CSA-CCSK

What makes the metastructure layer of cloud computing so different from traditional computing?

While a virtual machine is a full abstraction of an operating system, a container is a constrained place to run segregated processes while still using the kernel and other OS capabilities.

Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?

What are the main considerations for key management?

A key element of the "Destroy" phase of the Data Security Lifecycle is:

All cloud services utilize virtualization technologies.

Which of the following is NOT a cloud computing characteristic that impacts incidence response?

How can web security as a service be deployed for a cloud consumer?

When configured properly, logs can track every code, infrastructure, and configuration change and connect it back to the submitter and approver, including the test results.

What of the following is NOT an essential characteristic of cloud computing?

For third-party audits or attestations, what is critical for providers to publish and customers to evaluate?

When mapping functions to lifecycle phases, which functions are required to successfully process data?

When designing an encryption system, you should start with a threat model.

Which of the following is one of the five essential characteristics of cloud computing as defined by NIST?

What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?

Which statement best describes why it is important to know how data is being accessed?

What is resource pooling?

Your SLA with your cloud provider ensures continuity for all services.

Which of the following is NOT normally a method for detecting and preventing data migration into the cloud?

In which type of environment is it impractical to allow the customer to conduct their own audit, making it important that the data center operators are required to provide auditing for the customers?

Which deployment model is commonly used to describe a non-cloud data center bridged directly to a cloud provider?

What is a core tenant of risk management?

Cloud applications can use virtual networks and other structures, for hyper-segregated environments.

Why do blind spots occur in a virtualized environment, where network-based security controls may not be able to monitor certain types of traffic?

When associating the functions to an actor, what is used to restrict a list of possible actions dowr to allowed actions?

Which tool is the primary tool between the cloud provider and consumer that extends governance into business partners and providers?

ENISA: Because it is practically impossible to process data in encrypted form, customers should have the following expectation of cloud providers:

Which statement best describes the options for PaaS encryption?

What can be implemented to help with account granularity and limit blast radius with IaaS an PaaS?

Which of the following statements best defines the "authentication" component of identity, entitlement, and access management (IdEA).