ccsk mock exam V2.1


ccsk mock exam V2.1

1. A key element of the \A. Asset


B. Crypto-shredding (对应destory)

C. Classify

D. Application Security E. Rights Management 2. In incident

response, which of the following cloud provider

technology implementation can impede investigations?

A. Choice of firewall system

B. SecurityInformation Event Management

(SIEM) tools

c. Proprietary log formats

D. Encrypted custome r data

E. Virtualizati on environment snapshots

3. What capabilities can a cloud pavider delive r to suppo rt offline analysis

of potential incidents?

A. Encrypted customer data B. VPN capabilities

C. Defense in depth strategies

D. Snapshots of customer's entire virtual environment E. Regular audits stipulated in service level agreement

4. An important consideration when performing a remote vulnerability

test of a cloud-based application is to

A. Schedule vulne rability test at night B. Obtain contractual permission for test

C. Use application layer testing tools exclusively

D. Use network layer testing tools exclusively

E. Use techniques to evade cloud provider's detection systems 5. What is benefit of federation of identity in a Cloud environment? A. Enabling allied enterprises to authenticate, provide single or reduced


B. Provides granula r a pplication entitlements

C. Simplifies the secure and timely management of on-boa rding (provisioning) and off-boarding(dep rovisioning) of

userS in the cloud

D. Allows

transmission of user information from a Policy

Information Point (PIP) to a Policy Decision Point (PDP)

E. Enforces the policy decision at the Policy Enforcement Point (PEP)

6. prominent recommended standards to enable federation of identity in

cloud environments include

A. OpenlD B. Kerberos

C. SAML and WS-Fede ration D. X.509 E. 550

7. A key element of the \ A. Classify B. Rights


C. Application 5ecu rity

D. Encryption E. Crypto-Shredding

8. A cloud deployment of two or more unique clouds is known as: A. Infrastructures as a 5ervice B. A Community Cloud

C. A Hybrid Cloud

D. A Private Cloud

E. Jericho Cloud Cube Model

9. ENl5A: because it is practically impossible to process data in encrypted

form, customers should have the following expectation of cloud providers:


Provider shot」 Id always manage custome r encryption keys with

hardware security module (H5M) storage

B. Provider should immediately notify customer wheneve r data is in

plaintext form

C. Provider should be PCI compliant

D. provider must be highly trustworthy and have compensating controls to

protect custome r data when it is in plaintext form

E. Homomorphic encryption should be implemented where necessa rV

10. How can key management be leveraged to prevent cloud providers from inappropriately accessing customer data?

A. Use strong multi-factor authentication B. Segregate keys from the provider hosting data

C. Stipulate enc ryption in contract language

D. 5ecure backup processes for key management systems E. Select cloud providers within the same country as customer

11.Which of the following is a consideration specific to the migration of

virtual machine systems to new cloud providers?

A. Loss of hypervisor access

B. Use of industry accepted VM hardening guidelines

C. Understanding what tools are provided for secure data transfer D. Traffic filtering on VM bac kpla ne or Enterprise Services Bus (ESB)

E: Identification of provider-specific exte『isions to virtual machine environment

12.How must performance monitoring of Providers and testing for

vulnerabilities be handled in a client-provider relationship?

A. As long as the Provider does not suffer a breach, it does not have to

provide customers with visibility into vulnerability scan results

B. providers who obtain \scan results in regular periodic testing

enjoy a limited ”Safe

Harbor\liability associated with a breach.

C. The cloud services provider must contractually supply results of periodic scan and vulne rability testing to the customer

D. The cloud services agreement must allow the cloud services client Or

designated third party to test for vulnerabilities in the system.

E. The

custome r must define acceptable levels of performance that providers must meet

14. ENISA: Which of the following is among the vulnerabilities contributing

to a high risk ranking for Network Management?

A. User provisioning vulnerabilities B. AAA vulne rabilities

C. Hypervisor vu Inera bilities

D. Inadequate physical security procedures E. System

or 0/s vulnerabilities

15. . The key portability objective(s) for lnfrastructure as a Service ( laaS) is/are A. preserving snapshots of virtual machine images

B. Migration of custom written applications and achieving a successful data


C. Achieving a successful data migration only

D. Migration of custom written applications only

E. Getting new cloud provider to abso rb costs of transition

16. EN ISA: Which is not one of the ive key legal issues common across all


A. data protection B. globalization

五星文库wxphp.com包含总结汇报、旅游景点、专业文献、IT计算机、考试资料、应用文书、资格考试、教学教材、党团工作以及ccsk mock exam V2.1等内容。