You are on page 1of 17

Sample CCSK questions

These sample questions are taken from the CSA
They are open questions, whereas the exam has
multiple choice questions
However, they are representative of the depth
of knowledge that you should have

you will find out that you will be able to answer these questions .Answers to the questions As you read through and study the body of knowledge.

Domain 1. Cloud Architecture Sample question: What are the five essential characteristics of cloud computing? .

Domain 2. Governance and Enterprise risk Sample question: The level of attention and scrutiny paid to enterprise risk assessments should be directly related to what? .

Domain 3. who is ultimately responsible for the security of the data? . Legal and Electronic Discovery Sample question: In the majority of data protection laws. when the data is transferred to a third party custodian.

Domain 4. Compliance and Audit Sample question: What is the most important reason for knowing where the cloud service provider will host the data? .

Information Management and data security Sample question: What are the six phases of the data security lifecycle? .Domain 5.

Portability and Interoperability Sample question: Why is the size of data sets a consideration in portability between cloud service providers? .Domain 6.

Domain 7. Traditional Security. BCM. D/R Sample question: What are the four D's of perimeter security? .

Domain 8. Data Center Operations Sample question: In which type of environment is it impractical to allow the customer to conduct their own audit. making it important that the data center operators are required to provide auditing for the customers? .

Domain 9. Incident Response Sample question: What measures could be taken by the cloud service provider (CSP) that might reduce the occurrence of application level incidents? .

Domain 10. Application Security Sample question: how should an SDLC be modified to address application security in a Cloud Computing environment? .

Encryption and Key Management Sample question: what is the most significant reason that customers are advised to maintain in-house key management? .Domain 11.

Domain 12. Identity and Access Management Sample question: What two types of information will cause additional regulatory issues for all organizations if held as an aspect of an Identity? .

where network-based security controls may not be able to monitor certain types of traffic? .Domain 13. Virtualization Sample question: Why do blind spots occur in a virtualized environment.

Domain 14. what should both parties agree on in advance and include in the SLA? . Security as a Service Sample question: When deploying Security as a Service in a highly regulated industry or environment.

ENISA Document Sample question: Economic Denial of Service (EDOS).. . refers to.