CCSK EXAM WITH CORRECT
ANSWERS
The role of __________________ needs to be carefully considered, and responsibility
for including them in governance, indirectly or directly, should be explicitly assigned
within the customer organization. - Answer- External providers
Audit must be____________________ and should be robustly designed to reflect best
practice, appropriate resources, and tested protocols and standards. - Answer-
Independently conducted
Particularly important to outsourcing and regulations is __________ requirements and
obligations. - Answer- Chained
Any information processed, transmitted, stored, or viewed that is identified
as_______________ information faces a plethora of compliance regulation worldwide
that may vary country or state. - Answer- Personal Identifiable Information
____________ is a technique that is commonly used to improve data security, but
without the use of encryption mechanisms. - Answer- Data Dispersion
The Data Security Lifecycle in order is - Answer- Create, Store, Use, Share, Archive,
Destroy
Unlike with _________ the goal isn't to label every piece of data in the organization, but
rather to define high-level categories. - Answer- Data classification
File Activity Monitoring provides similar protection to _________________. - Answer-
Database Activity Monitoring
In cloud deployments, and throughout the different service models, it's important to
protect data in transit. This includes: - Answer- Between cloud vendors
________ mandates that those components should be replaceable by new or different
components from different providers and continue to work, as should the exchange of
data between systems. - Answer- Interoperability
A lack of interoperability can lead to __________. - Answer- Lock-in
, Using open standards for Identity such as ________________ will help to ensure
portability. - Answer- SAML
Encryption keys should be escrowed _______________. - Answer- Locally
_______________ may cause an interruption of service during a transition, or a longer
transition period than anticipated. - Answer- The size of data
A common scenario is "___________", where an enterprise shares the load with
external cloud providers to meet peak demands. - Answer- Cloud bursting
The Four D's of Perimeter Security consists of _____________. - Answer- Deter,
Detect, Delay and Deny
Segregation of duties originated in _________. - Answer- Accounting and financial
management
The data center should be equipped with specific environmental support equipment
according to published internal standards such as: - Answer- Uninterruptible power
supply
The composition of the Emergency Response Team, Crisis Management Team and
Incident response team should be reviewed in detail along with ________ - Answer-
Crisis communication procedure
The Restoration plan should incorporate and quantify the _____ - Answer- Recovery
Point Objective
Cloud providers should consider adopting as a security baseline the______________
requirements of any customer, such that systems, facilities, and procedures are at a
system high level. - Answer- Most stringent
Organizations building cloud data centers should incorporate management processes,
practices, and software to understand and react to technology running _______. -
Answer- Inside the data center
Given the controls in the Cloud Control Matrix the data center being built or purchased
must conform to _____. - Answer- Physical and asset security requirements
Use _________ techniques to ensure availability, security, and asset delivery and
management. - Answer- IT service management
Cloud computing does not necessitate a new conceptual framework for Incident
Response; rather it requires that the organization appropriately_________ - Answer-
Maps its extant IR
ANSWERS
The role of __________________ needs to be carefully considered, and responsibility
for including them in governance, indirectly or directly, should be explicitly assigned
within the customer organization. - Answer- External providers
Audit must be____________________ and should be robustly designed to reflect best
practice, appropriate resources, and tested protocols and standards. - Answer-
Independently conducted
Particularly important to outsourcing and regulations is __________ requirements and
obligations. - Answer- Chained
Any information processed, transmitted, stored, or viewed that is identified
as_______________ information faces a plethora of compliance regulation worldwide
that may vary country or state. - Answer- Personal Identifiable Information
____________ is a technique that is commonly used to improve data security, but
without the use of encryption mechanisms. - Answer- Data Dispersion
The Data Security Lifecycle in order is - Answer- Create, Store, Use, Share, Archive,
Destroy
Unlike with _________ the goal isn't to label every piece of data in the organization, but
rather to define high-level categories. - Answer- Data classification
File Activity Monitoring provides similar protection to _________________. - Answer-
Database Activity Monitoring
In cloud deployments, and throughout the different service models, it's important to
protect data in transit. This includes: - Answer- Between cloud vendors
________ mandates that those components should be replaceable by new or different
components from different providers and continue to work, as should the exchange of
data between systems. - Answer- Interoperability
A lack of interoperability can lead to __________. - Answer- Lock-in
, Using open standards for Identity such as ________________ will help to ensure
portability. - Answer- SAML
Encryption keys should be escrowed _______________. - Answer- Locally
_______________ may cause an interruption of service during a transition, or a longer
transition period than anticipated. - Answer- The size of data
A common scenario is "___________", where an enterprise shares the load with
external cloud providers to meet peak demands. - Answer- Cloud bursting
The Four D's of Perimeter Security consists of _____________. - Answer- Deter,
Detect, Delay and Deny
Segregation of duties originated in _________. - Answer- Accounting and financial
management
The data center should be equipped with specific environmental support equipment
according to published internal standards such as: - Answer- Uninterruptible power
supply
The composition of the Emergency Response Team, Crisis Management Team and
Incident response team should be reviewed in detail along with ________ - Answer-
Crisis communication procedure
The Restoration plan should incorporate and quantify the _____ - Answer- Recovery
Point Objective
Cloud providers should consider adopting as a security baseline the______________
requirements of any customer, such that systems, facilities, and procedures are at a
system high level. - Answer- Most stringent
Organizations building cloud data centers should incorporate management processes,
practices, and software to understand and react to technology running _______. -
Answer- Inside the data center
Given the controls in the Cloud Control Matrix the data center being built or purchased
must conform to _____. - Answer- Physical and asset security requirements
Use _________ techniques to ensure availability, security, and asset delivery and
management. - Answer- IT service management
Cloud computing does not necessitate a new conceptual framework for Incident
Response; rather it requires that the organization appropriately_________ - Answer-
Maps its extant IR
