CSA CCSK Exam Questions Instant Access - No Installation Required

Question 1

ENISA: An example high risk role for malicious insiders within a Cloud Provider includes

ASales

BMarketing

CLegal counsel

DAuditors

EAccounting

Answer : D

Question 2

How does centralized logging simplify security monitoring and compliance?

AIt consolidates logs into a single location.

BIt decreases the amount of data that needs to be reviewed.

CIt encrypts all logs to prevent unauthorized access.

DIt automatically resolves all detected security threats.

Answer : A

Centralized logging aggregates logs in one location, making it easier to monitor, analyze, and comply with regulatory requirements. Reference: [Security Guidance v5, Domain 6 - Security Monitoring]

Question 3

In FaaS, what is the primary security concern with using third-party services/APIs?

ADirect control over server management

BSimplified IAM and permissions management

CIncreased attack surface via unauthorized access

DStateless nature of executions reducing risk

Answer : C

''When integrating third-party APIs with FaaS, each connection potentially increases the attack surface by exposing additional authentication, authorization, and data access points.''

--- CSA Security Guidance v4.0 -- Domain 14: Serverless Security

Question 4

What is the purpose of access policies in the context of security?

AAccess policies encrypt sensitive data to protect it from disclosure and unrestricted access.

BAccess policies define the permitted actions that can be performed on resources.

CAccess policies determine where data can be stored.

DAccess policies scan systems to detect and remove malware infections.

Answer : B

Access policies are a critical component of security frameworks that specify and enforce the permitted actions that users or systems can perform on resources, such as files, applications, or services. These policies help ensure that only authorized individuals or systems have access to certain resources and that they can only perform authorized actions, such as reading, writing, or modifying the resources. Access policies are fundamental in managing security and preventing unauthorized access, misuse, or attacks.

Access policies encrypt sensitive data is incorrect because encryption of sensitive data is typically handled by encryption policies, not access policies. Access policies determine where data can be stored is more related to data management policies rather than access control. Access policies scan systems for malware is related to security measures such as antivirus or anti-malware tools, not the scope of access control policies.

Question 5

Which of the following events should be monitored according to CIS AWS benchmarks?

ARegular file backups

BData encryption at rest

CSuccessful login attempts

DUnauthorized API calls

Answer : D

According to the CIS AWS (Center for Internet Security AWS) benchmarks, unauthorized API calls should be closely monitored because they indicate potential security threats or malicious activity within the AWS environment. Monitoring unauthorized API calls helps detect unauthorized access, misconfigurations, or attempts to exploit cloud resources. It's a key part of maintaining a secure AWS environment and helps ensure compliance with security best practices.

Regular file backups are important but not specifically a focus of the CIS AWS benchmarks. Data encryption at rest is a security best practice but monitoring unauthorized API calls directly addresses access control and security within the environment. Successful login attempts are important but monitoring failed login attempts (as opposed to successful ones) is generally a better practice for identifying suspicious activity.

Question 6

How does network segmentation primarily contribute to limiting the impact of a security breach?

ABy reducing the threat of breaches and vulnerabilities

BConfining breaches to a smaller portion of the network

CAllowing faster data recovery and response

DMonitoring and detecting unauthorized access attempts

Answer : B

Network segmentation isolates sections of the network, limiting the spread of a breach and containing it to a specific segment. Reference: [Security Guidance v5, Domain 7 - Infrastructure & Networking]

Question 7

Your cloud and on-premises infrastructures should always use the same network address ranges.

AFalse

BTrue

Answer : A

CSA Certificate Of Cloud Security Knowledge CCSK Exam Questions