Domain 1: Cloud Computing Concepts and Architectures

Question 1

Alice runs a small software development company, and wants to use a cloud environment to install, test, and modify applications across a number of operating systems (OSs). Which cloud service model is probably best for her purposes?
A. IaaS
B. PaaS
C. SaaS
D. Grimbo

Answer 1

B. PaaS

Question 2

You are the security officer for a small business that stores medical records for wealthy celebrities; your clients pay premium prices for the highest possible security. Your company is considering moving from a traditional, on-premise data center to the cloud. Senior management has asked for your recommendation on which cloud deployment model to use. You recommend:
A. public cloud
B. private cloud
C. community cloud
D. hybrid cloud

Answer 2

B. private cloud

Question 3

In an IaaS model, which party is responsible for ensuring that the operating system (OS) on the guest virtual machine (VM) is configured, maintained, and patched properly?
A. cloud provider
B. regulator
C. auditor
D. cloud customer

Answer 3

D. cloud customer

Question 4

Which of the following terms is not used to describe cloud computing, in either the ISO or NIST definitions?
A. elastic
B. shared resources
C. frangible
D. self-service

Answer 4

A. elastic
B. shared resources

Question 5

Which of the following practices distinguishes cloud computing from a traditional environment?
A. virtualization
B. monetization
C. abstraction
D. orchestration

Answer 5

D. orchestration

Question 6

Which of the following elements distinguishes cloud computing from a traditional environment?
A. multitenancy
B. heuristics
C. planning
D. resiliency

Answer 6

A. multitenancy

Question 7

Which of the following elements is typically not an element of cloud computing?
A. multitenancy
B. isolation
C. segregation
D. subsidization

Answer 7

D. subsidization

Question 8

Which of the following is not a typical cloud deployment model, as defined by NIST and ISO?
A. hybrid
B. community
C. private
D. isolated

Answer 8

D. isolated

Question 9

According to the Cloud Security Alliance, most modern APIs (application programming interfaces) use __________.
A. electricity
B. native architecture
C. REST (representational state transfer)
D. FTP (file transfer protocol)

Answer 9

C. REST (representational state transfer)

Question 10

Which element of the CSA cloud logical model includes the data in file storage?
A. applistructure
B. infostructure
C. metastructure
D. infrastructure

Answer 10

B. infostructure

Question 11

Which element of the CSA cloud logical model defines the difference between cloud and traditional computing?
A. applistructure
B. infostructure
C. metastructure
D. infrastructure

Answer 11

B. infostructure

Question 12

Which of the following is not a cloud security model recommended by the Cloud Security Alliance (CSA)?
A. NIST SP (National Institute of Standards and Technology Special Publication) 500-299 Cloud Computing Security Reference Architecture
B. CSA Enterprise Architecture
C. Nebulous Consolidated Framework (NCF)
D. ISO/IEC (International Standards Organization/International Electrotechnical Commission) 27017 Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

Answer 12

C. Nebulous Consolidated Framework (NCF)

Question 13

According to the cloud computing shared responsibility model, who is responsible for the security of the hardware in an SaaS environment?
A. The cloud provider
B. The cloud customer
C. The regulator
D. The auditor

Answer 13

A. The cloud provider

Question 14

Which of the following are tools provided by the CSA to help both cloud providers and cloud customer meet regulatory compliance requirements? Choose all that apply.
A. The Cloud Controls Matrix (CCM)
B. The Consensus Assessments Initiative Questionnaire (CAIQ)
C. The Diffie-Hellman algorithm
D. The Artichoke Incorporation Model

Answer 14

A. The Cloud Controls Matrix (CCM)

Question 15

Put the following cloud security process steps in the correct order:
A. Identify control gaps.
B. Identify necessary security and compliance requirements, and any existing controls.
C. Define the architecture.
D. Manage changes over time.
E. Select your cloud provider, service, and deployment models.
F. Design and implement controls to fill the gaps.
G. Assess the security controls.

Answer 15

B,E,C,G,A,F,D

Question 16

The Cloud Security Alliance (CSA) Security Guidance v4 contains 14 domains. The two major categories of domains are [choose two]:
A. operations
B. governance
C. maintenance
D. technology

Answer 16

A. operations
B. governance

Question 17

Which of the following is not a critical focus area in the domains of the Cloud Security Alliance (CSA) Security Guidance v4?
A. Governance and enterprise risk management
B. Legal issues: contracts and electronic discovery
C. Continuous monitoring and observation
D. Compliance and audit management

Answer 17

C. Continuous monitoring and observation

Question 18

Which of the following is not a critical focus area in the domains of the Cloud Security Alliance (CSA) Security Guidance v4?
A. Infrastructure security
B. Malleable formations
C. Virtualization and containers
D. Related technologies

Answer 18

B. Malleable formations

Question 19

Which of the following tools can be used to evaluate various cloud service providers?
A. Sarbanes-Oxley (SOX)
B. General Data Protection Regulation (GDPR)
C. Consensus Assessments Initiative Questionnaire (CAIQ)
D. The STRIDE model

Answer 19

C. Consensus Assessments Initiative Questionnaire (CAIQ)

Question 20

According to the Cloud Security Alliance (CSA) Security Guidance v4, it is important for the CCSK candidate to understand how __________ and __________ impact security [choose two].
A. financing
B. abstraction
C. technology
D. automation

Answer 20

B. abstraction
D. automation

Question 21

A cloud provider offering database services is most likely utilizing the __________ service model.
A. IaaS
B. PaaS
C. SaaS
D. Las

Answer 21

B. PaaS

Question 22

According to the Cloud Security Alliance (CSA) Security Guidance v4, if an attacker gets access to your __________, they could acquire full remote access to your cloud enterprise.
A. cloud management plane
B. endpoint device
C. username list
D. hashed password file

Answer 22

A. cloud management plane

Question 23

The NIST (National Institute of Standards and Technology) definition of cloud computing includes __________ essential characteristics, __________ service models, and __________ deployment models.
A. 5, 3, 4
B. 6, 2, 4
C. 5, 5, 5
D. 3, 4, 2
E. 6, 4, 3
F. 4, 5, 4

Answer 23

A. 5, 3, 4

Question 24

According to the Cloud Security Alliance (CSA) Security Guidance v4, in a multitenant environment, customers should be __________ and __________ from each other [choose two].
A. isolated
B. insulated
C. constrained
D. segregated
E. invoiced
F. allocated

Answer 24

A. isolated
D. segregated

Question 25

According to the Cloud Security Alliance (CSA) Security Guidance v4, what’s the most important security consideration for any cloud project?
A. knowing who is responsible for what
B. personal privacy
C. physical protection of the underlying architecture
D. preventing electronic surveillance

Answer 25

A. knowing who is responsible for what