CCSK Exam Simulator 3
Which common components of big data is focused on the mechanisms used to ingest large volumes of
data, often of a streaming nature? - ANSWERDistributed data collection
What is a core tenant of risk management? - ANSWERYou can manage, transfer, accept or avoid the
risks
When designing an encryption system, you should start with a threat model - ANSWERTRUE
CCM: in the CCM tool (encryption and key management) is an example of which of the following? -
ANSWERDomain
Which facet is focused on protecting the management plane components, such as web and API servers
from attacks? - ANSWERPerimeter security
Which phase of incident response life cycle includes creating and validating alerts? - ANSWERdetection
and analysis
If in certain litigations and investigations, the actual cloud application or environment itself is relevant to
resolving the dispute in the litigation or the investigation, how is likely the information to be obtained? -
ANSWERIt may require a subpoena of the provider directly
What is the order of the main phases of secure applications design and development? - ANSWERTrain
define
design
, develop
test
If the management plane has been breached, you should confirm the templates/configurations for your
infrastructure or applications have not also been compromised - ANSWERTRUE
You have a business relationship with a cloud provider for all sales management functionalities. Through
the API and SDK, you have customized the interface and some functionality, but the back end service is
done through the cloud provider. In this relationship, which service is completed by the cloud provider?
- ANSWERPlatform as a service (PaaS)
Which of the following statements best defines the potential advantages of security as a service SecaaS?
- ANSWERThe advantage may include flexible offering of services, greater security domain knowledge
and efficiency of SecaaS providers
What method can be utilized along with data fragmentation to enhance security? - ANSWEREncryption
Which type of application security testing involves manual testing activity that is not necessarily
integrated into automated testing - ANSWERCode review
**could be wrong!
Which of the following statements best defines the "authorization" as a component of identity ,
entitlement and access management - ANSWEREnforcing the roles by which access is granted to the
resources
What are major factor to building and managing secure management plane? - ANSWERPerimeter
security;
customer authentication;
Which common components of big data is focused on the mechanisms used to ingest large volumes of
data, often of a streaming nature? - ANSWERDistributed data collection
What is a core tenant of risk management? - ANSWERYou can manage, transfer, accept or avoid the
risks
When designing an encryption system, you should start with a threat model - ANSWERTRUE
CCM: in the CCM tool (encryption and key management) is an example of which of the following? -
ANSWERDomain
Which facet is focused on protecting the management plane components, such as web and API servers
from attacks? - ANSWERPerimeter security
Which phase of incident response life cycle includes creating and validating alerts? - ANSWERdetection
and analysis
If in certain litigations and investigations, the actual cloud application or environment itself is relevant to
resolving the dispute in the litigation or the investigation, how is likely the information to be obtained? -
ANSWERIt may require a subpoena of the provider directly
What is the order of the main phases of secure applications design and development? - ANSWERTrain
define
design
, develop
test
If the management plane has been breached, you should confirm the templates/configurations for your
infrastructure or applications have not also been compromised - ANSWERTRUE
You have a business relationship with a cloud provider for all sales management functionalities. Through
the API and SDK, you have customized the interface and some functionality, but the back end service is
done through the cloud provider. In this relationship, which service is completed by the cloud provider?
- ANSWERPlatform as a service (PaaS)
Which of the following statements best defines the potential advantages of security as a service SecaaS?
- ANSWERThe advantage may include flexible offering of services, greater security domain knowledge
and efficiency of SecaaS providers
What method can be utilized along with data fragmentation to enhance security? - ANSWEREncryption
Which type of application security testing involves manual testing activity that is not necessarily
integrated into automated testing - ANSWERCode review
**could be wrong!
Which of the following statements best defines the "authorization" as a component of identity ,
entitlement and access management - ANSWEREnforcing the roles by which access is granted to the
resources
What are major factor to building and managing secure management plane? - ANSWERPerimeter
security;
customer authentication;
