Sample CCSK questions

These sample questions are taken from the CSA

website
They are open questions, whereas the exam has
multiple choice questions
However, they are representative of the depth
of knowledge that you should have
Answers to the questions

As you read through and study the body of

knowledge, you will find out that you will be
able to answer these questions
Domain 1.
Cloud Architecture

Sample question: What are the five essential

characteristics of cloud computing?
Domain 2. Governance and Enterprise
risk

Sample question: The level of attention and

scrutiny paid to enterprise risk assessments
should be directly related to what?
Domain 3.
Legal and Electronic Discovery

Sample question: In the majority of data

protection laws, when the data is transferred to
a third party custodian, who is ultimately
responsible for the security of the data?
Domain 4.
Compliance and Audit

Sample question: What is the most important

reason for knowing where the cloud service
provider will host the data?
Domain 5. Information Management
and data security

Sample question: What are the six phases of the

data security lifecycle?
Domain 6.
Portability and Interoperability

Sample question: Why is the size of data sets a

consideration in portability between cloud
service providers?
Domain 7.
Traditional Security, BCM, D/R

Sample question: What are the four D's of

perimeter security?
Domain 8.
Data Center Operations
Sample question: In which type of environment
is it impractical to allow the customer to conduct
their own audit, making it important that the
data center operators are required to provide
auditing for the customers?
Domain 9.
Incident Response

Sample question: What measures could be taken

by the cloud service provider (CSP) that might
reduce the occurrence of application level
incidents?
Domain 10.
Application Security

Sample question: how should an SDLC be

modified to address application security in a
Cloud Computing environment?
Domain 11.
Encryption and Key Management

Sample question: what is the most significant

reason that customers are advised to maintain
in-house key management?
Domain 12.
Identity and Access Management

Sample question: What two types of information

will cause additional regulatory issues for all
organizations if held as an aspect of an Identity?
Domain 13.
Virtualization

Sample question: Why do blind spots occur in a

virtualized environment, where network-based
security controls may not be able to monitor
certain types of traffic?
Domain 14.
Security as a Service

Sample question: When deploying Security as a

Service in a highly regulated industry or
environment, what should both parties agree on
in advance and include in the SLA?
ENISA Document

Sample question: Economic Denial of Service

(EDOS), refers to..