CCSK Exam Dumps - Certificate of Cloud Security Knowledge v5 (CCSKv5.0)

One of the primary advantages of including Static Application Security Testing (SAST) in Continuous Integration (CI) pipelines is that it allows developers to identify code vulnerabilities early in the development process. By scanning the source code for potential security issues as it is being written and integrated into the pipeline, SAST helps to catch vulnerabilities before they make it to later stages of development or production, improving overall security and reducing the cost and effort of fixing issues later.

While SAST does not directly impact the speed of deployment, runtime performance, or user interface, its early identification of security flaws contributes to better code quality and a more secure application.

Cloud computing is adopted mainly for its cost-effectiveness and the ability to accelerate time-to-market, enhancing business agility. Reference: [Security Guidance v5, Domain 1 - Cloud Benefits]

Access policies in cybersecurity are critical for managing and controlling how users and devices access resources within a network or cloud environment. These policies are primarily concerned with defining permissions and rules that govern access to resources. They help organizations implement role-based access control (RBAC) or attribute-based access control (ABAC), which specify who can access what resources and under what conditions.

In the context of cloud computing, access policies are typically enforced using Identity and Access Management (IAM) tools and services, which allow administrators to define and manage the permissions associated with user identities. Access policies include various rules that specify allowed or denied actions based on roles, user attributes, device types, or network conditions.

For example, in the AWS environment, access policies are written in JSON and define permissions for services like EC2, S3, or RDS. Similarly, Azure uses Role-Based Access Control (RBAC) to manage resource access policies.

Access policies are not concerned with real-time monitoring (option A), user authentication methods (option B), or encryption protocols (option C). Instead, they explicitly focus on defining access permissions and controlling how resources are utilized.

InInfrastructure as a Service (IaaS), the customer has themost control and security responsibilitybecause:

The provider only secures physical infrastructure (data centers, networking, hardware).

Customers must configure and manage firewalls, network security, operating system patches, and IAM.

Data security, encryption, and application security are entirely the customer's responsibility.

In contrast:

PaaS (Platform as a Service)places some security responsibility on the provider (e.g., runtime environments, managed databases).

SaaS (Software as a Service)places most security responsibility on the provider, with customers mainly managingidentity and access controls.

This is extensively discussed in:

CCSK v5 - Security Guidance v4.0, Domain 1 (Cloud Computing Concepts and Architectures)

Cloud Controls Matrix (CCM) - Infrastructure and Application Security Controls​.