CCSK 练习题

1、哪一种云服务模型为合作伙伴提供基于客户端的数据库或应用程序的访问?
Which cloud-based service model enables companies to provide client-based access for partners to databases or applications?
A、SaaS
B、PaaS
C、IaaS
D、IDaaS
E、DaaS

2、哪种云安全模型提供了帮助实现云安全性的通用模板?
Which cloud security model type provides generalized templates for helping implement cloud security?
A、概念模型或框架 Conceptual models or frameworks
B、控制模型或框架 Controls models or frameworks

C、参考架构 D、设计模式 E、云控制矩阵

Reference architectures Design patterns

Cloud Controls Matrix (CCM)

3、与其他云部署模型相比, 以下哪个最好地描述了基础设施即服务的利弊?
What best describes the tradeoff of Infrastructure as a Service as compared to other cloud deployment models?
A、初期低成本和更强的安全功能 Lower initial cost and greater security features

B、更强的安全功能和更少的扩展性
C、初期低成本和长期更高的成本
D、较少安全功能和更强的扩展性
E、初期更高的成本和更强的安全功能 Greater initial costs and greater security features

Greater security features and less extensibility Lower initial costs and greater long terms costs Less security features and greater extensibility

4、哪个安全概念包括政策、过程和内部控制，以及组织如何运作，包括领导层的结构和政策 以及其他管理机制?
Which security concept includes the policy, process, and internal controls comprising how an organization is run - including the structures and policies of the leadership and other mechanisms for management?

A、治理 Governance
B、企业风险管理 Enterprise risk management C、信息风险管理 Information risk management D、信息安全 Information security
E、合规 Compliance

5、在哪种部署模型中, 治理策略应考虑由云服务提供者合同和组织内部治理协议组成的最小 通用控制集?
In which deployment model should the governance strategy consider the minimum common set of controls comprised of the Cloud Service Provider contract and the organization's internal governance agreements?

A、公有云 B、私有云 C、IaaS D、PaaS E、混合云

Public Cloud Private Cloud  Hybrid Cloud

6、以下哪一项不是云环境中治理和企业风险管理的要求?
Which of the following statements are NOT requirements of governance and enterprise risk management in a cloud environment? A、检查和考虑从云供应链其他成员继承的风险，并采取积极措施通过业务弹性来减轻和遏制 风险
B、尊重云供应链中固有风险的相互依存关系, 并向消费者和依赖方传达企业风险态势和准备 情况.
C、与使用经过良好审查的软件应用程序的公司协商长期合同, 以避免云环境的短暂性

D、为利益相关者和股东提供透明度，以展示财政偿付能力和组织透明度
E、B 和 C

7、要确保云提供者合同的可执行性，应该仔细考虑以下哪个因素?
Cloud provider contract enforceability should be carefully considered in light of
A、成本 Costs
B、提供者控制证明不足以应对客户风险 Provider controls proving inadequate for customer risks
C、外国和外州司法管辖区 Foreign and out of state jurisdictions
D、提供者关键管理系统 Provider key management systems
E、预生产云部署 Pre-production cloud deployments

8、如果没有被篡改或遭受黑客攻击的确凿证据, 文件的可信度不应该因为其在云中创建和存储而受到影响。
Absent other evidence, such as tampering or hacking, documents should not be considered more or less admissible or credible because they were created or stored in the cloud.

A、正确

B、错误

9、如果云应用或云环境本身与诉讼或调查中的纠纷有关, 证据信息应该如何获取?
If in certain litigations and investigations, the actual cloud application or environment itself is relevant to resolving the dispute in the litigation or investigation, how is the information likely to be obtained?

A、它可能直接要求传唤提供者 It may require a subpoena of the provider directly

B、这将需要一场战争 It would require an act of war

C、它将需要以前的合同协议来获得对环境或应用程序的访问权限 It would require a previous contractual agreement to obtain the application or access to the environment

D、它需要以前的访问协议 It would require a previous access agreement

E、在这种情形下，他将永远不会获得(所需要的证据) It would never be obtained in this situation

10、数据定位的关键问题是:
The key concern of data location is:
A、数据不应该和其他客户混淆
Data should not be commingled with other customers

B、数据仅存储在法规允许的地理位置上
Data is stored only in geographic locations permitted by regulations
C、数据仅位于高 MTBF (平均故障间隔时间) 的冗余存储子系统上
Data is located only on redundant storage subsystems with high MTBF (mean time between failures)
D、确保已检索到法律当局要求的所有数据
Assurance that all data requested by legal authorities has been retrieved E、确保禁止的位置无法访问数据
Assurance that prohibited locations cannot access the data

11、如果不考虑提供者的基础设施, 谁负责构建合规的应用程序和服务?
If a provider's infrastructure is not in scope, who is responsible for building compliant applications and services?
A、客户负责应用程序和服务的合规性
The customer is responsible for compliant applications and services. B、提供者必须升级或修复任何不合规的地方
The provider must update or fix whatever is not in compliance. C、没人负责，这是一个被接受的风险, 并写进合同条款
No one. It is an accepted risk that is written into the terms and conditions with customers. D、由客户和提供者协商解决方案
It is up to the customer and provider to negotiate the solution. E、提供者必须根据各种合规性规定为每个客户创建单独的租户
The provider must create a separate tenant for each customer based on the various compliance regulations.

12、以下哪项是对“合规”最好的定义?
Select the best definition of "compliance" from the options below. A、完成所有表格和书面工作的过程, 以制定防御性的文件追踪
The process of completing all forms and paperwork necessary to develop a defensible paper trail
B、制定涵盖所有必要安全措施的例行程序
The development of a routine that covers all necessary security measures C、及时有效地提交安全报告
The timely and efficient filing of security reports.

D、安全意识和义务的履行，包括评估和确定必要和适当的纠正措施的优先次序 The awareness and adherence to obligations, including the assessment and prioritization of corrective actions deemed necessary and appropriate

E、良好的安全实践和勤奋记录的习惯

The diligent habits of good security practices and recording of the same

13、云安全联盟的云控制矩阵(CCM)中包含什么类型的信息?
What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?

A、云环境的网络通信规则 Network traffic rules for cloud environments B、所有云操作员的联邦法律业务要求
Federal legal business requirements for all cloud operators
C、云配置列表, 包括通信逻辑和有效路由
A list of cloud configurations including traffic logic and efficient routes

D、基于许多标准和法规要求，需要实施的若干要求
A number of requirements to be implemented, based upon numerous standards and regulatory requirements
E、典型云公司的指挥控制与管理层次
The command and control management hierarchy of a typical cloud company

14、为什么知道数据如何被访问很重要?
Which statement best describes why is it important to know how data is being accessed? A、用于访问数据的设备可能具有不同的所有权特征
The devices used to access data may have different ownership characteristics. B、用于访问数据的设备具有不同的存储格式
The devices used to access data have different storage formats. C、该设备可能会影响数据分散 The device may affect data dispersion.

D、用于访问数据的设备使用各种应用程序或客户端, 并且可能具有不同的安全特性 The devices used to access data use a variety of applications or clients and may have different security characteristics.
E、用于访问数据的设备使用各种操作系统, 并且可能安装了不同的程序
The devices used to access data use a variety of operating systems and may have different programs installed on them.

15、传统基础设施和云计算之间最显著的安全区别是什么?
What is the most significant security difference between traditional infrastructure and cloud computing?
A、管理平面 Management plane
B、二次认证因素 Secondary authentication factors
C、网络接入点 Network access points
D、入侵检测选项 Intrusion detection options
E、移动安全配置选项 Mobile security configuration options

 

16、REST api 是基于 web 服务的标准, 因为它们使用 HTTPS 并且能跨平台运行。
REST APIs are the standard for web-based services because they run over HTTPS and work well across diverse environments.
A、正确
B、错误

17、“使用工具来选择性地降低部分云资源的可用性，从而实现对业务连续性的持续测试”， 这是对下面那个术语的解释?
Which term is used to describe the use of tools to selectively degrade portions of the cloud to continuously test business continuity?

A、组织级的停机时间 Organized Downtime

B、计划的停机 C、预期工程

D、混沌工程 E、弹性规划

18、哪一项最好地描述了云计算对业务连续性管理的影响?
Which statement best describes the impact of Cloud Computing on business continuity management?
A、地理冗余确保云提供者提供高可用服务

B、普遍缺乏互操作性标准，这意味着必须额外考虑在云提供者之间迁移的安全控制

C、SaaS 提供者的客户尤其需要降低应用程序锁定的风险

D、客户需要进行业务连续计划的尽职调查, 以防他们突然需要更换提供者

E、如果需要迁移到另一个提供者，则云提供者托管的数据集的大小可能会给迁移带来挑战

19、哪一层对于安全最重要并且被认为是云安全运行的基础?
Which layer is the most important for securing because it is considered to be the foundation for secure cloud operations?
A、元结构 Metastructure
B、基础设施 Infrastructure
C、信息结构 Infostructure
D、应用结构 Applistructure
E、数据结构 Datastructure

20、在云提供者和消费者关系中, 哪个实体管理虚拟或抽象的基础设施?
In the cloud provider and consumer relationship, which entity manages the virtual or abstracted infrastructure?
A、仅云提供者 Only the cloud provider
B、仅消费者 Only the cloud consumer
C、包括云提供者和消费者 Both the cloud provider and consumer D、由实体之间的协议来决定 It is determined in the agreement between the entities E、按照实体协议进行外包 It is outsourced as per the entity agreement

Planned Outages Expected Engineering Chaos Engineering Resiliency Planning

 

21、由于没有重叠的流量或功能，最常见的被隔离到不同硬件的是____网络?
In What are the most commonly seen networks isolated to distinct hardware because of no overlapping traffic or function?
A、企业，管理和存储 Corporate, Management, and Storage
B、企业，服务和存储 Corporate, Service, and Storage
C、企业，管理，服务和存储 Corporate, Management, Service, and Storage

D、管理，服务和存储 Management, Service, and Storage
E、企业，管理和服务 Corporate, Management, and Service

22、为什么不同服务类型的网络通常被隔离在不同的硬件上(比如通过同一宿主机的不同物理 网卡提供不同的服务)?
Why is a service type of network typically isolated on different hardware?

A、它们需要独特的安全性 It requires unique security

B、它们需要不同的访问控制 It requires distinct access controls

C、它具有与其它网络不同的功能 It has distinct functions from other networks

D、它管理与其它网络之间的通信 It manages the traffic between other networks E、它管理云消费者的资源池 It manages resource pools for cloud consumers

23、虚拟设备可能成为瓶颈，因为它们在发生故障时不能自动放行所有流量，相反会拦截流 量。
Virtual appliances can become bottlenecks because they cannot fail open and must intercept all traffic.

A、正确 B、错误

24、配置 SDN 防火墙时，在添加所有资产之后的首要配置操作是什么?
When configuring SDN firewalls, after adding all assets, what is typically the first configuration you must address?
A、创建更新规则 Creating update rules
B、配置额外的访问 Configuring additional access
C、打开连接 Opening connections
D、配置日志 Configuring logging
E、断开以前的防火墙 Disconnecting previous firewalls

25、在不同的虚拟网络上运行应用程序，并且只在需要时连接网络，这样做的好处是什么? How does running applications on distinct virtual networks and only connecting networks as needed hel