callicon +1 210-504-8191
whatsAppIcon +1 210-504-8191
emailIcon info@koenig-solutions.com
koenig-logo
logo-30-years
Login
koenig-logo
+1 210-504-8191
+1 210-504-8191

Certificate of Cloud Security Knowledge (CCSK) Foundation Quiz Questions and Answers

Answer :
  • SCIM

Explanation :

The correct answer is SCIM. According to CSA guidance 4.0 (page 133), System for Cross-domain Identity Management (SCIM) is a standard for provisioning and deprovisioning accounts in external systems and for exchanging attribute information. SAML also allows for secure exchange of attribute information, but the best answer is SCIM as question literally takes from the guidance word-for-word. WAP is a wireless protocol and oAuth is limited to authorization. Service Provisioning Markup Language is no longer referenced in the 4.0 version of the guidance
Answer :
  • It may require users to VPN back to the corporate network before accessing cloud services

Explanation :

The correct answer is that users may have to VPN back to the corporate network before accessing cloud services (CSA guidance page 135). Directory servers with appropriate capabilities (e.g. Active Directory Federations Services) can form federation with cloud services. Although both SAML and oAuth are standards that can be leveraged for federation, these are not the best answer. Finally, while identity broker services may be more scalable depending on the use case involved, this is not found in the CSA guidance.
Answer :
  • The Data Controller

Explanation :

The correct answer is the Data Controller. Page 36 of the guidance states the Data Controller has the primary relationship with an individual. Of note, the guidance uses both data controller and data custodian depending on the applicable jurisdiction. These terms can be used interchangeably. Americans call the role that collects information from individuals (data subjects) as the data custodian whereas Europeans call this role the data controller.
Answer :
  • Economies of scale

Explanation :

The BEST answer is “Economies of Scale”, as referenced in page 56 of the CSA guidance. Although this is associated with the time and effort required to manage these audits, always look for the BEST answer as likely being the words associated with the question in the guidance. All other answers are incorrect.
Answer :
  • Static Application Security Testing (SAST

Explanation :

The correct answer is Static Application Security Testing (SAST). Dynamic testing is testing code as it is running. Fuzz testing is generally a dynamic testing type. Although the other three options may be possible, the most appropriate answer is SAST (page 113).
Answer :
  • Physical network inspection will create a bottleneck

Explanation :

The correct answer is C. Bridging traffic from a virtual network to a physical network will cause bottlenecks (Pg. 95). Note, although this cannot be done in a public cloud network, there is no reference to public or private (and the bottleneck remains true).
Answer :
  • Identity

Explanation :

The correct answer is Identity (guidance pg. 131). An Identifier is how an identity is asserted. Persona is identity plus attributes that indicates context. SAML is a federation standard and Authorizer is not a term used by the CSA.
Answer :
  • Used to make access decisions

Explanation :

Ok, this one was made purposefully difficult. In reality, all of these could be correct. However, the BEST answer is “used to make access decisions” as this is found directly in the guidance on page 131.
Answer :
  • Detective

Explanation :

Logging is a detective control. This is not found in the guidance, rather it is a question based on security knowledge. Detection is a critical component of security and should be enabled when feasible.
Answer :
  • Perimeter Security

Explanation :

The correct answer is Perimeter Security (page 71). Although all other options may be valid, perimeter security is listed as the most applicable to protect the components such as web and API servers.