Scribd
Upload
1K views

9.1 - CCSK Sample Questions

This document provides sample questions from the CCSK exam that cover 14 domains of cloud security knowledge. The questions are open-ended and test an examinee's depth of knowledge on each domain. Some of the domains covered include cloud architecture, governance, compliance, data security, encryption, identity access management, and more. Studying the CCSK body of knowledge will help answer these types of questions on the actual multiple choice exam.

Uploaded by

Cristian Ezequiel Ibiri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views

9.1 - CCSK Sample Questions

This document provides sample questions from the CCSK exam that cover 14 domains of cloud security knowledge. The questions are open-ended and test an examinee's depth of knowledge on each domain. Some of the domains covered include cloud architecture, governance, compliance, data security, encryption, identity access management, and more. Studying the CCSK body of knowledge will help answer these types of questions on the actual multiple choice exam.

Uploaded by

Cristian Ezequiel Ibiri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Sample CCSK questions

These sample questions are taken from the CSA


website
They are open questions, whereas the exam has
multiple choice questions
However, they are representative of the depth
of knowledge that you should have
Answers to the questions

As you read through and study the body of


knowledge, you will find out that you will be
able to answer these questions
Domain 1.
Cloud Architecture

Sample question: What are the five essential


characteristics of cloud computing?
Domain 2. Governance and Enterprise
risk

Sample question: The level of attention and


scrutiny paid to enterprise risk assessments
should be directly related to what?
Domain 3.
Legal and Electronic Discovery

Sample question: In the majority of data


protection laws, when the data is transferred to
a third party custodian, who is ultimately
responsible for the security of the data?
Domain 4.
Compliance and Audit

Sample question: What is the most important


reason for knowing where the cloud service
provider will host the data?
Domain 5. Information Management
and data security

Sample question: What are the six phases of the


data security lifecycle?
Domain 6.
Portability and Interoperability

Sample question: Why is the size of data sets a


consideration in portability between cloud
service providers?
Domain 7.
Traditional Security, BCM, D/R

Sample question: What are the four D's of


perimeter security?
Domain 8.
Data Center Operations
Sample question: In which type of environment
is it impractical to allow the customer to conduct
their own audit, making it important that the
data center operators are required to provide
auditing for the customers?
Domain 9.
Incident Response

Sample question: What measures could be taken


by the cloud service provider (CSP) that might
reduce the occurrence of application level
incidents?
Domain 10.
Application Security

Sample question: how should an SDLC be


modified to address application security in a
Cloud Computing environment?
Domain 11.
Encryption and Key Management

Sample question: what is the most significant


reason that customers are advised to maintain
in-house key management?
Domain 12.
Identity and Access Management

Sample question: What two types of information


will cause additional regulatory issues for all
organizations if held as an aspect of an Identity?
Domain 13.
Virtualization

Sample question: Why do blind spots occur in a


virtualized environment, where network-based
security controls may not be able to monitor
certain types of traffic?
Domain 14.
Security as a Service

Sample question: When deploying Security as a


Service in a highly regulated industry or
environment, what should both parties agree on
in advance and include in the SLA?
ENISA Document

Sample question: Economic Denial of Service


(EDOS), refers to..

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy