CCSK Certificate of Cloud Security

Knowledge - Additional Practice

Questions
Which cloud service model involves the provider supplying the hardware,
storage, and network components?
A. Infrastructure as a Service (IaaS)

B. Platform as a Service (PaaS)

C. Software as a Service (SaaS)

D. Function as a Service (FaaS)

Correct Answer: A

What security practice is essential for protecting data at rest?

A. Use of strong passwords

B. Network segmentation

C. Encryption

D. Regular audits

Correct Answer: C

What is the primary purpose of an intrusion detection system (IDS) in cloud

computing?
A. To monitor network traffic

B. To detect and respond to unauthorized access

C. To manage cloud resource usage

D. To provide data encryption

Correct Answer: B

What does the term 'multi-tenancy' refer to in cloud computing?

A. Multiple customers using the same application
B. Multiple data centers

C. Multiple applications on one server

D. Multiple users on the same virtual machine

Correct Answer: A

Which protocol is primarily used for encrypted communication over the

internet?
A. HTTP

B. SMTP

C. FTP

D. HTTPS

Correct Answer: D

What type of cloud deployment is used by one organization exclusively?

A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud

Correct Answer: B

What is the role of a cloud access security broker (CASB)?

A. To manage cloud storage devices

B. To enforce security policies between cloud users and cloud services

C. To provide internet connectivity

D. To host cloud services

Correct Answer: B

Which standard is associated with credit card security in cloud payments?

A. HIPAA

B. GDPR
C. PCI DSS

D. ISO 27001

Correct Answer: C

What is a common method to secure data transmitted over public networks?

A. Data masking

B. Tokenization

C. SSL/TLS

D. Hardening

Correct Answer: C

Which compliance requirement mandates that health data be protected in the

cloud?
A. FERPA

B. HIPAA

C. Sarbanes-Oxley Act

D. GDPR

Correct Answer: B

What aspect of cloud computing can help reduce capital expenses?

A. Scalability

B. Multi-tenancy

C. Pay-as-you-go pricing

D. High availability

Correct Answer: C

Which disaster recovery strategy involves data mirroring between two cloud
data centers?
A. Pilot light

B. Warm standby
C. Hot site

D. Multi-site

Correct Answer: D

What tool or technology would you use to isolate network traffic in the cloud?
A. Firewalls

B. VLANs

C. Content Delivery Network (CDN)

D. Load balancer

Correct Answer: B

What does the principle of 'least privilege' mean in cloud security?

A. Users should have the minimum level of access necessary

B. Only managers should have administrative privileges

C. Data should be accessible to as few regions as possible

D. Systems should operate with the least amount of compute resources

Correct Answer: A

Which AWS service is primarily used for identity and access management?
A. Amazon Cognito

B. AWS IAM

C. AWS Shield

D. Amazon Inspector

Correct Answer: B

What is the purpose of a virtual private cloud (VPC)?

A. To provide a private, isolated section of the cloud

B. To offer public internet services

C. To host websites

D. To manage physical data centers

 Correct Answer: A

Which is an important security tool for monitoring and controlling cloud-based

applications?
A. VPN

B. Firewall

C. SIEM

D. Load balancer

Correct Answer: C

How does encryption protect data?

A. By deleting data automatically after a certain period

B. By converting data into a secure format that can only be read with a key

C. By physically separating data from other users

D. By creating backups at regular intervals

Correct Answer: B

What strategy involves spreading cloud assets across multiple providers to

avoid vendor lock-in?
A. Multi-cloud

B. Hybrid cloud

C. Scalable deployment

D. Single cloud

Correct Answer: A

Which process involves reviewing the security posture of cloud services on a

regular basis?
A. Security audit

B. Compliance checking

C. Penetration testing

D. Threat modeling
 Correct Answer: A

What is the significance of the shared responsibility model in cloud computing?

A. It divides security responsibilities between the cloud provider and the cloud user

B. It mandates that all security responsibilities are handled by the cloud provider

C. It allows users to opt out of security responsibilities

D. It requires third-party audits annually

Correct Answer: A

What functionality does a content delivery network (CDN) provide?

A. It accelerates dynamic content delivery

B. It decreases the physical distance between the server and the user

C. It enhances security by blocking DDoS attacks

D. It increases website performance by distributing content globally

Correct Answer: D

What is the main benefit of using managed cloud services?

A. It eliminates the need for IT staff

B. It reduces the operational overhead and complexity

C. It guarantees 100% uptime

D. It provides unlimited storage capacity

Correct Answer: B

How do service level agreements (SLAs) benefit cloud computing customers?

A. They provide legal ownership of data

B. They outline the performance and uptime guarantees

C. They offer discounts on long-term commitments

D. They allow unlimited data transfers

Correct Answer: B
Which technique is used to detect and mitigate threats in real-time in the
cloud?
A. Machine learning algorithms

B. Manual patching

C. Automated scaling

D. Periodic audits

Correct Answer: A