Get Oct-2022 updated CCSK Certification Exam Sample Questions [Q27-Q42]

Share

Get Oct-2022 updated CCSK Certification Exam Sample Questions

CCSK Study Guide Cover to Cover as Literally

NEW QUESTION 27
Stopping a function to control further risk to business is called:

  • A. Acceptance
  • B. Transference
  • C. Avoidance
  • D. Mitigation

Answer: C

Explanation:
Risk avoidance is the practice of coming up with alternatives so that the risk in question is not realised.

 

NEW QUESTION 28
Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub.

  • A. False
  • B. True

Answer: B

Explanation:
This is true. Credentials and cryptographic keys must not be embedded in source code or distributed in public facing repositories such as GitHub, because there is a significant chance of discovery and misuse.
Keys need to be appropriately secured and a well- secured public key infrastructure (PKI) is needed to ensure key-management activities are carried out.

 

NEW QUESTION 29
Which of the following are key Data functions?

  • A. Access, Process & Save
  • B. Access, Procure & Store
  • C. Access, Process & Store
  • D. Access, Procure & Save

Answer: C

Explanation:
The key data functions are Access, process & Store

 

NEW QUESTION 30
Which of the following Standards define "Application Security Management Process" (ASMP)?

  • A. ISO 27032-1
  • B. ISO 27038-1
  • C. ISO 27034-1
  • D. ISO 27036-1

Answer: C

Explanation:
The International Organization for Standardization(ISO) has developed and published ISO/ IECN27034-1,
"Information Technology, eSecurity Techniques, eApplication Security, IS0/ IEC27034-1 defines concepts, frameworks, and processes to help organizations integrate security within their software development lifecycle.

 

NEW QUESTION 31
Which of the following can result in vendor lock-in?

  • A. Proprietary data formats
  • B. technology
  • C. Favourable contract in favour of customer
  • D. Large datasets

Answer: A

Explanation:
Proprietary data formats should be avoided. This can result in vendor lock-in.

 

NEW QUESTION 32
Which of the following is also knows as white-box test and can be used to find XSS errors, SQL injection.
buffer overflows. unhandled error conditions. and potential backdoors?

  • A. Threat Modelling
  • B. Static Application Security Testing(SAST)
  • C. Dynamic Application Security Testing(DAST)
  • D. Static Application Security Testing(SAST)

Answer: D

Explanation:
Static application security testing(SAST) is generally considered a white-box test, where the application test performs an analysis of the application source code, byte code, and binaries without executing the application code. SAST is used to determine coding errors and omissions that are indicative of security vulnerabilities. SAST is often used as a test method while the tool is under development(early in the development lifecycle).
SAST can be used to find XSS errors, SQL injection, buffer overflows, unhandled error conditions, and potential backdoors.

 

NEW QUESTION 33
Which one is NOT considered as one of the building blocks of the cloud computing?

  • A. Networking
  • B. Clock
  • C. CPU
  • D. RAM

Answer: B

Explanation:
The question is asking for an exception by using "NOT"
The building blocks of cloud computing are composed of random access memory (RAM), the central processing unit(CPU), storage, and networking.

 

NEW QUESTION 34
Which of the following establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment?

  • A. IS0 27032
  • B. IS0 27034
  • C. IS0 27017
  • D. IS0 27018

Answer: D

Explanation:
IS0/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information(PII) in accordance with the privacy principles in IS0/IEC 29100 for the public cloud computing environment.

 

NEW QUESTION 35
Which of the following is NOT a component of Software Defined Perimeter as defined by Cloud Security Alliance Working group on SDP?

  • A. SDP Gateway
  • B. SDP Host
  • C. SDP Client
  • D. SDP Controller

Answer: B

Explanation:
The CSA Software Defined Perimeter Working Group has developed a model and specification that combines device and user authentication to dynamically provision network access to resources and enhance security. SDP includes three components:
An SDP client on the connecting asset (e.g. a laptop).
* The SDP controller for authenticating and authorizing SDP clients and configuring the connections to SDP gateways.
* The SDP gateway for terminating SDP client network traffic and enforcing policies in communication with the SDP controller. Reference: CSA Security GuidelinesV.4(reproduced here for the educational purpose)

 

NEW QUESTION 36
The granting of right to access to a user. program or process. is called:

  • A. Entitlement
  • B. Authorization
  • C. RBAC
  • D. Authentication

Answer: B

Explanation:
Authorization is the process of granting of right to access to a user, program or process. It should not be confused with Authentication.

 

NEW QUESTION 37
Who is responsible for infrastructure Security in Software as a Service(SaaS) service model?

  • A. Cloud Customer
  • B. Cloud Carrier
  • C. It's a shared responsibility between Cloud Service Provider and Cloud Customer
  • D. Cloud Service Provider

Answer: D

Explanation:
Cloud service Provider is responsible for infrastructure in Software as a service(SaaS) service Model

 

NEW QUESTION 38
Which of the followinglS0 Standard provides Code of practice for information security controls based on IS0/IEC 27002for cloud services?

  • A. ISO 27017
  • B. ISO 27034
  • C. ISO 27018
  • D. ISO 27032

Answer: A

Explanation:
IS0 27017 provides Code of practice for information security controls based on ISO/IEC27002 for cloud services.

 

NEW QUESTION 39
Which is the most common control used for Risk Transfer?

  • A. SLA
  • B. Web Application Firewall
  • C. Contracts
  • D. Insurance

Answer: D

Explanation:
Buying insurance is most common method of transferring risk.

 

NEW QUESTION 40
In 2015, 4 million records were stolen from telecom company, XYZ ltd, and later this information was used for scam calls to get bank information from the customers of XYZ. Which was of the following protection would have helped in minimising impact of the theft?

  • A. Repudiation
  • B. Encryption
  • C. Firewall
  • D. Use of VPN

Answer: B

Explanation:
Encryption of Data would have minimised the impact of the incident and it would have prevented data being used for scam calls.

 

NEW QUESTION 41
In the IaaS hosted environment. who is ultimately responsible for platform security?

  • A. Cloud Service Provider
  • B. Joint responsibility
  • C. System Administrator
  • D. Customer

Answer: D

Explanation:
In IaaS hosted environment, Platform security is responsibility of the customer whereas infrastructure security is a shared responsibility between cloud service provider and the customer

 

NEW QUESTION 42
......

100% Real & Accurate CCSK Questions and Answers with Free and Fast Updates: https://www.free4torrent.com/CCSK-braindumps-torrent.html

Get Unlimited Access to CCSK Certification Exam Cert Guide: https://drive.google.com/open?id=1HvyXztTRgyZ6Ee7OqVrU_UVPHTZ5-Wh8