Here is a set of 12 free CCSK practice questions. You want to be able to complete this set within 18 minutes and answer at least 10 questions correctly to make it to a score of 80%, which is the passing score for the CCSK exam (you can find more on the CCSK exam difficulty here ).
Q1 : which statement is correct ?
A : with SaaS you can patch the OS whereas with IaaS you don’t have access to the OS
B : network security groups are only available in PaaS
C : you can’t store data in SaaS, you can only run applications.
D : you get more control and visibility with IaaS compared to SaaS
E : you can’t run a database in PaaS
Q2 : which statement is not correct ? (choose 2)
A : you should prefer VLANs to SDNs
B : you don’t have access to hypervisors in a public cloud
C : privileged accounts should have MFA activated
D : WAF and Security Groups are basically the same thing
E : traditional firewalls won’t work in most cloud environments
Q3 : compliance requirements and data classification are usually not linked
A : true
B : false
Q4 : what is the most relevant for encryption in the cloud ? (choose 2)
A : make sure you have enough separation between the key and the encrypted data
B : make sure the encrypted data is stored in your on-premise environment only
C : make sure you use a reliable and up to date encryption algorithm
D : make sure you always use proxy encryption with SaaS
E : make sure you systematically encrypt everything in IaaS
Q5 : SOC reports are not produced by your Security Operation Center team
A : true
B : false
Q6 : what are the 5 essential characteristics of cloud ?
A : broad network access, rapid elasticity, metered usage, on-demand self-service, resource pooling
B : broad region access, rapid elasticity, metered storage, on-demand self-service, resource balancing
C : broad network access, rapid scalability, metered usage, on-request self-service, resource pooling
D : broad region access, rapid scalability, metered storage, on-request self-service ,resource balancing
Q7 : customer C creates an account on company B’s web site which is a SaaS application deployed in cloud provider A’s IaaS environment. In this scenario:
A : A is the data subject, B the data controller, and C the data processor
B : A and B are data processors and C is the data controller
C : A is the data processor, B the data controller, and C is the data subject
D : A is the data controller, B the data subject, and C is the data processor
E : A an B are data controllers and C is the data subject
Q8 : what does SAST stand for ?
A : Static Authentication Spoofing Threat
B : Static Application Security Testing
C : Software Authorization Spyware Threat
D : Software Assurance Security Testing
Q9 : the right to be forgotten is not covered by GDPR
A : false
B : true
Q10 : what can help with the selection of a cloud provider ? (choose 2)
A : EIP Register
B : Cloud Readiness Assessment Initiative
C : STAR Registry
D : Consensus Assessment Initiative Questionnaire
Q11 : what does CASB stand for ?
A : Cloud Application Security Botnet
B : Cloud Availability and Security Broker
C : Cloud Application Security Bug
D : Cloud Access and Security Broker
Q12 : what deployment model is cloud bursting usually associated with ?
A : Public
B : Hybrid
C : Private
D : Community
E : On-premise
copy paste the string showing below in a 64 bit decoder and decode it to see the correct answers (there are many 64 bit encoders/decoders available online at no cost) :
interested in preparing for the CCSK exam ?
You can learn more here.
Check the next CCSK training dates here !