CCSK Module 6 Unit 7 Answers – CCSK Final Exam Prep

CCSK Module 6 Unit 7 Answers – CCSK Final Exam Prep Full 100% 2023 2024

This is CCSK Module 6 Unit 7 Answers – CCSK Final Exam Prep Cisco NetAcad in 2023 2024. Our expert team has verified questions and answers with clear explanations to get a full score of 100%. You can review all these questions before taking the exam.

  1. In which service model does the cloud consumer have the least amount of control over security?

    • Platform as a Service
    • Infrastructure as a Service
    • Software as a Service
    • Security as a Server

  2. Which of the following resource pools in not associated with IaaS:

    • Network
    • Compute
    • Middleware
    • Storage

  3. Cloud changes compliance. Select the statement that is incorrect:

    • The cloud provider is ultimately responsible for their customer’s compliance
    • There may be a greater reliance on third party audits
    • There are large variations between the compliance capabilities of different cloud providers
    • Metastructure/management may span jurisdictions even if data is localized

  4. Click and drag the phases of the lifecycle to the correct order.

    CCSK Module 6 Unit 7 Answers – CCSK Final Exam Prep 002
    CCSK Module 6 Unit 7 Answers – CCSK Final Exam Prep 002

  5. Which of the following options encrypts data before you transfer it to object storage:

    • Client-side encryption
    • Externally managed encryption
    • Applications encryption
    • Server-side encryption

  6. Identify the core security benefit of immutable:

    • It fully isolates developers from productions environment
    • All security updates are automatically applied
    • There are no manual changes, so everything is consistent and administrative access can be disabled.
    • It fully isolates operations from productions environments

  7. When using provider managed encryption you are always sharing the same keys with other tenants.

    • True
    • False

  8. Which of the following cloud data storage types can be described as “a database for files”:

    • Object storage
    • Database storage
    • Platform storage
    • Volume storage

  9. Click here to drag the version control repository and the continuous integration server to the correct locations.

    CCSK Module 6 Unit 7 Answers – CCSK Final Exam Prep 001
    CCSK Module 6 Unit 7 Answers – CCSK Final Exam Prep 001

  10. Select the cloud workload security options that can most improve overall security and reduce attack surface:

    • Use immutable as much as possible
    • Select cloud aware host security agents
    • Store logs external to instances
    • Leverage existing/traditional vulnerability assessment tools

  11. What is the purpose of a data localization law?

    • To require service providers to register with the country’s data protection commission
    • To require company to hire only local workers
    • To require that data about the country’s citizens be stored in the country
    • To require that all business documents be in the country’s official language

  12. How should the data security lifecycle be used?

    • To create granular documentation for all data sensitive or not, in the cloud.
    • To create granular documentation for all sensitive data in the cloud.
    • As a lightweight tool to better understand data flow and potential vs. desired data usage.
    • To replace existing data security architectures.

  13. Which option allows you to use an existing build for key management without replicating everything in the cloud?

    • HSM/Appliance
    • Hybrid
    • Virtual Appliance
    • Third-party Service

  14. Where can cloud providers publish their CAIQ and other security/compliance documents to help cloud prospects and customers assess the provider’s current security posture?

    • Google
    • The Security, Trust and Assurance Registry (STAR)
    • The United States Federal Register of Cloud Providers
    • The AWS marketplace

  15. Which CSA tool allows you to quickly search a providers assessment for controls that map to regulations you care about and see the responses to those controls?

    • CAIQ
    • CCM
    • STAR
    • STARWatch

  16. The most effective way for an attacker to compromise a security group is to compromise the host/virtual machine and then modify the rules.

    • True
    • False

  17. Which of the following is correct?:

    • GDPR Stands for “Government Data Privacy Rule”.
    • GDPR Establishes fines of $1,000 per credit card number compromised
    • GDPR prohibits the transfer of personal data outside the EU or EEA to a country that does not offer a similar privacy rights
    • GDPR requires that EU member state’s national laws impose network requirements on operators of essential services.

  18. All cloud data is eventually stored on a physical device, like a hard drive.

    • True
    • False

  19. If an organization uses a Community Cloud Deployment Model, some portion of the physical infrastructure MUST be on-premises with one of the community members.

    • True
    • False

  20. What is the purpose of a bastion network/transit VPC?

    • To better support multiple virtual networks and accounts in hybrid scenarios
    • To better lock down a hybrid cloud
    • To create a cloud DMZ
    • To improve internal routing and IP address space availability

  21. Specific testing techniques are tightly aligned and should only be performed during their designated phase in the secure software development process:

    1. True
    2. False

  22. In a hub and spoke model, which technology mediates between directory servers/identify providers and the service providers/relying parties:

    • Directory servers
    • Attribute Services
    • CASB
    • Federated identity brokkers

  23. Select a technique to manage continuity within the cloud provider.

    • Cross-location/region design
    • Multi-cloud provider plans
    • Hybrid cloud backup
    • Data portability

  24. In a postmortem what would be your highest priority to review and remediate if was a blocker in your incident response?

    • Communications with the cloud provider
    • Container vulnerabilities
    • Operating system vulnerabilities
    • Internal communicatins

  25. Which key management option should you select if you are dealing with highly sensitive data that you don’t want your provider to potentially access under any circumstances:

    • Virtual appliance
    • HSM/hybrid
    • BYOK
    • 3rd party key management service

  26. Which technology is generally required to build resource pools?

    • Virtualization
    • VLANs
    • The Internet
    • CPUs and memory

  27. If a business is located outside the European Union it does not have to comply with the privacy laws of the European Union

    • True
    • False

  28. Cloud consumers are ultimately responsible for understanding the legal implications of using a particular cloud provider and service.

    • True
    • False

  29. In which service model does the cloud consumer have to rely most on what is in the contract and documented to enforce and manage security?

    • PaaS
    • SaaS
    • Hybrid
    • IaaS

  30. What is the single most important rule for cloud BCP/DR?

    • Use object storage for backups
    • Snapshot regularly
    • Architect for failure
    • Use multiple cloud providers

  31. What is critical when evaluating a cloud service within your risk management program?

    • Accounting for the context of the information assets involved
    • Minimizing regional harm
    • Eliminating all outsourcing risk
    • Ensuring the provider’s security program supports your existing on-premise tools

  32. Which of the following is the most effective security barrier to contain blast radius?

    • Virtual subnet (with or without ACLs)
    • Cloud account/project/subscription
    • Virtual network
    • Security group
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments