and security standards such as HIPAA and PCIDSS to name just a few
Which mechanism can be used to determine cloud service provider compliance with the cloud controls matrix (CCM)?
A. Consensus Assessments Initiative Questionnaire (CAIQ)
B. General Data Protection Regulation (GDPR)
C. Security Trust Assurance and Risk (STAR) registry
D. Cloud Controls Matrix (CCM)
A. Consensus Assessments Initiative Questionnaire (CAIQ)
Explanation:
The CAIQ is a series of yes/no questions answered by a cloud service provider to determine if the provider is compliant with security controls listed in the CLoud Controls Matrix (CCM)
You are assessing cloud service providers as part of your organizations cloud adoption strategy. Which centralized service list providers that have demonstrated their compliance with various security standards?
A. Cloud Controls Matrix (CCM)
B. General Data Protection Regulation (GDPR)
C. Security Trust Assurance and Risk (STAR)
Consensus Assessments Initiative Questionnaire (CAIQ)
C. Security Trust Assurance and Risk (STAR)
Explanation:
The STAR registry is a central repo of cloud service providers that have demonstrated their security posture. Potential cloud customers can query the STAR registry to view this compliance with security standards
Your organization uses the cloud. For regulatory compliance reasions, you have been asked to identify cloud resource deployments that do not comply with organizational security standards
A. Create a security baseline and compare it to deploy cloud resources
B. Send a cloud security configuration questionnaire out to all cloud techs
C. Use Microsoft Group policy to deploy security configuration settings
D. View logs for cloud based HTTPS applications to identify security misconfiguration
A. Create a security baseline and compare it to deploy cloud resources
Explanation:
You can use a pre configured or custom security baseline that contains items that will be checked against cloud resources for compliance
`
How is cloud storage replication related to data sovereignty?
A. Replicated cloud data is affected by the laws in effect where the data is physically stored
B. Replicated cloud data provides resiliency against disruptions in the primary region
C. Replicated cloud data is encrypted to provide protection for data at rest
D. Replicated cloud data is labeled to determine its sensitivity
A. Replicated cloud data is affected by the laws in effect where the data is physically stored
Explanation:
Replicating cloud data could potentially place the data in a different geographical region affected by different laws than the source region
What layer do storage arrays and lifecycle policies support?
A. Data structure
B. Management
C. Metastructure
D. Infrastructure
A. Data structure
Explanation:
The data stricture layer focuses on how data is managed during the data lifecycle, and is supported by underlying mechanisms such as storage and lifecycle policies
