CCSK Sample Questions Answers

A defining set of rules composed of claims and attributes of the entities in a transaction, which is used to determine their level of access to cloud-based resources is called what?

CCM: The Architectural Relevance column in the CCM indicates the applicability of the cloud security control to which of the following elements?

For third-party audits or attestations, what is critical for providers to publish and customers to evaluate?

CCM: In the CCM tool, ais a measure that modifies risk and includes any process, policy, device, practice or any other actions which modify risk.

Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?

What factors should you understand about the data specifically due to legal, regulatory, and jurisdictional factors?

A security failure at the root network of a cloud provider will not compromise the security of all customers because of multitenancy configuration.

APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

What of the following is NOT an essential characteristic of cloud computing?

Audits should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. They should also use what type of auditors?

Which concept provides the abstraction needed for resource pools?

Dynamic Application Security Testing (DAST) might be limited or require pre-testing permission from the provider.

ENISA: A reason for risk concerns of a cloud provider being acquired is: