CCSK Exam Dumps - Certificate of Cloud Security Knowledge (CCSK v5.0)

Improper management of VM instances, causing customer VMs to be commingled with other customer systems.

Looping within virtualized routing systems.

Lack of vulnerability management standards.

Using a compromised VM to exploit a hypervisor, used to take control of other VMs.

Instability in VM patch management causing VM routing errors.

False

True

The provider is accountable for all risk management.

You can manage, transfer, accept, or avoid risks.

The consumers are completely responsible for all risk.

If there is still residual risk after assessments and controls are in

place, you must accept the risk.

Risk insurance covers all financial losses, including loss of

customers.

The metrics defining the service level required to achieve regulatory objectives.

The duration of time that a security violation can occur before the client begins assessing regulatory fines.

The cost per incident for security breaches of regulated information.

The regulations that are pertinent to the contract and how to circumvent them.

The type of security software which meets regulations and the number of licenses that will be needed.

Nothing.

It depends on how the automation is configured.

Changes made in production are overwritten by the next code or template change.

Changes made in test are overwritten by the next code or template change.

Changes made in production are untouched by the next code or template change.

False

True

Submit the CCM on behalf of the CSP to CSA Security, Trust & Assurance Registry (STAR), a free, publicly accessible registry that documents the security controls provided by CSPs

Use CCM to build a detailed list of requirements and controls that they want their CSP to implement

Use CCM to help assess the risk associated with the CSP

None of the above

Governance and Retention Management

Governance and Risk Management

Governing and Risk Metrics