CCSK Exam Dumps - Certificate of Cloud Security Knowledge (v5.0)

AI workloads do not require special security considerations compared to other workloads.

AI workloads should be openly accessible to foster collaboration and innovation.

AI workloads should be isolated in secure environments with strict access controls.

Security practices for AI workloads should focus solely on protecting the AI models.

Reliability

Security

Performance

Scalability

The division of security responsibilities between cloud providers and customers

The relationships between IaaS, PaaS, and SaaS providers

The compliance with geographical data residency and sovereignty

The guidance for the cloud compliance framework

Scalability and redundancy

Improved software development methodologies

Enhanced security and compliance

Cost efficiency and speed to market

Local backup

Multi-region resiliency

Single-region resiliency

High Availability within one data center

Notifying affected parties

Isolating affected systems

Restoring services to normal operations

Documenting lessons learned and improving future responses

Implementing real-time visibility

Deploying container-specific antivirus scanning

Using static code analysis tools in the pipeline

Full packet network monitoring

To reduce costs associated with physical hardware

To simplify the deployment of virtual machines

To quickly respond to evolving threats and changing infrastructure

To ensure high availability and load balancing

Role-Based Access Control

Unlimited Access

Mandatory Access Control

Least-Privileged Access

Component credentials

Immutable infrastructure

Infrastructure as code

Application integration

Cloud storage management and governance

Data center infrastructure and architecture

IAM and networking

Application development and deployment

Requires extensive on-premises infrastructure

Shifts more responsibility to cloud service providers

Increases workload for developers

Eliminates need for cloud service providers

Contracts

Shared Responsibility Model

Service Registry

Risk Register

Through virtualization, with administrators allocating resources based on SLAs

Through abstraction and automation to distribute resources to customers

By allocating physical systems to a single customer at a time

Through manual configuration of resources for each user need

They reduce the cost of cloud services.

They provide visibility into cloud environments.

They enhance physical security.

They encrypt cloud data at rest.

Network Attached Storage (NAS)

Block storage

File storage

Object storage

Enhances security by supporting authorizations based on the current context and status

Reduces log analysis requirements

Simplifies regulatory compliance by using a single sign-on mechanism

These are required for proper implementation of RBAC

It allows for quick restoration points during updates or changes

It is used for load balancing VMs

It enhances VM performance significantly

It provides real-time analytics on VM applications

By rotating keys on a regular basis

By using default policies for all keys

By specifying fine-grained permissions

By granting root access to administrators

To create a separation between development and operations

To eliminate the need for IT operations by automating all tasks

To enhance collaboration between development and IT operations for efficient delivery

To reduce the development team size by merging roles

Shared responsibilities should be consistent across all services.

Based on the per-service SLAs for security.

Responsibilities are the same across IaaS, PaaS, and SaaS in the shared model.

Responsibilities are divided between the cloud provider and the customer based on the service type.

Inability to monitor cloud infrastructure for threats

IAM failures

Lack of encryption for data at rest

Vulnerabilities in cloud provider's physical infrastructure

To increase data transfer speeds within the cloud environment

To reduce the cost of cloud services

To ensure compliance, security, and efficient management aligned with the organization's goals

To eliminate the need for on-premises data centers

A single deployment for all applications

Shared deployments for similar applications

Randomized deployment configurations

Multiple independent deployments for applications

False

True

Configuring secondary authentication

Establishing multiple accounts

Maintaining tight control of the primary account holder credentials

Implementing least privilege accounts

Configuring role-based authentication

False

True

A library of data definitions

A group of entities which have decided to exist together in a single

cloud

Identities which share similar attributes

Several countries which have agreed to define their identities with

similar attributes

The connection of one identity repository to another

Database encryption

Media encryption

Asymmetric encryption

Object encryption

Client/application encryption

It reduces hardware costs

It provides dynamic and granular policies with less management overhead

It locks down access and provides stronger data security

It reduces the blast radius of a compromised system

It enables you to configure applications around business groups

Access control

Federated Identity Management

Authoritative source

Entitlement

Authentication

Any encryption option that is available for volume storage, object storage, or PaaS

Provider-managed and (sometimes) proxy encryption

Client/application and file/folder encryption

Object encryption Volume storage encryption

False

True

The devices used to access data have different storage formats.

The devices used to access data use a variety of operating systems and may have different programs installed on them.

The device may affect data dispersion.

The devices used to access data use a variety of applications or clients and may have different security characteristics.

The devices used to access data may have different ownership characteristics.

Create, Store, Use, and Share

Create and Store

Create and Use

Create, Store, and Use

Create, Use, Store, and Delete

False

True

Volume storage

Platform

Database

Application

Object storage

You might not have the ability or administrative rights to search or access all hosted data.

The cloud provider must conduct the search with the full administrative controls.

All cloud-hosted email accounts are easily searchable.

Search and discovery time is always factored into a contract between the consumer and provider.

You can easily search across your environment using any E-Discovery tool.

Platform-based Workload

Pod

Abstraction

Container

Virtual machine

Multi-tenancy

Nation-state boundaries

Measured service

Unlimited bandwidth

Hybrid clouds

The laws protecting customer data are based on the cloud provider and customer location only.

The confidentiality agreements between companies using cloud computing services is limited legally to the company, not the provider.

The companies using the cloud providers are the custodians of the data entrusted to them.

The cloud computing companies are absolved of all data security and associated risks through contracts and data laws.

The cloud computing companies own all customer data.

Administrative access

Management plane

Identity and Access Management

Single sign-on

Cloud dashboard

Intrusion Prevention System

URL filters

Data Loss Prevention

Cloud Access and Security Brokers (CASB)

Database Activity Monitoring

False

True

It requires distinct access controls

It manages resource pools for cloud consumers

It has distinct functions from other networks

It manages the traffic between other networks

It requires unique security

You should apply cloud firewalls on a per-network basis.

You should deploy your cloud firewalls identical to the existing firewalls.

You should always open traffic between workloads in the same virtual subnet for better visibility.

You should implement a default allow with cloud firewalls and then restrict as necessary.

You should implement a default deny with cloud firewalls.

Data Security and Encryption

Information Governance

Incident Response, Notification and Remediation

Compliance and Audit Management

Infrastructure Security

Serverless computing

Virtual machineless

Abstraction

Container

Provider managed

False

True

Use strong multi-factor authentication

Secure backup processes for key management systems

Segregate keys from the provider hosting data

Stipulate encryption in contract language

Select cloud providers within the same country as customer