CCSK Certificate of Cloud Security

Knowledge - Practice Questions

Which of the following best describes the relationship between identities and
attributes?
A. Attributes belong to entities and identities belong to attributes. Each attribute can have
multiple identities but only one entity.

B. An attribute is a unique object within a database. Each attribute has a number of

identities which help define its parameters.

C. An identity is a distinct and unique object within a particular namespace. Attributes are
properties that belong to an identity. Each identity can have multiple attributes.

D. Attributes are made unique by their identities.

E. Identities are the network names given to servers. Attributes are the characteristics of
each server.

Correct Answer: C

Which governance domain focuses on proper and adequate incident detection,

response, notification, and remediation?
A. Data Security and Encryption

B. Information Governance

C. Incident Response, Notification and Remediation

D. Compliance and Audit Management

E. Infrastructure Security

Correct Answer: C

How should an SDLC be modified to address application security in a Cloud

Computing environment?
A. Integrated development environments

B. Updated threat and trust models

C. No modification is needed
D. Just-in-time compilers

E. Both B and C

Correct Answer: B

Which opportunity helps reduce common application security issues?

A. Elastic infrastructure

B. Default deny

C. Decreased use of micro-services

D. Segregation by default

E. Fewer serverless configurations

Correct Answer: A

What is the most significant security difference between traditional

infrastructure and cloud computing?
A. Management plane

B. Intrusion detection options

C. Secondary authentication factors

D. Network access points

E. Mobile security configuration options

Correct Answer: A

A security failure at the root network of a cloud provider will not compromise
the security of all customers because of multitenancy configuration.
A. False

B. True

Correct Answer: A

In which deployment model should the governance strategy consider the

minimum common set of controls comprised of the Cloud Service Provider
contract and the organization's internal governance agreements?
A. Public
B. PaaS

C. Private

D. IaaS

E. Hybrid

Correct Answer: E

What of the following is NOT an essential characteristic of cloud computing?

A. Broad Network Access

B. Measured Service

C. Third Party Service

D. Rapid Elasticity

E. Resource Pooling

Correct Answer: C

When configured properly, logs can track every code, infrastructure, and
configuration change and connect it back to the submitter and approver,
including the test results.
A. False

B. True

Correct Answer: B

When mapping functions to lifecycle phases, which functions are required to

successfully process data?
A. Create, Store, Use, and Share

B. Create and Store

C. Create and Use

D. Create, Store, and Use

E. Create, Use, Store, and Delete

Correct Answer: A
For third-party audits or attestations, what is critical for providers to publish
and customers to evaluate?
A. Scope of the assessment and the exact included features and services for the assessment

B. Provider infrastructure information including maintenance windows and contracts

C. Network or architecture diagrams including all end point security devices in use

D. Service-level agreements between all parties

E. Full API access to all required services

Correct Answer: C

Which is a potential security benefit of cloud computing according to ENISA?

A. More efficient and timely system updates

B. ISO 27001 certification

C. Provider can obfuscate system O/S and versions

D. Greater compatibility with customer IT infrastructure

E. Lock-In

Correct Answer: A

What is true of a workload?

A. It is a unit of processing that consumes memory

B. It does not require a hardware stack

C. It is always a virtual machine

D. It is configured for specific, established tasks

E. It must be containerized

Correct Answer: A

What are the primary security responsibilities of the cloud provider in the
management infrastructure?
A. Building and properly configuring a secure network infrastructure

B. Configuring second factor authentication across the network

C. Properly configuring the deployment of the virtual network, especially the firewalls
D. Properly configuring the deployment of the virtual network, except the firewalls

E. Providing as many API endpoints as possible for custom access and configurations

Correct Answer: D

What is a potential concern of using Security-as-a-Service (SecaaS)?

A. Lack of visibility

B. Deployment flexibility

C. Scaling and costs

D. Intelligence sharing

E. Insulation of clients

Correct Answer: A

Which of the following leverages virtual network topologies to run smaller, and
more isolated networks without incurring additional hardware costs?
A. Microsegmentation

B. VLANs

C. Converged networking

D. Virtual Private Networks

E. Virtual Private Cloud

Correct Answer: A

Which cloud security model type provides generalized templates for helping
implement cloud security?
A. Conceptual models or frameworks

B. Design patterns

C. Controls models or frameworks

D. Reference architectures

E. Cloud Controls Matrix (CCM)

Correct Answer: D
Which governance domain focuses on proper and adequate incident detection,
response, notification, and remediation?
A. Data Security and Encryption

B. Information Governance

C. Incident Response, Notification and Remediation

D. Compliance and Audit Management

E. Infrastructure Security

Correct Answer: C

How can web security as a service be deployed for a cloud consumer?

A. By proxying or redirecting web traffic to the cloud provider

B. By utilizing a partitioned network drive

C. On the premise through a software or appliance installation

D. Both A and C

E. None of the above

Correct Answer: A

Which cloud security model type provides generalized templates for helping
implement cloud security?
A. Conceptual models or frameworks

B. Design patterns

C. Controls models or frameworks

D. Reference architectures

E. Cloud Controls Matrix (CCM)

Correct Answer: D

Select the statement below which best describes the relationship between
identities and attributes:
A. Attributes belong to entities and identities belong to attributes. Each attribute can have
multiple identities but only one entity.
B. An attribute is a unique object within a database. Each attribute has a number of
identities which help define its parameters.

C. An identity is a distinct and unique object within a particular namespace. Attributes are
properties that belong to an identity. Each identity can have multiple attributes.

D. Attributes are made unique by their identities.

E. Identities are the network names given to servers. Attributes are the characteristics of
each server.

Correct Answer: C

Which opportunity helps reduce common application security issues?

A. Elastic infrastructure

B. Default deny

C. Decreased use of micro-services

D. Segregation by default

E. Fewer serverless configurations

Correct Answer: A

Which cloud service model involves the provider supplying the hardware,
storage, and network components?
A. Infrastructure as a Service (IaaS)

B. Platform as a Service (PaaS)

C. Software as a Service (SaaS)

D. Function as a Service (FaaS)

Correct Answer: A

What security practice is essential for protecting data at rest?

A. Use of strong passwords

B. Network segmentation

C. Encryption

D. Regular audits
 Correct Answer: C

What is the primary purpose of an intrusion detection system (IDS) in cloud

computing?
A. To monitor network traffic

B. To detect and respond to unauthorized access

C. To manage cloud resource usage

D. To provide data encryption

Correct Answer: B

What does the term 'multi-tenancy' refer to in cloud computing?

A. Multiple customers using the same application

B. Multiple data centers

C. Multiple applications on one server

D. Multiple users on the same virtual machine

Correct Answer: A

Which protocol is primarily used for encrypted communication over the

internet?
A. HTTP

B. SMTP

C. FTP

D. HTTPS

Correct Answer: D

What type of cloud deployment is used by one organization exclusively?

A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud
 Correct Answer: B

What is the role of a cloud access security broker (CASB)?

A. To manage cloud storage devices

B. To enforce security policies between cloud users and cloud services

C. To provide internet connectivity

D. To host cloud services

Correct Answer: B

Which standard is associated with credit card security in cloud payments?

A. HIPAA

B. GDPR

C. PCI DSS

D. ISO 27001

Correct Answer: C

What is a common method to secure data transmitted over public networks?

A. Data masking

B. Tokenization

C. SSL/TLS

D. Hardening

Correct Answer: C

Which compliance requirement mandates that health data be protected in the

cloud?
A. FERPA

B. HIPAA

C. Sarbanes-Oxley Act

D. GDPR

Correct Answer: B
What aspect of cloud computing can help reduce capital expenses?
A. Scalability

B. Multi-tenancy

C. Pay-as-you-go pricing

D. High availability

Correct Answer: C

Which disaster recovery strategy involves data mirroring between two cloud
data centers?
A. Pilot light

B. Warm standby

C. Hot site

D. Multi-site

Correct Answer: D

What tool or technology would you use to isolate network traffic in the cloud?
A. Firewalls

B. VLANs

C. Content Delivery Network (CDN)

D. Load balancer

Correct Answer: B

What does the principle of 'least privilege' mean in cloud security?

A. Users should have the minimum level of access necessary

B. Only managers should have administrative privileges

C. Data should be accessible to as few regions as possible

D. Systems should operate with the least amount of compute resources

Correct Answer: A
Which AWS service is primarily used for identity and access management?
A. Amazon Cognito

B. AWS IAM

C. AWS Shield

D. Amazon Inspector

Correct Answer: B

What is the purpose of a virtual private cloud (VPC)?

A. To provide a private, isolated section of the cloud

B. To offer public internet services

C. To host websites

D. To manage physical data centers

Correct Answer: A

Which is an important security tool for monitoring and controlling cloud-based

applications?
A. VPN

B. Firewall

C. SIEM

D. Load balancer

Correct Answer: C

How does encryption protect data?

A. By deleting data automatically after a certain period

B. By converting data into a secure format that can only be read with a key

C. By physically separating data from other users

D. By creating backups at regular intervals

Correct Answer: B
What strategy involves spreading cloud assets across multiple providers to
avoid vendor lock-in?
A. Multi-cloud

B. Hybrid cloud

C. Scalable deployment

D. Single cloud

Correct Answer: A

Which process involves reviewing the security posture of cloud services on a

regular basis?
A. Security audit

B. Compliance checking

C. Penetration testing

D. Threat modeling

Correct Answer: A

What is the significance of the shared responsibility model in cloud computing?

A. It divides security responsibilities between the cloud provider and the cloud user

B. It mandates that all security responsibilities are handled by the cloud provider

C. It allows users to opt out of security responsibilities

D. It requires third-party audits annually

Correct Answer: A

What functionality does a content delivery network (CDN) provide?

A. It accelerates dynamic content delivery

B. It decreases the physical distance between the server and the user

C. It enhances security by blocking DDoS attacks

D. It increases website performance by distributing content globally

Correct Answer: D
What is the main benefit of using managed cloud services?
A. It eliminates the need for IT staff

B. It reduces the operational overhead and complexity

C. It guarantees 100% uptime

D. It provides unlimited storage capacity

Correct Answer: B

How do service level agreements (SLAs) benefit cloud computing customers?

A. They provide legal ownership of data

B. They outline the performance and uptime guarantees

C. They offer discounts on long-term commitments

D. They allow unlimited data transfers

Correct Answer: B

Which technique is used to detect and mitigate threats in real-time in the

cloud?
A. Machine learning algorithms

B. Manual patching

C. Automated scaling

D. Periodic audits

Correct Answer: A

Which cloud deployment model combines public and private clouds to allow
data and applications to be shared between them?
A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud

Correct Answer: C
What is the purpose of identity and access management (IAM) in cloud
security?
A. To manage virtual machines

B. To control access to resources and ensure users are authenticated

C. To encrypt data in transit

D. To provide disaster recovery solutions

Correct Answer: B

What does the term 'sandboxing' refer to in the context of cloud security?
A. A testing environment that isolates untested code changes

B. A method for encrypting data

C. A technique for network segmentation

D. A type of data storage

Correct Answer: A

Which cloud security certification focuses on global cloud security standards?

A. CISSP

B. CISM

C. CCSK

D. CEH

Correct Answer: C

What is the primary benefit of using Infrastructure as Code (IaC) in cloud

environments?
A. Improved physical security

B. Automated infrastructure management

C. Enhanced data encryption

D. Increased cost of operations

Correct Answer: B
What does DDoS stand for in the context of cloud security threats?
A. Distributed Denial of Service

B. Data Denial of Service

C. Dynamic Denial of Service

D. Domain Denial of Service

Correct Answer: A

Which of the following is a common cloud storage security practice?

A. Storing data in plaintext

B. Encrypting data at rest and in transit

C. Using simple passwords

D. Allowing public read access to sensitive data

Correct Answer: B

What is the function of a web application firewall (WAF) in cloud security?

A. To monitor and block malicious HTTP/HTTPS traffic

B. To provide antivirus protection

C. To encrypt web application data

D. To manage cloud storage

Correct Answer: A

Which protocol is commonly used for secure file transfer in cloud

environments?
A. FTP

B. HTTP

C. SFTP

D. SMTP

Correct Answer: C
What is the principle of defense in depth?
A. Using multiple layers of security controls

B. Relying on a single security solution

C. Keeping security policies simple

D. Avoiding physical security measures

Correct Answer: A

Which cloud service model provides the highest level of control over the cloud
environment?
A. IaaS

B. PaaS

C. SaaS

D. FaaS

Correct Answer: A

What is the main purpose of encryption key management?

A. To reduce storage costs

B. To securely manage encryption keys throughout their lifecycle

C. To improve network performance

D. To simplify user authentication

Correct Answer: B

Which of the following is a benefit of using containerization in cloud

environments?
A. Increased physical security

B. Improved scalability and efficiency

C. Easier data encryption

D. Lower software licensing costs

Correct Answer: B
What is the role of a Data Protection Officer (DPO) in cloud compliance?
A. Managing cloud infrastructure

B. Ensuring compliance with data protection regulations

C. Developing software applications

D. Performing network maintenance

Correct Answer: B

What does the Shared Responsibility Model in cloud computing entail?

A. The cloud provider and customer share responsibility for security

B. The customer is solely responsible for security

C. The cloud provider is solely responsible for security

D. A third party is responsible for security

Correct Answer: A

Which of the following is an example of a cloud-native application?

A. A traditional desktop application

B. A web application designed to run in a cloud environment

C. An on-premises database

D. A mobile app that does not use cloud services

Correct Answer: B

What is the purpose of a security information and event management (SIEM)

system?
A. To store large amounts of data

B. To manage user identities

C. To provide real-time analysis of security alerts

D. To encrypt network traffic

Correct Answer: C
What is the main advantage of using serverless computing in the cloud?
A. Reduced server costs

B. Improved security

C. Scalability and cost-efficiency

D. Increased data storage capacity

Correct Answer: C

Which of the following is a key characteristic of cloud elasticity?

A. Fixed resource allocation

B. Automatic scaling of resources based on demand

C. Manual adjustment of resources

D. Limited storage capacity

Correct Answer: B

What does the term 'cloud governance' refer to?

A. The management of data centers

B. The framework for managing and controlling cloud resources

C. The process of encrypting data

D. The development of cloud applications

Correct Answer: B

Which type of cloud service allows users to develop, run, and manage
applications without dealing with the underlying infrastructure?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: B
What is a major benefit of using multi-factor authentication (MFA) in cloud
security?
A. Increased ease of access

B. Enhanced security by requiring multiple forms of verification

C. Reduced cost of authentication

D. Simplified password management

Correct Answer: B

Which cloud service model is typically used for deploying virtual machines and
storage?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: A

What is the primary function of a cloud service level agreement (SLA)?

A. To define the terms of service and performance expectations between a cloud provider
and customer

B. To provide technical support for cloud services

C. To manage user identities

D. To ensure data encryption

Correct Answer: A

Which of the following practices helps ensure the integrity of data stored in the
cloud?
A. Data replication

B. Data encryption

C. Data deduplication

D. Data masking
 Correct Answer: B

Which of the following reflects the claim of an individual to have certain data
deleted so that third persons can no longer trace them?
A. Right to be deleted

B. Right to be erased

C. Right to non-disclosure

D. Right to be forgotten

E. Right to privacy

Correct Answer: D

When entrusting a third party to process the data on its behalf, who remains
responsible for the collection and processing of the data?
A. Data Processor

B. Data Controller

C. Data Analyzer

D. Data Protector

Correct Answer: B

Which of the following is a form of compliance inheritance in which all or some

of the cloud provider’s infrastructure and services undergo an audit to a
compliance standard?
A. Policy Audit

B. Pass-through Audit

C. Third Party Audit

D. Compliance Audit

Correct Answer: B

Which of the following is not a security benefit of Immutable workloads?

A. Security testing can be managed during image creation

B. You no longer patch running systems or worry about dependencies

C. You can enable remote logins to run workloads

D. It is much faster to roll out updated versions

E. It is easier to disable services and whitelist applications

Correct Answer: C

Which of the following leverages virtual network topologies to run smaller, and
more isolated networks without incurring additional hardware costs?
A. Microsegmentation

B. VLANs

C. Converged networking

D. Virtual Private Networks

E. Virtual Private Cloud

Correct Answer: A

What are the primary security responsibilities of the cloud provider in the
management infrastructure?
A. Building and properly configuring a secure network infrastructure

B. Configuring second factor authentication across the network

C. Properly configuring the deployment of the virtual network, especially the firewalls

D. Properly configuring the deployment of the virtual network, except the firewalls

E. Providing as many API endpoints as possible for custom access and configurations

Correct Answer: D

What is true of a workload?

A. It is a unit of processing that consumes memory

B. It does not require a hardware stack

C. It is always a virtual machine

D. It is configured for specific, established tasks

E. It must be containerized
 Correct Answer: A

Which is a potential security benefit of cloud computing according to ENISA?

A. More efficient and timely system updates

B. ISO 27001 certification

C. Provider can obfuscate system O/S and versions

D. Greater compatibility with customer IT infrastructure

E. Lock-In

Correct Answer: A

The Software Defined Perimeter (SDP) includes which components?

A. Client, Controller, and Gateway

B. Client, Controller, Firewall, and Gateway

C. Client, Firewall, and Gateway

D. Controller, Firewall, and Gateway

E. Client, Controller, and Firewall

Correct Answer: A

Which cloud security model type provides generalized templates for helping
implement cloud security?
A. Conceptual models or frameworks

B. Design patterns

C. Controls models or frameworks

D. Reference architectures

E. Cloud Controls Matrix (CCM)

Correct Answer: D

Select the statement below which best describes the relationship between
identities and attributes
A. Attributes belong to entities and identities belong to attributes. Each attribute can have
multiple identities but only one entity.
B. An attribute is a unique object within a database. Each attribute has a number of
identities which help define its parameters.

C. An identity is a distinct and unique object within a particular namespace. Attributes are
properties which belong to an identity. Each identity can have multiple attributes.

D. Attributes are made unique by their identities.

E. Identities are the network names given to servers. Attributes are the characteristics of
each server.

Correct Answer: D

What is a potential concern of using Security-as-a-Service (SecaaS)?

A. Lack of visibility

B. Deployment flexibility

C. Scaling and costs

D. Intelligence sharing

E. Insulation of clients

Correct Answer: A

How should an SDLC be modified to address application security in a Cloud

Computing environment?
A. Integrated development environments

B. Updated threat and trust models

C. No modification is needed

D. Just-in-time compilers

E. Both B and C

Correct Answer: B

Which governance domain focuses on proper and adequate incident detection,

response, notification, and remediation?
A. Data Security and Encryption

B. Information Governance

C. Incident Response, Notification and Remediation

D. Compliance and Audit Management

E. Infrastructure Security

Correct Answer: C

Which opportunity helps reduce common application security issues?

A. Elastic infrastructure

B. Default deny

C. Decreased use of micro-services

D. Segregation by default

E. Fewer serverless configurations

Correct Answer: A

What is the most significant security difference between traditional

infrastructure and cloud computing?
A. Management plane

B. Intrusion detection options

C. Secondary authentication factors

D. Network access points

E. Mobile security configuration options

Correct Answer: A

A security failure at the root network of a cloud provider will not compromise
the security of all customers because of multitenancy configuration.
A. False

B. True

Correct Answer: A

In which deployment model should the governance strategy consider the

minimum common set of controls comprised of the Cloud Service Provider
contract and the organization's internal governance agreements?
A. Public
B. PaaS

C. Private

D. IaaS

E. Hybrid

Correct Answer: E

What of the following is NOT an essential characteristic of cloud computing?

A. Broad Network Access

B. Measured Service

C. Third Party Service

D. Rapid Elasticity

E. Resource Pooling

Correct Answer: C

When configured properly, logs can track every code, infrastructure, and
configuration change and connect it back to the submitter and approver,
including the test results.
A. False

B. True

Correct Answer: B

When mapping functions to lifecycle phases, which functions are required to

successfully process data?
A. Create, Store, Use, and Share

B. Create and Store

C. Create and Use

D. Create, Store, and Use

E. Create, Use, Store, and Delete

Correct Answer: A
For third-party audits or attestations, what is critical for providers to publish
and customers to evaluate?
A. Scope of the assessment and the exact included features and services for the assessment

B. Provider infrastructure information including maintenance windows and contracts

C. Network or architecture diagrams including all end point security devices in use

D. Service-level agreements between all parties

E. Full API access to all required services

Correct Answer: C

Which cloud service model involves the provider supplying the hardware,
storage, and network components?
A. Infrastructure as a Service (IaaS)

B. Platform as a Service (PaaS)

C. Software as a Service (SaaS)

D. Function as a Service (FaaS)

Correct Answer: A

What security practice is essential for protecting data at rest?

A. Use of strong passwords

B. Network segmentation

C. Encryption

D. Regular audits

Correct Answer: C

Which of the following best describes the relationship between identities and
attributes?
A. Attributes belong to entities and identities belong to attributes. Each attribute can have
multiple identities but only one entity.

B. An attribute is a unique object within a database. Each attribute has a number of

identities which help define its parameters.
C. An identity is a distinct and unique object within a particular namespace. Attributes are
properties which belong to an identity. Each identity can have multiple attributes.

D. Attributes are made unique by their identities.

E. Identities are the network names given to servers. Attributes are the characteristics of
each server.

Correct Answer: C

Which governance domain focuses on proper and adequate incident detection,

response, notification, and remediation?
A. Data Security and Encryption

B. Information Governance

C. Incident Response, Notification and Remediation

D. Compliance and Audit Management

E. Infrastructure Security

Correct Answer: C

How should an SDLC be modified to address application security in a Cloud

Computing environment?
A. Integrated development environments

B. Updated threat and trust models

C. No modification is needed

D. Just-in-time compilers

E. Both B and C

Correct Answer: B

Which of the following is a benefit of Immutable workloads?

A. Security testing can be managed during image creation

B. You no longer patch running systems or worry about dependencies

C. You can enable remote logins to run workloads

D. It is much faster to roll out updated versions

E. It is easier to disable services and whitelist applications

Correct Answer: A

Which of the following leverages virtual network topologies to run smaller, and
more isolated networks without incurring additional hardware costs?
A. Microsegmentation

B. VLANs

C. Converged networking

D. Virtual Private Networks

E. Virtual Private Cloud

Correct Answer: A

What is a potential concern of using Security-as-a-Service (SecaaS)?

A. Lack of visibility

B. Deployment flexibility

C. Scaling and costs

D. Intelligence sharing

E. Insulation of clients

Correct Answer: A

How can web security as a service be deployed for a cloud consumer?

A. By proxying or redirecting web traffic to the cloud provider

B. By utilizing a partitioned network drive

C. On the premise through a software or appliance installation

D. Both A and C

E. None of the above

Correct Answer: A
Which cloud security model type provides generalized templates for helping
implement cloud security?
A. Conceptual models or frameworks

B. Design patterns

C. Controls models or frameworks

D. Reference architectures

E. Cloud Controls Matrix (CCM)

Correct Answer: D

Select the statement below which best describes the relationship between
identities and attributes:
A. Attributes belong to entities and identities belong to attributes. Each attribute can have
multiple identities but only one entity.

B. An attribute is a unique object within a database. Each attribute has a number of

identities which help define its parameters.

C. An identity is a distinct and unique object within a particular namespace. Attributes are
properties which belong to an identity. Each identity can have multiple attributes.

D. Attributes are made unique by their identities.

E. Identities are the network names given to servers. Attributes are the characteristics of
each server.

Correct Answer: C

Which governance domain focuses on proper and adequate incident detection,

response, notification, and remediation?
A. Data Security and Encryption

B. Information Governance

C. Incident Response, Notification and Remediation

D. Compliance and Audit Management

E. Infrastructure Security

Correct Answer: C
What is a potential concern of using Security-as-a-Service (SecaaS)?
A. Lack of visibility

B. Deployment flexibility

C. Scaling and costs

D. Intelligence sharing

E. Insulation of clients

Correct Answer: A

How should an SDLC be modified to address application security in a Cloud

Computing environment?
A. Integrated development environments

B. Updated threat and trust models

C. No modification is needed

D. Just-in-time compilers

E. Both B and C

Correct Answer: B

Which opportunity helps reduce common application security issues?

A. Elastic infrastructure

B. Default deny

C. Decreased use of micro-services

D. Segregation by default

E. Fewer serverless configurations

Correct Answer: A

What is the most significant security difference between traditional

infrastructure and cloud computing?
A. Management plane

B. Intrusion detection options

C. Secondary authentication factors

D. Network access points

E. Mobile security configuration options

Correct Answer: A

A security failure at the root network of a cloud provider will not compromise
the security of all customers because of multitenancy configuration.
A. False

B. True

Correct Answer: A

In which deployment model should the governance strategy consider the

minimum common set of controls comprised of the Cloud Service Provider
contract and the organization's internal governance agreements?
A. Public

B. PaaS

C. Private

D. IaaS

E. Hybrid

Correct Answer: E

What of the following is NOT an essential characteristic of cloud computing?

A. Broad Network Access

B. Measured Service

C. Third Party Service

D. Rapid Elasticity

E. Resource Pooling

Correct Answer: C
When configured properly, logs can track every code, infrastructure, and
configuration change and connect it back to the submitter and approver,
including the test results.
A. False

B. True

Correct Answer: B

When mapping functions to lifecycle phases, which functions are required to

successfully process data?
A. Create, Store, Use, and Share

B. Create and Store

C. Create and Use

D. Create, Store, and Use

E. Create, Use, Store, and Delete

Correct Answer: A

For third-party audits or attestations, what is critical for providers to publish

and customers to evaluate?
A. Scope of the assessment and the exact included features and services for the assessment

B. Provider infrastructure information including maintenance windows and contracts

C. Network or architecture diagrams including all end point security devices in use

D. Service-level agreements between all parties

E. Full API access to all required services

Correct Answer: C

Which cloud service model involves the provider supplying the hardware,
storage, and network components?
A. Infrastructure as a Service (IaaS)

B. Platform as a Service (PaaS)

C. Software as a Service (SaaS)

D. Function as a Service (FaaS)

Correct Answer: A

What security practice is essential for protecting data at rest?

A. Use of strong passwords

B. Network segmentation

C. Encryption

D. Regular audits

Correct Answer: C

What is the primary purpose of an intrusion detection system (IDS) in cloud

computing?
A. To monitor network traffic

B. To detect and respond to unauthorized access

C. To manage cloud resource usage

D. To provide data encryption

Correct Answer: B

What does the term 'multi-tenancy' refer to in cloud computing?

A. Multiple customers using the same application

B. Multiple data centers

C. Multiple applications on one server

D. Multiple users on the same virtual machine

Correct Answer: A

Which protocol is primarily used for encrypted communication over the

internet?
A. HTTP

B. SMTP

C. FTP
D. HTTPS

Correct Answer: D

What is the primary benefit of using Infrastructure as Code (IaC) in cloud

environments?
A. Improved physical security

B. Automated infrastructure management

C. Enhanced data encryption

D. Increased cost of operations

Correct Answer: B

What does DDoS stand for in the context of cloud security threats?
A. Distributed Denial of Service

B. Data Denial of Service

C. Dynamic Denial of Service

D. Domain Denial of Service

Correct Answer: A

Which of the following is a common cloud storage security practice?

A. Storing data in plaintext

B. Encrypting data at rest and in transit

C. Using simple passwords

D. Allowing public read access to sensitive data

Correct Answer: B

What is the function of a web application firewall (WAF) in cloud security?

A. To monitor and block malicious HTTP/HTTPS traffic

B. To provide antivirus protection

C. To encrypt web application data

D. To manage cloud storage

 Correct Answer: A

Which protocol is commonly used for secure file transfer in cloud

environments?
A. FTP

B. HTTP

C. SFTP

D. SMTP

Correct Answer: C

What is the principle of defense in depth?

A. Using multiple layers of security controls

B. Relying on a single security solution

C. Keeping security policies simple

D. Avoiding physical security measures

Correct Answer: A

Which cloud service model provides the highest level of control over the cloud
environment?
A. IaaS

B. PaaS

C. SaaS

D. FaaS

Correct Answer: A

What is the main purpose of encryption key management?

A. To reduce storage costs

B. To securely manage encryption keys throughout their lifecycle

C. To improve network performance

D. To simplify user authentication

 Correct Answer: B

Which of the following is a benefit of using containerization in cloud

environments?
A. Increased physical security

B. Improved scalability and efficiency

C. Easier data encryption

D. Lower software licensing costs

Correct Answer: B

What is the role of a Data Protection Officer (DPO) in cloud compliance?

A. Managing cloud infrastructure

B. Ensuring compliance with data protection regulations

C. Developing software applications

D. Performing network maintenance

Correct Answer: B

What does the Shared Responsibility Model in cloud computing entail?

A. The cloud provider and customer share responsibility for security

B. The customer is solely responsible for security

C. The cloud provider is solely responsible for security

D. A third party is responsible for security

Correct Answer: A

Which of the following is an example of a cloud-native application?

A. A traditional desktop application

B. A web application designed to run in a cloud environment

C. An on-premises database

D. A mobile app that does not use cloud services

Correct Answer: B
What is the purpose of a security information and event management (SIEM)
system?
A. To store large amounts of data

B. To manage user identities

C. To provide real-time analysis of security alerts

D. To encrypt network traffic

Correct Answer: C

What is the main advantage of using serverless computing in the cloud?

A. Reduced server costs

B. Improved security

C. Scalability and cost-efficiency

D. Increased data storage capacity

Correct Answer: C

Which of the following is a key characteristic of cloud elasticity?

A. Fixed resource allocation

B. Automatic scaling of resources based on demand

C. Manual adjustment of resources

D. Limited storage capacity

Correct Answer: B

What does the term 'cloud governance' refer to?

A. The management of data centers

B. The framework for managing and controlling cloud resources

C. The process of encrypting data

D. The development of cloud applications

Correct Answer: B
Which type of cloud service allows users to develop, run, and manage
applications without dealing with the underlying infrastructure?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: B

What is a major benefit of using multi-factor authentication (MFA) in cloud

security?
A. Increased ease of access

B. Enhanced security by requiring multiple forms of verification

C. Reduced cost of authentication

D. Simplified password management

Correct Answer: B

Which cloud service model is typically used for deploying virtual machines and
storage?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: A

What is the primary function of a cloud service level agreement (SLA)?

A. To define the terms of service and performance expectations between a cloud provider
and customer

B. To provide technical support for cloud services

C. To manage user identities

D. To ensure data encryption

 Correct Answer: A

Which technique is used to detect and mitigate threats in real-time in the

cloud?
A. Machine learning algorithms

B. Manual patching

C. Automated scaling

D. Periodic audits

Correct Answer: A

Which cloud deployment model combines public and private clouds to allow
data and applications to be shared between them?
A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud

Correct Answer: C

What is the purpose of identity and access management (IAM) in cloud

security?
A. To manage virtual machines

B. To control access to resources and ensure users are authenticated

C. To encrypt data in transit

D. To provide disaster recovery solutions

Correct Answer: B

What does the term 'sandboxing' refer to in the context of cloud security?
A. A testing environment that isolates untested code changes

B. A method for encrypting data

C. A technique for network segmentation

D. A type of data storage

 Correct Answer: A

Which cloud security certification focuses on global cloud security standards?

A. CISSP

B. CISM

C. CCSK

D. CEH

Correct Answer: C

What is the primary benefit of using Infrastructure as Code (IaC) in cloud

environments?
A. Improved physical security

B. Automated infrastructure management

C. Enhanced data encryption

D. Increased cost of operations

Correct Answer: B

What does DDoS stand for in the context of cloud security threats?
A. Distributed Denial of Service

B. Data Denial of Service

C. Dynamic Denial of Service

D. Domain Denial of Service

Correct Answer: A

Which of the following is a common cloud storage security practice?

A. Storing data in plaintext

B. Encrypting data at rest and in transit

C. Using simple passwords

D. Allowing public read access to sensitive data

Correct Answer: B
What is the function of a web application firewall (WAF) in cloud security?
A. To monitor and block malicious HTTP/HTTPS traffic

B. To provide antivirus protection

C. To encrypt web application data

D. To manage cloud storage

Correct Answer: A

Which protocol is commonly used for secure file transfer in cloud

environments?
A. FTP

B. HTTP

C. SFTP

D. SMTP

Correct Answer: C

What is the principle of defense in depth?

A. Using multiple layers of security controls

B. Relying on a single security solution

C. Keeping security policies simple

D. Avoiding physical security measures

Correct Answer: A

Which cloud service model provides the highest level of control over the cloud
environment?
A. IaaS

B. PaaS

C. SaaS

D. FaaS

Correct Answer: A
What is the main purpose of encryption key management?
A. To reduce storage costs

B. To securely manage encryption keys throughout their lifecycle

C. To improve network performance

D. To simplify user authentication

Correct Answer: B

Which of the following is a benefit of using containerization in cloud

environments?
A. Increased physical security

B. Improved scalability and efficiency

C. Easier data encryption

D. Lower software licensing costs

Correct Answer: B

What is the role of a Data Protection Officer (DPO) in cloud compliance?

A. Managing cloud infrastructure

B. Ensuring compliance with data protection regulations

C. Developing software applications

D. Performing network maintenance

Correct Answer: B

What does the Shared Responsibility Model in cloud computing entail?

A. The cloud provider and customer share responsibility for security

B. The customer is solely responsible for security

C. The cloud provider is solely responsible for security

D. A third party is responsible for security

Correct Answer: A
Which of the following is an example of a cloud-native application?
A. A traditional desktop application

B. A web application designed to run in a cloud environment

C. An on-premises database

D. A mobile app that does not use cloud services

Correct Answer: B

What is the purpose of a security information and event management (SIEM)

system?
A. To store large amounts of data

B. To manage user identities

C. To provide real-time analysis of security alerts

D. To encrypt network traffic

Correct Answer: C

What is the main advantage of using serverless computing in the cloud?

A. Reduced server costs

B. Improved security

C. Scalability and cost-efficiency

D. Increased data storage capacity

Correct Answer: C

Which of the following is a key characteristic of cloud elasticity?

A. Fixed resource allocation

B. Automatic scaling of resources based on demand

C. Manual adjustment of resources

D. Limited storage capacity

Correct Answer: B
What does the term 'cloud governance' refer to?
A. The management of data centers

B. The framework for managing and controlling cloud resources

C. The process of encrypting data

D. The development of cloud applications

Correct Answer: B

Which type of cloud service allows users to develop, run, and manage
applications without dealing with the underlying infrastructure?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: B

What is a major benefit of using multi-factor authentication (MFA) in cloud

security?
A. Increased ease of access

B. Enhanced security by requiring multiple forms of verification

C. Reduced cost of authentication

D. Simplified password management

Correct Answer: B

Which cloud service model is typically used for deploying virtual machines and
storage?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: A
What is the primary function of a cloud service level agreement (SLA)?
A. To define the terms of service and performance expectations between a cloud provider
and customer

B. To provide technical support for cloud services

C. To manage user identities

D. To ensure data encryption

Correct Answer: A

Which technique is used to detect and mitigate threats in real-time in the

cloud?
A. Machine learning algorithms

B. Manual patching

C. Automated scaling

D. Periodic audits

Correct Answer: A

Which cloud deployment model combines public and private clouds to allow
data and applications to be shared between them?
A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud

Correct Answer: C

What is the purpose of identity and access management (IAM) in cloud

security?
A. To manage virtual machines

B. To control access to resources and ensure users are authenticated

C. To encrypt data in transit

D. To provide disaster recovery solutions

 Correct Answer: B

What does the term 'sandboxing' refer to in the context of cloud security?
A. A testing environment that isolates untested code changes

B. A method for encrypting data

C. A technique for network segmentation

D. A type of data storage

Correct Answer: A

Which cloud security certification focuses on global cloud security standards?

A. CISSP

B. CISM

C. CCSK

D. CEH

Correct Answer: C

Which of the following reflects the claim of an individual to have certain data
deleted so that third persons can no longer trace them?
A. Right to be deleted

B. Right to be erased

C. Right to non-disclosure

D. Right to be forgotten

E. Right to privacy

Correct Answer: D

When entrusting a third party to process the data on its behalf, who remains
responsible for the collection and processing of the data?
A. Data Processor

B. Data Controller

C. Data Analyzer
D. Data Protector

Correct Answer: B

Which of the following is a form of compliance inheritance in which all or some

of the cloud provider’s infrastructure and services undergo an audit to a
compliance standard?
A. Policy Audit

B. Pass-through Audit

C. Third Party Audit

D. Compliance Audit

Correct Answer: B

Which of the following is not a security benefit of Immutable workloads?

A. Security testing can be managed during image creation

B. You no longer patch running systems or worry about dependencies

C. You can enable remote logins to run workloads

D. It is much faster to roll out updated versions

E. It is easier to disable services and whitelist applications

Correct Answer: C

Which of the following leverages virtual network topologies to run smaller, and
more isolated networks without incurring additional hardware costs?
A. Microsegmentation

B. VLANs

C. Converged networking

D. Virtual Private Networks

E. Virtual Private Cloud

Correct Answer: A
What are the primary security responsibilities of the cloud provider in the
management infrastructure?
A. Building and properly configuring a secure network infrastructure

B. Configuring second factor authentication across the network

C. Properly configuring the deployment of the virtual network, especially the firewalls

D. Properly configuring the deployment of the virtual network, except the firewalls

E. Providing as many API endpoints as possible for custom access and configurations

Correct Answer: D

What is a potential concern of using Security-as-a-Service (SecaaS)?

A. Lack of visibility

B. Deployment flexibility

C. Scaling and costs

D. Intelligence sharing

E. Insulation of clients

Correct Answer: A

How can web security as a service be deployed for a cloud consumer?

A. By proxying or redirecting web traffic to the cloud provider

B. By utilizing a partitioned network drive

C. On the premise through a software or appliance installation

D. Both A and C

E. None of the above

Correct Answer: A

Which cloud security model type provides generalized templates for helping
implement cloud security?
A. Conceptual models or frameworks

B. Design patterns

C. Controls models or frameworks

D. Reference architectures

E. Cloud Controls Matrix (CCM)

Correct Answer: D

How should an SDLC be modified to address application security in a Cloud

Computing environment?
A. Integrated development environments

B. Updated threat and trust models

C. No modification is needed

D. Just-in-time compilers

E. Both B and C

Correct Answer: B

Which governance domain focuses on proper and adequate incident detection,

response, notification, and remediation?
A. Data Security and Encryption

B. Information Governance

C. Incident Response, Notification and Remediation

D. Compliance and Audit Management

E. Infrastructure Security

Correct Answer: C

Which opportunity helps reduce common application security issues?

A. Elastic infrastructure

B. Default deny

C. Decreased use of micro-services

D. Segregation by default

E. Fewer serverless configurations

Correct Answer: A
What is the most significant security difference between traditional
infrastructure and cloud computing?
A. Management plane

B. Intrusion detection options

C. Secondary authentication factors

D. Network access points

E. Mobile security configuration options

Correct Answer: A

A security failure at the root network of a cloud provider will not compromise
the security of all customers because of multitenancy configuration.
A. False

B. True

Correct Answer: A

In which deployment model should the governance strategy consider the

minimum common set of controls comprised of the Cloud Service Provider
contract and the organization's internal governance agreements?
A. Public

B. PaaS

C. Private

D. IaaS

E. Hybrid

Correct Answer: E

What of the following is NOT an essential characteristic of cloud computing?

A. Broad Network Access

B. Measured Service

C. Third Party Service

D. Rapid Elasticity
E. Resource Pooling

Correct Answer: C

When configured properly, logs can track every code, infrastructure, and
configuration change and connect it back to the submitter and approver,
including the test results.
A. False

B. True

Correct Answer: B

When mapping functions to lifecycle phases, which functions are required to

successfully process data?
A. Create, Store, Use, and Share

B. Create and Store

C. Create and Use

D. Create, Store, and Use

E. Create, Use, Store, and Delete

Correct Answer: A

For third-party audits or attestations, what is critical for providers to publish

and customers to evaluate?
A. Scope of the assessment and the exact included features and services for the assessment

B. Provider infrastructure information including maintenance windows and contracts

C. Network or architecture diagrams including all end point security devices in use

D. Service-level agreements between all parties

E. Full API access to all required services

Correct Answer: C

Which is a potential security benefit of cloud computing according to ENISA?

A. More efficient and timely system updates

B. ISO 27001 certification

C. Provider can obfuscate system O/S and versions

D. Greater compatibility with customer IT infrastructure

E. Lock-In

Correct Answer: A

What is true of a workload?

A. It is a unit of processing that consumes memory

B. It does not require a hardware stack

C. It is always a virtual machine

D. It is configured for specific, established tasks

E. It must be containerized

Correct Answer: A

CCM: Cloud Controls Matrix (CCM) is a completely independent cloud

assessment toolkit that does not map any existing standards.
A. True

B. False

Correct Answer: B

What are the primary security responsibilities of the cloud provider in the
management infrastructure?
A. Building and properly configuring a secure network infrastructure

B. Configuring second factor authentication across the network

C. Properly configuring the deployment of the virtual network, especially the firewalls

D. Properly configuring the deployment of the virtual network, except the firewalls

E. Providing as many API endpoints as possible for custom access and configurations

Correct Answer: D

What is a potential concern of using Security-as-a-Service (SecaaS)?

A. Lack of visibility
B. Deployment flexibility

C. Scaling and costs

D. Intelligence sharing

E. Insulation of clients

Correct Answer: A

Which of the following leverages virtual network topologies to run smaller, and
more isolated networks without incurring additional hardware costs?
A. Microsegmentation

B. VLANs

C. Converged networking

D. Virtual Private Networks

E. Virtual Private Cloud

Correct Answer: A

Which of the following is a form of compliance inheritance in which all or some

of the cloud provider’s infrastructure and services undergo an audit to a
compliance standard?
A. Policy Audit

B. Pass-through Audit

C. Third Party Audit

D. Compliance Audit

Correct Answer: B

Which cloud service model involves the provider supplying the hardware,
storage, and network components?
A. Infrastructure as a Service (IaaS)

B. Platform as a Service (PaaS)

C. Software as a Service (SaaS)

D. Function as a Service (FaaS)

 Correct Answer: A

What is a potential concern of using Security-as-a-Service (SecaaS)?

A. Lack of visibility

B. Deployment flexibility

C. Scaling and costs

D. Intelligence sharing

E. Insulation of clients

Correct Answer: A

What type of cloud deployment is used by one organization exclusively?

A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud

Correct Answer: B

Which cloud security model type provides generalized templates for helping
implement cloud security?
A. Conceptual models or frameworks

B. Design patterns

C. Controls models or frameworks

D. Reference architectures

E. Cloud Controls Matrix (CCM)

Correct Answer: D

What are the primary security responsibilities of the cloud provider in the
management infrastructure?
A. Building and properly configuring a secure network infrastructure

B. Configuring second factor authentication across the network

C. Properly configuring the deployment of the virtual network, especially the firewalls

D. Properly configuring the deployment of the virtual network, except the firewalls

E. Providing as many API endpoints as possible for custom access and configurations

Correct Answer: D

What is a potential concern of using Security-as-a-Service (SecaaS)?

A. Lack of visibility

B. Deployment flexibility

C. Scaling and costs

D. Intelligence sharing

E. Insulation of clients

Correct Answer: A

How should an SDLC be modified to address application security in a Cloud

Computing environment?
A. Integrated development environments

B. Updated threat and trust models

C. No modification is needed

D. Just-in-time compilers

E. Both B and C

Correct Answer: B

What is the primary benefit of using Infrastructure as Code (IaC) in cloud

environments?
A. Improved physical security

B. Automated infrastructure management

C. Enhanced data encryption

D. Increased cost of operations

Correct Answer: B
What does DDoS stand for in the context of cloud security threats?
A. Distributed Denial of Service

B. Data Denial of Service

C. Dynamic Denial of Service

D. Domain Denial of Service

Correct Answer: A

Which of the following is a common cloud storage security practice?

A. Storing data in plaintext

B. Encrypting data at rest and in transit

C. Using simple passwords

D. Allowing public read access to sensitive data

Correct Answer: B

What is the function of a web application firewall (WAF) in cloud security?

A. To monitor and block malicious HTTP/HTTPS traffic

B. To provide antivirus protection

C. To encrypt web application data

D. To manage cloud storage

Correct Answer: A

Which protocol is commonly used for secure file transfer in cloud

environments?
A. FTP

B. HTTP

C. SFTP

D. SMTP

Correct Answer: C
What is the principle of defense in depth?
A. Using multiple layers of security controls

B. Relying on a single security solution

C. Keeping security policies simple

D. Avoiding physical security measures

Correct Answer: A

Which cloud service model provides the highest level of control over the cloud
environment?
A. IaaS

B. PaaS

C. SaaS

D. FaaS

Correct Answer: A

What is the main purpose of encryption key management?

A. To reduce storage costs

B. To securely manage encryption keys throughout their lifecycle

C. To improve network performance

D. To simplify user authentication

Correct Answer: B

Which of the following is a benefit of using containerization in cloud

environments?
A. Increased physical security

B. Improved scalability and efficiency

C. Easier data encryption

D. Lower software licensing costs

Correct Answer: B
What is the role of a Data Protection Officer (DPO) in cloud compliance?
A. Managing cloud infrastructure

B. Ensuring compliance with data protection regulations

C. Developing software applications

D. Performing network maintenance

Correct Answer: B

Which cloud security certification focuses on global cloud security standards?

A. CISSP

B. CISM

C. CCSK

D. CEH

Correct Answer: C

What is the purpose of identity and access management (IAM) in cloud

security?
A. To manage virtual machines

B. To control access to resources and ensure users are authenticated

C. To encrypt data in transit

D. To provide disaster recovery solutions

Correct Answer: B

Which protocol is commonly used for secure file transfer in cloud

environments?
A. FTP

B. HTTP

C. SFTP

D. SMTP

Correct Answer: C
What is the role of a Data Protection Officer (DPO) in cloud compliance?
A. Managing cloud infrastructure

B. Ensuring compliance with data protection regulations

C. Developing software applications

D. Performing network maintenance

Correct Answer: B

Which cloud deployment model combines public and private clouds to allow
data and applications to be shared between them?
A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud

Correct Answer: C

What strategy involves spreading cloud assets across multiple providers to

avoid vendor lock-in?
A. Multi-cloud

B. Hybrid cloud

C. Scalable deployment

D. Single cloud

Correct Answer: A

What does the term 'sandboxing' refer to in the context of cloud security?
A. A testing environment that isolates untested code changes

B. A method for encrypting data

C. A technique for network segmentation

D. A type of data storage

Correct Answer: A
Which cloud security certification focuses on global cloud security standards?
A. CISSP

B. CISM

C. CCSK

D. CEH

Correct Answer: C

What is the purpose of identity and access management (IAM) in cloud

security?
A. To manage virtual machines

B. To control access to resources and ensure users are authenticated

C. To encrypt data in transit

D. To provide disaster recovery solutions

Correct Answer: B

Which protocol is commonly used for secure file transfer in cloud

environments?
A. FTP

B. HTTP

C. SFTP

D. SMTP

Correct Answer: C

What is the role of a Data Protection Officer (DPO) in cloud compliance?

A. Managing cloud infrastructure

B. Ensuring compliance with data protection regulations

C. Developing software applications

D. Performing network maintenance

Correct Answer: B
Which cloud deployment model combines public and private clouds to allow
data and applications to be shared between them?
A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud

Correct Answer: C

What strategy involves spreading cloud assets across multiple providers to

avoid vendor lock-in?
A. Multi-cloud

B. Hybrid cloud

C. Scalable deployment

D. Single cloud

Correct Answer: A

What does the term 'sandboxing' refer to in the context of cloud security?
A. A testing environment that isolates untested code changes

B. A method for encrypting data

C. A technique for network segmentation

D. A type of data storage

Correct Answer: A

Which cloud service model is typically used for deploying virtual machines and
storage?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: A
What does DDoS stand for in the context of cloud security threats?
A. Distributed Denial of Service

B. Data Denial of Service

C. Dynamic Denial of Service

D. Domain Denial of Service

Correct Answer: A

What is the primary purpose of an intrusion detection system (IDS) in cloud

computing?
A. To monitor network traffic

B. To detect and respond to unauthorized access

C. To manage cloud resource usage

D. To provide data encryption

Correct Answer: B

What is the principle of defense in depth?

A. Using multiple layers of security controls

B. Relying on a single security solution

C. Keeping security policies simple

D. Avoiding physical security measures

Correct Answer: A

What is the significance of the shared responsibility model in cloud computing?

A. It divides security responsibilities between the cloud provider and the cloud user

B. It mandates that all security responsibilities are handled by the cloud provider

C. It allows users to opt out of security responsibilities

D. It requires third-party audits annually

Correct Answer: A
Which process involves reviewing the security posture of cloud services on a
regular basis?
A. Security audit

B. Compliance checking

C. Penetration testing

D. Threat modeling

Correct Answer: A

What is the primary function of a cloud service level agreement (SLA)?

A. To define the terms of service and performance expectations between a cloud provider
and customer

B. To provide technical support for cloud services

C. To manage user identities

D. To ensure data encryption

Correct Answer: A

What is the main advantage of using serverless computing in the cloud?

A. Reduced server costs

B. Improved security

C. Scalability and cost-efficiency

D. Increased data storage capacity

Correct Answer: C

What is the purpose of a security information and event management (SIEM)

system?
A. To store large amounts of data

B. To manage user identities

C. To provide real-time analysis of security alerts

D. To encrypt network traffic

Correct Answer: C
What is the main purpose of encryption key management?
A. To reduce storage costs

B. To securely manage encryption keys throughout their lifecycle

C. To improve network performance

D. To simplify user authentication

Correct Answer: B

Which of the following is a benefit of using containerization in cloud

environments?
A. Increased physical security

B. Improved scalability and efficiency

C. Easier data encryption

D. Lower software licensing costs

Correct Answer: B

What is the purpose of a virtual private cloud (VPC)?

A. To provide a private, isolated section of the cloud

B. To offer public internet services

C. To host websites

D. To manage physical data centers

Correct Answer: A

What is the main benefit of using managed cloud services?

A. It eliminates the need for IT staff

B. It reduces the operational overhead and complexity

C. It guarantees 100% uptime

D. It provides unlimited storage capacity

Correct Answer: B
Which of the following best describes the relationship between identities and
attributes?
A. Attributes belong to entities and identities belong to attributes. Each attribute can have
multiple identities but only one entity.

B. An attribute is a unique object within a database. Each attribute has a number of

identities which help define its parameters.

C. An identity is a distinct and unique object within a particular namespace. Attributes are
properties which belong to an identity. Each identity can have multiple attributes.

D. Attributes are made unique by their identities.

E. Identities are the network names given to servers. Attributes are the characteristics of
each server.

Correct Answer: C

What does the principle of 'least privilege' mean in cloud security?

A. Users should have the minimum level of access necessary

B. Only managers should have administrative privileges

C. Data should be accessible to as few regions as possible

D. Systems should operate with the least amount of compute resources

Correct Answer: A

How does encryption protect data?

A. By deleting data automatically after a certain period

B. By converting data into a secure format that can only be read with a key

C. By physically separating data from other users

D. By creating backups at regular intervals

Correct Answer: B

What security practice is essential for protecting data at rest?

A. Use of strong passwords

B. Network segmentation

C. Encryption
D. Regular audits

Correct Answer: C

Which compliance requirement mandates that health data be protected in the

cloud?
A. FERPA

B. HIPAA

C. Sarbanes-Oxley Act

D. GDPR

Correct Answer: B

What aspect of cloud computing can help reduce capital expenses?

A. Scalability

B. Multi-tenancy

C. Pay-as-you-go pricing

D. High availability

Correct Answer: C

Which disaster recovery strategy involves data mirroring between two cloud
data centers?
A. Pilot light

B. Warm standby

C. Hot site

D. Multi-site

Correct Answer: D

What tool or technology would you use to isolate network traffic in the cloud?
A. Firewalls

B. VLANs

C. Content Delivery Network (CDN)

D. Load balancer

Correct Answer: B

What does the principle of 'least privilege' mean in cloud security?

A. Users should have the minimum level of access necessary

B. Only managers should have administrative privileges

C. Data should be accessible to as few regions as possible

D. Systems should operate with the least amount of compute resources

Correct Answer: A

Which AWS service is primarily used for identity and access management?
A. Amazon Cognito

B. AWS IAM

C. AWS Shield

D. Amazon Inspector

Correct Answer: B

What is the purpose of a virtual private cloud (VPC)?

A. To provide a private, isolated section of the cloud

B. To offer public internet services

C. To host websites

D. To manage physical data centers

Correct Answer: A

Which is an important security tool for monitoring and controlling cloud-based

applications?
A. VPN

B. Firewall

C. SIEM

D. Load balancer
 Correct Answer: C

How does encryption protect data?

A. By deleting data automatically after a certain period

B. By converting data into a secure format that can only be read with a key

C. By physically separating data from other users

D. By creating backups at regular intervals

Correct Answer: B

What is a major benefit of using multi-factor authentication (MFA) in cloud

security?
A. Increased ease of access

B. Enhanced security by requiring multiple forms of verification

C. Reduced cost of authentication

D. Simplified password management

Correct Answer: B

Which process involves reviewing the security posture of cloud services on a

regular basis?
A. Security audit

B. Compliance checking

C. Penetration testing

D. Threat modeling

Correct Answer: A

Which type of cloud service allows users to develop, run, and manage
applications without dealing with the underlying infrastructure?
A. IaaS

B. PaaS

C. SaaS

D. DaaS
 Correct Answer: B

Which cloud service model provides the highest level of control over the cloud
environment?
A. IaaS

B. PaaS

C. SaaS

D. FaaS

Correct Answer: A

What is the purpose of a cloud access security broker (CASB)?

A. To manage cloud storage devices

B. To enforce security policies between cloud users and cloud services

C. To provide internet connectivity

D. To host cloud services

Correct Answer: B

What functionality does a content delivery network (CDN) provide?

A. It accelerates dynamic content delivery

B. It decreases the physical distance between the server and the user

C. It enhances security by blocking DDoS attacks

D. It increases website performance by distributing content globally

Correct Answer: D

What is the main benefit of using managed cloud services?

A. It eliminates the need for IT staff

B. It reduces the operational overhead and complexity

C. It guarantees 100% uptime

D. It provides unlimited storage capacity

Correct Answer: B
How do service level agreements (SLAs) benefit cloud computing customers?
A. They provide legal ownership of data

B. They outline the performance and uptime guarantees

C. They offer discounts on long-term commitments

D. They allow unlimited data transfers

Correct Answer: B

Which technique is used to detect and mitigate threats in real-time in the

cloud?
A. Machine learning algorithms

B. Manual patching

C. Automated scaling

D. Periodic audits

Correct Answer: A

What is the role of a cloud access security broker (CASB)?

A. To manage cloud storage devices

B. To enforce security policies between cloud users and cloud services

C. To provide internet connectivity

D. To host cloud services

Correct Answer: B

What is the primary purpose of an intrusion detection system (IDS) in cloud

computing?
A. To monitor network traffic

B. To detect and respond to unauthorized access

C. To manage cloud resource usage

D. To provide data encryption

Correct Answer: B
What does the term 'multi-tenancy' refer to in cloud computing?
A. Multiple customers using the same application

B. Multiple data centers

C. Multiple applications on one server

D. Multiple users on the same virtual machine

Correct Answer: A

Which protocol is primarily used for encrypted communication over the

internet?
A. HTTP

B. SMTP

C. FTP

D. HTTPS

Correct Answer: D

What is the primary benefit of using Infrastructure as Code (IaC) in cloud

environments?
A. Improved physical security

B. Automated infrastructure management

C. Enhanced data encryption

D. Increased cost of operations

Correct Answer: B

What does DDoS stand for in the context of cloud security threats?
A. Distributed Denial of Service

B. Data Denial of Service

C. Dynamic Denial of Service

D. Domain Denial of Service

Correct Answer: A
Which of the following is a common cloud storage security practice?
A. Storing data in plaintext

B. Encrypting data at rest and in transit

C. Using simple passwords

D. Allowing public read access to sensitive data

Correct Answer: B

Which cloud service model allows users to develop, run, and manage
applications without dealing with the underlying infrastructure?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: B

What is the main purpose of encryption key management?

A. To reduce storage costs

B. To securely manage encryption keys throughout their lifecycle

C. To improve network performance

D. To simplify user authentication

Correct Answer: B

What does the Shared Responsibility Model in cloud computing entail?

A. The cloud provider and customer share responsibility for security

B. The customer is solely responsible for security

C. The cloud provider is solely responsible for security

D. A third party is responsible for security

Correct Answer: A
Which of the following is a key characteristic of cloud elasticity?
A. Fixed resource allocation

B. Automatic scaling of resources based on demand

C. Manual adjustment of resources

D. Limited storage capacity

Correct Answer: B

What is the primary benefit of using Infrastructure as Code (IaC) in cloud

environments?
A. Improved physical security

B. Automated infrastructure management

C. Enhanced data encryption

D. Increased cost of operations

Correct Answer: B

Which protocol is commonly used for secure file transfer in cloud

environments?
A. FTP

B. HTTP

C. SFTP

D. SMTP

Correct Answer: C

Which cloud service model is typically used for deploying virtual machines and
storage?
A. IaaS

B. PaaS

C. SaaS

D. DaaS

Correct Answer: A
What is the role of a Data Protection Officer (DPO) in cloud compliance?
A. Managing cloud infrastructure

B. Ensuring compliance with data protection regulations

C. Developing software applications

D. Performing network maintenance

Correct Answer: B

Which of the following is an example of a cloud-native application?

A. A traditional desktop application

B. A web application designed to run in a cloud environment

C. An on-premises database

D. A mobile app that does not use cloud services

Correct Answer: B

Which of the following is a benefit of using containerization in cloud

environments?
A. Increased physical security

B. Improved scalability and efficiency

C. Easier data encryption

D. Lower software licensing costs

Correct Answer: B

What is the main advantage of using serverless computing in the cloud?

A. Reduced server costs

B. Improved security

C. Scalability and cost-efficiency

D. Increased data storage capacity

Correct Answer: C
What is the purpose of identity and access management (IAM) in cloud
security?
A. To manage virtual machines

B. To control access to resources and ensure users are authenticated

C. To encrypt data in transit

D. To provide disaster recovery solutions

Correct Answer: B

Which of the following is a common cloud storage security practice?

A. Storing data in plaintext

B. Encrypting data at rest and in transit

C. Using simple passwords

D. Allowing public read access to sensitive data

Correct Answer: B

What is the principle of defense in depth?

A. Using multiple layers of security controls

B. Relying on a single security solution

C. Keeping security policies simple

D. Avoiding physical security measures

Correct Answer: A

What does DDoS stand for in the context of cloud security threats?
A. Distributed Denial of Service

B. Data Denial of Service

C. Dynamic Denial of Service

D. Domain Denial of Service

Correct Answer: A
Which of the following best describes the relationship between identities and
attributes?
A. Attributes belong to entities and identities belong to attributes. Each attribute can have
multiple identities but only one entity.

B. An attribute is a unique object within a database. Each attribute has a number of

identities which help define its parameters.

C. An identity is a distinct and unique object within a particular namespace. Attributes are
properties which belong to an identity. Each identity can have multiple attributes.

D. Attributes are made unique by their identities.

E. Identities are the network names given to servers. Attributes are the characteristics of
each server.

Correct Answer: C

What is the function of a web application firewall (WAF) in cloud security?

A. To monitor and block malicious HTTP/HTTPS traffic

B. To provide antivirus protection

C. To encrypt web application data

D. To manage cloud storage

Correct Answer: A

What is the main purpose of encryption key management?

A. To reduce storage costs

B. To securely manage encryption keys throughout their lifecycle

C. To improve network performance

D. To simplify user authentication

Correct Answer: B

What is the primary function of a cloud service level agreement (SLA)?

A. To define the terms of service and performance expectations between a cloud provider
and customer

B. To provide technical support for cloud services

C. To manage user identities

D. To ensure data encryption

Correct Answer: A

Which cloud deployment model combines public and private clouds to allow
data and applications to be shared between them?
A. Public cloud

B. Private cloud

C. Hybrid cloud

D. Community cloud

Correct Answer: C

What does the term 'sandboxing' refer to in the context of cloud security?
A. A testing environment that isolates untested code changes

B. A method for encrypting data

C. A technique for network segmentation

D. A type of data storage

Correct Answer: A

Which cloud security certification focuses on global cloud security standards?

A. CISSP

B. CISM

C. CCSK

D. CEH

Correct Answer: C

What is the purpose of a security information and event management (SIEM)

system?
A. To store large amounts of data

B. To manage user identities

C. To provide real-time analysis of security alerts

D. To encrypt network traffic

Correct Answer: C

What is the significance of the shared responsibility model in cloud computing?

A. It divides security responsibilities between the cloud provider and the cloud user

B. It mandates that all security responsibilities are handled by the cloud provider

C. It allows users to opt out of security responsibilities

D. It requires third-party audits annually

Correct Answer: A

What strategy involves spreading cloud assets across multiple providers to

avoid vendor lock-in?
A. Multi-cloud

B. Hybrid cloud

C. Scalable deployment

D. Single cloud

Correct Answer: A