Pass the Cloud Security Alliance Cloud Security Knowledge CCSK Questions and answers with CertsForce

Aligning CSP policies with security and regulatory objectives is essential for ensuring compliance and robust security measures. Reference: [Security Guidance v5, Domain 3 - Risk, Compliance, and Governance]

Passwordless authentication removes the reliance on traditional passwords and instead relies on strong, cryptographic-based login mechanisms. The primary technology behind passwordless authentication is the use of local tokens or certificates, particularly implemented through protocols like FIDO2 and WebAuthn.

These mechanisms work by storing a private key on the user’s device (like a hardware security module or TPM), while the public key is stored with the cloud service. When a login attempt is made, the system uses asymmetric cryptography to verify the user—without ever transmitting a secret like a password.

“Passwordless authentication is enabled by mechanisms such as biometric verification and secure local credentials like hardware-bound certificates or tokens. The use of cryptographic authenticators (such as FIDO2) is becoming the cornerstone of secure, phishing-resistant authentication.”

— Security Guidance for Critical Areas of Focus in Cloud Computing v4.0, Domain 12: Identity, Entitlement, and Access Management

Also supported by the Cloud Controls Matrix (CCM) under IAM-12:

“Utilize multifactor authentication or strong authentication mechanisms such as cryptographic tokens or certificates for user access to cloud services.”

— Cloud Controls Matrix v3.0.1 (IAM-12)

An SDP creates a "dark" network, visible only to authorized users, enhancing security by hiding infrastructure from potential attackers. Reference: [Security Guidance v5, Domain 7 - Infrastructure & Networking]

The CCSK v5.0 Study Guide defines cloud computing based on the NIST SP 800-145 definition, which outlines five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Two key capabilities that underpin these characteristics areabstractionandresource pooling.

Abstractionrefers to the virtualization layer that hides the underlying physical infrastructure, allowing users to interact with resources (e.g., compute, storage, networking) without needing to manage the hardware directly.

Resource poolingenables the provider’s computing resources to be pooled to serve multiple consumers using a multi-tenant model, with resources dynamically assigned and reassigned based on demand.

From theCCSK v5.0 Study Guide, Domain 1 (Cloud Computing Concepts and Architectures), Section 1.2:

“Cloud computing relies on abstraction to simplify the user experience and resource pooling to efficiently allocate resources across multiple tenants. Resource pooling is a defining characteristic, where the provider’s computing resources are pooled to serve multiple consumers, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.”

Option B correctly identifiesabstraction and resource poolingas the two key capabilities.

Option A (Abstraction and orchestration) is incorrect because orchestration, while important for automation, is not a defining characteristic of cloud computing.

Option C (Multi-tenancy and isolation) is incorrect because, while multi-tenancy is a feature of resource pooling, isolation is a security mechanism, not a core capability of cloud computing.

Option D (Virtualization and multi-tenancy) is incorrect because virtualization is a technology that enables abstraction, but multi-tenancy alone is not sufficient to define cloud computing.

Cloud telemetry provides detailed insights and visibility into security events and system behaviors in cloud environments, which helps detect and respond to threats. Reference: [Security Guidance v5, Domain 6 - Security Monitoring]

The Continuous Delivery and Deployment phase emphasizes deploying applications securely, ensuring infrastructure security is prioritized during deployment. Reference: [CCSK v5 Curriculum, Domain 10 - Secure Development Lifecycle]