CSA CCSK Exam Questions

Question 6 of 221

Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?

Platform-as-a-service (PaaS)

Desktop-as-a-service (DaaS)

Infrastructure-as-a-service (IaaS)

Identity-as-a-service (IDaaS)

Software-as-a-service (SaaS)

Correct Answer: E

Software-as-a-service (SaaS) is the cloud-based service model that enables companies to provide client-based access for partners to databases or applications. In this model, software applications are hosted on the cloud, and users access them through web browsers. SaaS providers manage the underlying infrastructure, application, and data, allowing companies to focus on their core business rather than managing software and hardware.

Question 7 of 221

CCM: The following list of controls belong to which domain of the CCM?
GRM 06 `" Policy GRM 07 `" Policy Enforcement GRM 08 `" Policy Impact on Risk Assessments GRM 09 `" Policy Reviews GRM 10 `" Risk Assessments GRM 11
`" Risk Management Framework

Governance and Retention Management

Governance and Risk Management

Governing and Risk Metrics

Correct Answer: B

The controls listed, such as Policy, Policy Enforcement, Policy Impact on Risk Assessments, Policy Reviews, Risk Assessments, and Risk Management Framework, clearly fall under the domain of Governance and Risk Management. This domain focuses on policies and frameworks that guide and control an organization's risk management practices.

Question 8 of 221

Which attack surfaces, if any, does virtualization technology introduce?

The hypervisor

Virtualization management components apart from the hypervisor

Configuration and VM sprawl issues

All of the above

Correct Answer: D

Virtualization technology introduces multiple attack surfaces. The hypervisor is a critical component that can be targeted. In addition, virtualization management components apart from the hypervisor, such as those used to manage and configure virtual machines, are also potential targets. Configuration and VM sprawl issues can introduce vulnerabilities due to misconfigurations and the difficulty of managing numerous virtual machines. Therefore, all of these factors collectively constitute the attack surfaces introduced by virtualization technology.

Question 9 of 221

APIs and web services require extensive hardening and must assume attacks from authenticated and unauthenticated adversaries.

False

True

Correct Answer: B

APIs and web services require extensive hardening because they are susceptible to attacks from both authenticated and unauthenticated adversaries. Proper hardening includes implementing industry-standard authentication methods, ensuring secure coding practices, and deploying regular security assessments to identify and mitigate potential vulnerabilities.

Question 10 of 221

Which of the following is NOT a cloud computing characteristic that impacts incidence response?

The on demand self-service nature of cloud computing environments.

Privacy concerns for co-tenants regarding the collection and analysis of telemetry and artifacts associated with an incident.

The possibility of data crossing geographic or jurisdictional boundaries.

Object-based storage in a private cloud.

The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by cloud infrastructures.

Correct Answer: D

The correct option is object-based storage in a private cloud. The on-demand self-service nature of cloud computing environments, privacy concerns for co-tenants, the possibility of data crossing geographic or jurisdictional boundaries, and resource pooling with rapid elasticity are all cloud characteristics that can impact incident response. However, object-based storage in a private cloud is a storage architecture and does not directly impact incident response processes.