


































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Offered by CCC, this certification covers governance, risk management, compliance, and security controls for cloud infrastructure. Candidates must understand identity and access management (IAM), encryption, DevSecOps practices, and cloud provider selection from a security perspective.
Typology: Exams
1 / 74
This page cannot be seen from the preview
Don't miss anything!



































































Question 1. Which of the following best defines cloud governance in the context of cloud security? A) The technical configuration of cloud resources B) Policies, procedures, and controls to manage cloud security C) The physical security measures for data centers D) The process of migrating data to the cloud Answer: B Explanation: Cloud governance involves establishing policies, procedures, and controls to ensure that cloud resources and services are used securely and in compliance with organizational standards. Question 2. Which framework is specifically designed to provide a comprehensive control matrix and certification program for cloud security? A) NIST CSF B) ISO/IEC 27001 C) Cloud Security Alliance (CSA) Cloud Control Matrix (CCM) and STAR Program D) COBIT Answer: C Explanation: The CSA CCM provides a detailed control framework tailored for cloud security, and the STAR program offers certification to validate cloud providers' security controls. Question 3. What is a primary challenge of cloud-specific governance related to shared responsibility models? A) Ensuring physical access controls B) Clarifying security responsibilities between cloud provider and customer C) Managing network hardware D) Maintaining legacy systems Answer: B Explanation: Shared responsibility models can create confusion about which security controls are managed by the cloud provider versus the customer, making governance challenging. Question 4. Which risk treatment strategy involves transferring the risk to a third party?
A) Avoid B) Mitigate C) Transfer D) Accept Answer: C Explanation: Transferring risk typically involves outsourcing or purchasing insurance to shift the potential impact to a third party. Question 5. In cloud risk management, what is the purpose of a risk register? A) To record the financial costs of cloud services B) To document identified risks, assessments, and mitigation plans C) To log user activity D) To list cloud service providers Answer: B Explanation: A risk register systematically documents risks, their assessments, and actions for mitigation or management. Question 6. Which regulation is primarily focused on data privacy rights within the European Union? A) HIPAA B) GDPR C) CCPA D) PCI DSS Answer: B Explanation: GDPR (General Data Protection Regulation) governs data privacy and protection rights for individuals in the EU. Question 7. Which industry standard provides a framework for assessing the security and privacy controls of cloud service providers? A) SOC 2 B) ISO/IEC 27001
D) Attribute-Based Access Control (ABAC) Answer: B Explanation: Federation with SSO allows centralized authentication across multiple cloud services, simplifying access management. Question 11. What is a key benefit of Multi-Factor Authentication (MFA) in cloud environments? A) Simplifies user access B) Eliminates password need C) Adds an additional layer of security beyond passwords D) Reduces network traffic Answer: C Explanation: MFA requires users to present multiple forms of verification, significantly increasing security against unauthorized access. Question 12. Which network security component in cloud environments is used to isolate and segment network traffic? A) Firewall B) Virtual Private Cloud (VPC) C) Intrusion Detection System D) Load balancer Answer: B Explanation: VPCs enable network segmentation and isolation within a cloud environment, improving security and traffic control. Question 13. Which is a common feature of cloud-native firewalls? A) Physical installation B) Stateful packet inspection C) Rule-based traffic filtering in cloud environments D) Manual configuration only Answer: C
Explanation: Cloud-native firewalls provide programmable, rule-based traffic filtering tailored for cloud architectures. Question 14. What is the primary purpose of Web Application Firewalls (WAFs) in cloud security? A) Encrypt data at rest B) Protect web applications from attacks like SQL injection and cross-site scripting C) Manage user identities D) Monitor network bandwidth Answer: B Explanation: WAFs analyze and filter HTTP/HTTPS traffic to block malicious requests targeting web applications. Question 15. Which cloud security measure involves encrypting data before transmission across networks? A) Data at rest encryption B) Data in transit encryption C) Key rotation D) Data masking Answer: B Explanation: Encrypting data in transit protects it during transmission, preventing interception and eavesdropping. Question 16. What role does a Key Management System (KMS) play in cloud data security? A) Storing user credentials B) Managing encryption keys securely C) Monitoring network traffic D) Authenticating users Answer: B Explanation: KMS securely generates, stores, and manages cryptographic keys used for data encryption and decryption.
Question 20. What distinguishes serverless computing security from traditional server-based models? A) No need for access controls B) Security is handled automatically by cloud providers C) Focus on securing functions and event triggers D) Lack of monitoring tools Answer: C Explanation: Serverless security emphasizes protecting functions, APIs, and event triggers, often requiring different controls than traditional servers. Question 21. How does Infrastructure as Code (IaC) contribute to cloud security? A) Eliminates need for security controls B) Automates deployment and configuration, enabling consistent security policies C) Replaces all manual security processes D) Removes version control Answer: B Explanation: IaC allows automation of infrastructure deployment with embedded security configurations, reducing errors and inconsistencies. Question 22. Which automated security testing method involves analyzing code during development to identify vulnerabilities? A) DAST B) SAST C) IAST D) Penetration testing Answer: B Explanation: Static Application Security Testing (SAST) analyzes source code or binaries during development to find security flaws. Question 23. Which cloud security monitoring tool is commonly used to collect and analyze logs across cloud environments?
C) Firewall D) VPN Answer: A Explanation: Security Information and Event Management (SIEM) systems aggregate and analyze logs for security threats and compliance. Question 24. What is a primary challenge of forensic investigations in cloud environments? A) Data is always stored locally B) Ephemeral and volatile data complicates evidence collection C) Cloud logs are not useful D) Forensics are unnecessary in the cloud Answer: B Explanation: The ephemeral nature of cloud resources makes capturing volatile data challenging during forensic investigations. Question 25. Which tool set is used to continuously assess and improve cloud security posture? A) CSPM tools B) Antivirus software C) Network scanners D) Data backups Answer: A Explanation: Cloud Security Posture Management (CSPM) tools monitor and assess cloud configurations to identify and remediate security risks. Question 26. Which aspect is critical when designing disaster recovery (DR) in the cloud? A) Single region deployment B) Geo-redundancy and multi-region strategies C) Manual backups only
Explanation: Security addendums and contracts specify security responsibilities and expectations for cloud vendors. Question 30. Which method is essential for promoting a security-conscious culture across cloud teams? A) Developing and delivering targeted security training programs B) Limiting access to security policies C) Avoiding security awareness campaigns D) Focusing only on technical controls Answer: A Explanation: Training programs increase awareness and promote secure behaviors among cloud users and administrators. Question 31. Which metric is most useful for reporting the effectiveness of cloud security controls to senior leadership? A) Number of users B) Percentage of compliant configurations C) Hardware inventory count D) Network bandwidth utilization Answer: B Explanation: Compliance metrics demonstrate adherence to security standards and controls, informing leadership of security posture. Question 32. Which emerging technology's impact on cryptography is a concern for future cloud security? A) Blockchain B) Quantum computing C) Artificial Intelligence D) Edge computing Answer: B Explanation: Quantum computing has the potential to break current cryptographic algorithms, posing future security challenges.
Question 33. Which cloud security approach involves automating responses to threats using orchestration platforms? A) SIEM B) SOAR C) IDS D) Firewall rules Answer: B Explanation: Security Orchestration, Automation, and Response (SOAR) platforms automate threat detection and response workflows. Question 34. What is a key challenge in implementing consistent security policies across multi-cloud environments? A) Different cloud provider architectures and APIs B) Lack of internet connectivity C) Uniform hardware standards D) Single vendor control Answer: A Explanation: Diverse architectures and management tools across providers complicate policy consistency and enforcement. Question 35. Which advanced security measure is crucial for protecting serverless functions during runtime? A) Network segmentation B) Runtime security and vulnerability scanning C) Physical security controls D) Manual code review only Answer: B Explanation: Runtime security involves monitoring and scanning serverless functions during execution to detect vulnerabilities and malicious activity.
A) By trusting all internal traffic B) By verifying all users and devices continuously before granting access C) By removing access controls D) By relying solely on perimeter defenses Answer: B Explanation: Zero Trust enforces strict identity verification for every access request, minimizing trust assumptions. Question 40. Which cloud security measure involves encrypting data stored in object storage services? A) Data in transit encryption B) Data at rest encryption C) Key rotation D) Data masking Answer: B Explanation: Encrypting data at rest protects stored information from unauthorized access, even if storage is compromised. Question 41. Which practice is essential for securing APIs in cloud environments? A) Using open ports B) API security and access control measures such as OAuth and API gateways C) Disabling authentication D) Hardcoding credentials Answer: B Explanation: API security involves implementing authentication, authorization, and monitoring through gateways and protocols like OAuth. Question 42. What is the primary purpose of a cloud Security Information and Event Management (SIEM) system? A) To manage user identities B) To aggregate, analyze, and alert on security events
C) To provision cloud resources D) To monitor network bandwidth Answer: B Explanation: SIEM systems centralize security logs, enabling detection, analysis, and response to threats. Question 43. Which approach helps in detecting anomalous user behavior in cloud environments? A) Firewall rules B) User and Entity Behavior Analytics (UEBA) C) Manual log review D) Data encryption Answer: B Explanation: UEBA uses analytics to identify deviations from normal user behavior, indicating potential security incidents. Question 44. Which key aspect is critical when designing cloud-based disaster recovery (DR) plans? A) Manual failover procedures only B) Automated failover, testing, and geo-redundant deployment C) Single data center D) Ignoring latency Answer: B Explanation: Automated failover and multi-region deployment enhance resilience and minimize downtime during disasters. Question 45. How can organizations optimize cloud security costs effectively? A) Deploy all controls regardless of risk B) Use FinOps practices to analyze and balance security spend C) Avoid monitoring tools D) Minimize security staffing Answer: B
Explanation: SOAR platforms automate detection, response, and remediation processes, reducing response times. Question 49. Which challenge is associated with multi-cloud security management? A) Uniform APIs B) Consistency of security policies across diverse cloud platforms C) Single vendor dependency D) Lack of internet connectivity Answer: B Explanation: Multi-cloud environments require consistent security policies across various platforms, which can be complex due to differing APIs and configurations. Question 50. What is a key consideration when securing serverless applications? A) Managing server OS security B) Runtime security, access controls, and vulnerability management of functions C) Physical security of servers D) Hardware procurement Answer: B Explanation: Since serverless functions run in ephemeral environments, runtime security, proper access controls, and vulnerability management are critical. Question 51. How does implementing DevSecOps contribute to cloud security? A) By delaying security checks B) By integrating security into continuous integration and deployment pipelines C) By removing security from development D) By manual testing only Answer: B Explanation: DevSecOps embeds security into automated CI/CD pipelines, enabling rapid, secure deployment of cloud applications.
Question 52. Which control is essential for protecting data classified as sensitive in the cloud? A) Data masking and encryption B) Disabling access controls C) Manual data review only D) Data duplication Answer: A Explanation: Masking and encryption protect sensitive data from unauthorized access during storage and transmission. Question 53. Which compliance framework is primarily aimed at federal government cloud services in the United States? A) GDPR B) SOC 2 C) FedRAMP D) ISO/IEC 27001 Answer: C Explanation: FedRAMP provides a standardized approach to security assessment and authorization for cloud products used by U.S. federal agencies. Question 54. What is the main goal of conducting internal audits of cloud security controls? A) To replace external audits B) To verify compliance and identify gaps proactively C) To generate revenue D) To replace the need for vendor assessments Answer: B Explanation: Internal audits help organizations proactively verify control effectiveness and compliance with policies before external assessments. Question 55. Which element is critical in vendor management for cloud security? A) Financial audits only
C) To reduce operational costs D) To monitor network traffic Answer: B Explanation: A BC plan ensures that critical business functions can continue or quickly recover during and after disruptions. Question 59. Which key concept underpins Zero Trust security architecture? A) Perimeter defense B) Continuous verification of all users and devices C) Implicit trust within the network D) Physical security only Answer: B Explanation: Zero Trust assumes no user or device is trusted by default and requires continuous verification. Question 60. How does a Cloud Security Posture Management (CSPM) tool assist organizations? A) Automates physical security checks B) Continuously assesses cloud configurations for compliance and security risks C) Manages user passwords D) Provides antivirus scanning Answer: B Explanation: CSPM tools monitor cloud configurations, identify misconfigurations, and suggest remediation to enhance security posture. Question 61. Which aspect is most important when designing multi-region cloud architectures for high availability? A) Single region deployment B) Data replication and failover mechanisms C) Manual backup processes D) Ignoring latency issues
Answer: B Explanation: Multi-region architectures with data replication and automated failover ensure resilience and high availability. Question 62. Which cloud security best practice involves embedding security controls directly into infrastructure code? A) Manual configuration B) Infrastructure as Code (IaC) C) Physical security measures D) Manual patching Answer: B Explanation: IaC allows automation of infrastructure deployment with security controls embedded, ensuring consistency and repeatability. Question 63. Which security principle is reinforced by implementing role-based access control (RBAC)? A) Least privilege B) Full access C) Open access D) Disabling access controls Answer: A Explanation: RBAC enforces least privilege by assigning users to roles with specific permissions aligned with their responsibilities. Question 64. What is a primary concern when migrating sensitive data to the cloud? A) Cost of migration B) Data residency, sovereignty, and encryption C) Hardware compatibility D) User training Answer: B