CCSK Certificate of Cloud Security

Knowledge - Additional Practice

Questions
What is the primary benefit of using Infrastructure as Code (IaC) in cloud
environments?
A. Improved physical security

B. Automated infrastructure management

C. Enhanced data encryption

D. Increased cost of operations

Correct Answer: B

What does DDoS stand for in the context of cloud security threats?
A. Distributed Denial of Service

B. Data Denial of Service

C. Dynamic Denial of Service

D. Domain Denial of Service

Correct Answer: A

Which of the following is a common cloud storage security practice?

A. Storing data in plaintext

B. Encrypting data at rest and in transit

C. Using simple passwords

D. Allowing public read access to sensitive data

Correct Answer: B

What is the function of a web application firewall (WAF) in cloud security?

A. To monitor and block malicious HTTP/HTTPS traffic

B. To provide antivirus protection

C. To encrypt web application data

D. To manage cloud storage

Correct Answer: A

Which protocol is commonly used for secure file transfer in cloud

environments?
A. FTP

B. HTTP

C. SFTP

D. SMTP

Correct Answer: C

What is the principle of defense in depth?

A. Using multiple layers of security controls

B. Relying on a single security solution

C. Keeping security policies simple

D. Avoiding physical security measures

Correct Answer: A

Which cloud service model provides the highest level of control over the cloud
environment?
A. IaaS

B. PaaS

C. SaaS

D. FaaS

Correct Answer: A

What is the main purpose of encryption key management?

A. To reduce storage costs

B. To securely manage encryption keys throughout their lifecycle

C. To improve network performance

D. To simplify user authentication

Correct Answer: B

Which of the following is a benefit of using containerization in cloud

environments?
A. Increased physical security

B. Improved scalability and efficiency

C. Easier data encryption

D. Lower software licensing costs

Correct Answer: B

What is the role of a Data Protection Officer (DPO) in cloud compliance?

A. Managing cloud infrastructure

B. Ensuring compliance with data protection regulations

C. Developing software applications

D. Performing network maintenance

Correct Answer: B

What does the Shared Responsibility Model in cloud computing entail?

A. The cloud provider and customer share responsibility for security

B. The customer is solely responsible for security

C. The cloud provider is solely responsible for security

D. A third party is responsible for security

Correct Answer: A

Which of the following is an example of a cloud-native application?

A. A traditional desktop application

B. A web application designed to run in a cloud environment

C. An on-premises database
D. A mobile app that does not use cloud services

Correct Answer: B

What is the purpose of a security information and event management (SIEM)

system?
A. To store large amounts of data

B. To manage user identities

C. To provide real-time analysis of security alerts

D. To encrypt network traffic

Correct Answer: C

What is the main advantage of using serverless computing in the cloud?

A. Reduced server costs

B. Improved security

C. Scalability and cost-efficiency

D. Increased data storage capacity

Correct Answer: C

Which of the following is a key characteristic of cloud elasticity?

A. Fixed resource allocation

B. Automatic scaling of resources based on demand

C. Manual adjustment of resources

D. Limited storage capacity

Correct Answer: B

What does the term 'cloud governance' refer to?

A. The management of data centers

B. The framework for managing and controlling cloud resources

C. The process of encrypting data

D. The development of cloud applications

 Correct Answer: B

Which type of cloud service allows users to develop, run, and manage
applications without dealing with the underlying infrastructure?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: B

What is a major benefit of using multi-factor authentication (MFA) in cloud

security?
A. Increased ease of access

B. Enhanced security by requiring multiple forms of verification

C. Reduced cost of authentication

D. Simplified password management

Correct Answer: B

Which cloud service model is typically used for deploying virtual machines and
storage?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: A

What is the primary function of a cloud service level agreement (SLA)?

A. To define the terms of service and performance expectations between a cloud provider
and customer

B. To provide technical support for cloud services

C. To manage user identities

D. To ensure data encryption

Correct Answer: A

Which technique is used to detect and mitigate threats in real-time in the

cloud?
A. Machine learning algorithms

B. Manual patching

C. Automated scaling

D. Periodic audits

Correct Answer: A

Which cloud deployment model combines public and private clouds to allow
data and applications to be shared between them?
A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud

Correct Answer: C

What is the purpose of identity and access management (IAM) in cloud

security?
A. To manage virtual machines

B. To control access to resources and ensure users are authenticated

C. To encrypt data in transit

D. To provide disaster recovery solutions

Correct Answer: B

What does the term 'sandboxing' refer to in the context of cloud security?
A. A testing environment that isolates untested code changes

B. A method for encrypting data

C. A technique for network segmentation

D. A type of data storage

Correct Answer: A

Which cloud security certification focuses on global cloud security standards?

A. CISSP

B. CISM

C. CCSK

D. CEH

Correct Answer: C