Section 3: Certificate of Cloud Security Knowledge (CCSK) V4 (Anthony Sequeira)

Question 1

Which of the following is considered a valid security benefit that derives from SDN adoption?

A.Increase in CapEx compared to OpEx
B.Virtual networks make isolation easier
C.Access to network hardware is always direct
D.There is no longer a need for specialized operational staff members

Answer 1

B.Virtual networks make isolation easier

Question 2

Virtual appliances can present challenges in cloud networks today. Which of the following is not a valid consideration in this regard?

A.There is a high velocity of change
B.They should offer support for auto-scaling in rapid elastic environments
C.They may increase costs and performance requirements
D.Cloud components tend to be centralized which makes them more difficult to manage

Answer 2

D.Cloud components tend to be centralized which makes them more difficult to manage

Question 3

Since REST APIs function with HTTP, what is a simple method of encrypting these calls over the Internet?

A.Use IPsec VPNs
B.Use HTTPS
C.Use SAML
D.Use 802.1x

Answer 3

B.Use HTTPS

Question 4

When using the IAM system of a cloud provider, what is a common security best practice you should use?

A.Always restrict admin privileges of any kind to the root account
B.Avoid the use of groups if at all possible
C.Use the concept of least privilege
D.Be sure to add user accounts to groups, which then should be added to roles

Answer 4

C.Use the concept of least privilege