第1页 / 共14页
第2页 / 共14页
第3页 / 共14页
第4页 / 共14页
第5页 / 共14页
第6页 / 共14页
第7页 / 共14页
第8页 / 共14页
CCSK练习题.pdf
1、哪一种云服务模型为合作伙伴提供基于客户端的数据库或应用程序的访问?
Which cloud-based service model enables companies to provide client-based access for
partners to databases or applications?
A、SaaS
B、PaaS
C、IaaS
D、IDaaS
E、DaaS
2、哪种云安全模型提供了帮助实现云安全性的通用模板?
Which cloud security model type provides generalized templates for helping implement cloud
security?
A、概念模型或框架 Conceptual models or frameworks
B、控制模型或框架 Controls models or frameworks
C、参考架构 Reference architectures
D、设计模式 Design patterns
E、云控制矩阵 Cloud Controls Matrix (CCM)
3、与其他云部署模型相比, 以下哪个最好地描述了基础设施即服务的利弊?
What best describes the tradeoff of Infrastructure as a Service as compared to other cloud
deployment models?
A、初期低成本和更强的安全功能 Lower initial cost and greater security features
B、更强的安全功能和更少的扩展性 Greater security features and less extensibility
C、初期低成本和长期更高的成本 Lower initial costs and greater long terms costs
D、较少安全功能和更强的扩展性 Less security features and greater extensibility
E、初期更高的成本和更强的安全功能 Greater initial costs and greater security features
4、哪个安全概念包括政策、过程和内部控制,以及组织如何运作,包括领导层的结构和政策
以及其他管理机制?
Which security concept includes the policy, process, and internal controls comprising how an
organization is run - including the structures and policies of the leadership and other
mechanisms for management?
A、治理 Governance
B、企业风险管理 Enterprise risk management
C、信息风险管理 Information risk management
D、信息安全 Information security
E、合规 Compliance
5、在哪种部署模型中, 治理策略应考虑由云服务提供者合同和组织内部治理协议组成的最小
通用控制集?
In which deployment model should the governance strategy consider the minimum common
set of controls comprised of the Cloud Service Provider contract and the organization's
internal governance agreements?
- 1 -
A、公有云 Public Cloud
B、私有云 Private Cloud
C、IaaS
D、PaaS
E、混合云 Hybrid Cloud
6、以下哪一项不是云环境中治理和企业风险管理的要求?
Which of the following statements are NOT requirements of governance and enterprise risk
management in a cloud environment?
A、检查和考虑从云供应链其他成员继承的风险,并采取积极措施通过业务弹性来减轻和遏制
风险
B、尊重云供应链中固有风险的相互依存关系, 并向消费者和依赖方传达企业风险态势和准备
情况.
C、与使用经过良好审查的软件应用程序的公司协商长期合同, 以避免云环境的短暂性
D、为利益相关者和股东提供透明度,以展示财政偿付能力和组织透明度
E、B 和 C
7、要确保云提供者合同的可执行性,应该仔细考虑以下哪个因素?
Cloud provider contract enforceability should be carefully considered in light of
A、成本 Costs
B、提供者控制证明不足以应对客户风险 Provider controls proving inadequate for customer
risks
C、外国和外州司法管辖区 Foreign and out of state jurisdictions
D、提供者关键管理系统 Provider key management systems
E、预生产云部署 Pre-production cloud deployments
8、如果没有被篡改或遭受黑客攻击的确凿证据, 文件的可信度不应该因为其在云中创建和存
储而受到影响。
Absent other evidence, such as tampering or hacking, documents should not be considered
more or less admissible or credible because they were created or stored in the cloud.
A、正确
B、错误
9、如果云应用或云环境本身与诉讼或调查中的纠纷有关, 证据信息应该如何获取?
If in certain litigations and investigations, the actual cloud application or environment itself is
relevant to resolving the dispute in the litigation or investigation, how is the information likely
to be obtained?
A、它可能直接要求传唤提供者 It may require a subpoena of the provider directly
B、这将需要一场战争 It would require an act of war
C、它将需要以前的合同协议来获得对环境或应用程序的访问权限 It would require a previous
contractual agreement to obtain the application or access to the environment
D、它需要以前的访问协议 It would require a previous access agreement
- 2 -
E、在这种情形下,他将永远不会获得(所需要的证据) It would never be obtained in this
situation
10、数据定位的关键问题是:
The key concern of data location is:
A、数据不应该和其他客户混淆
Data should not be commingled with other customers
B、数据仅存储在法规允许的地理位置上
Data is stored only in geographic locations permitted by regulations
C、数据仅位于高 MTBF (平均故障间隔时间) 的冗余存储子系统上
Data is located only on redundant storage subsystems with high MTBF (mean time between
failures)
D、确保已检索到法律当局要求的所有数据
Assurance that all data requested by legal authorities has been retrieved
E、确保禁止的位置无法访问数据
Assurance that prohibited locations cannot access the data
11、如果不考虑提供者的基础设施, 谁负责构建合规的应用程序和服务?
If a provider's infrastructure is not in scope, who is responsible for building compliant
applications and services?
A、客户负责应用程序和服务的合规性
The customer is responsible for compliant applications and services.
B、提供者必须升级或修复任何不合规的地方
The provider must update or fix whatever is not in compliance.
C、没人负责,这是一个被接受的风险, 并写进合同条款
No one. It is an accepted risk that is written into the terms and conditions with customers.
D、由客户和提供者协商解决方案
It is up to the customer and provider to negotiate the solution.
E、提供者必须根据各种合规性规定为每个客户创建单独的租户
The provider must create a separate tenant for each customer based on the various
compliance regulations.
12、以下哪项是对“合规”最好的定义?
Select the best definition of "compliance" from the options below.
A、完成所有表格和书面工作的过程, 以制定防御性的文件追踪
The process of completing all forms and paperwork necessary to develop a defensible paper
trail
B、制定涵盖所有必要安全措施的例行程序
The development of a routine that covers all necessary security measures
C、及时有效地提交安全报告
The timely and efficient filing of security reports.
- 3 -
D 、安全意识 和义务的履行, 包括 评估和确定必要和适当的纠正措施的优先 次序 The
awareness and adherence to obligations, including the assessment and prioritization of
corrective actions deemed necessary and appropriate
E、良好的安全实践和勤奋记录的习惯
The diligent habits of good security practices and recording of the same
13、云安全联盟的云控制矩阵(CCM)中包含什么类型的信息?
What type of information is contained in the Cloud Security Alliance's Cloud Control Matrix?
A、云环境的网络通信规则 Network traffic rules for cloud environments
B、所有云操作员的联邦法律业务要求
Federal legal business requirements for all cloud operators
C、云配置列表, 包括通信逻辑和有效路由
A list of cloud configurations including traffic logic and efficient routes
D、基于许多标准和法规要求,需要实施的若干要求
A number of requirements to be implemented, based upon numerous standards and
regulatory requirements
E、典型云公司的指挥控制与管理层次
The command and control management hierarchy of a typical cloud company
14、为什么知道数据如何被访问很重要?
Which statement best describes why is it important to know how data is being accessed?
A、用于访问数据的设备可能具有不同的所有权特征
The devices used to access data may have different ownership characteristics.
B、用于访问数据的设备具有不同的存储格式
The devices used to access data have different storage formats.
C、该设备可能会影响数据分散 The device may affect data dispersion.
D、用于访问数据的设备使用各种应用程序或客户端, 并且可能具有不同的安全特性 The
devices used to access data use a variety of applications or clients and may have different
security characteristics.
E、用于访问数据的设备使用各种操作系统, 并且可能安装了不同的程序
The devices used to access data use a variety of operating systems and may have different
programs installed on them.
15、传统基础设施和云计算之间最显著的安全区别是什么?
What is the most significant security difference between traditional infrastructure and cloud
computing?
A、管理平面 Management plane
B、二次认证因素 Secondary authentication factors
C、网络接入点 Network access points
D、入侵检测选项 Intrusion detection options
E、移动安全配置选项 Mobile security configuration options
- 4 -
16、REST api 是基于 web 服务的标准, 因为它们使用 HTTPS 并且能跨平台运行。
REST APIs are the standard for web-based services because they run over HTTPS and work
well across diverse environments.
A、正确
B、错误
17、“使用工具来选择性地降低部分云资源的可用性,从而实现对业务连续性的持续测试”,
这是对下面那个术语的解释?
Which term is used to describe the use of tools to selectively degrade portions of the cloud
to continuously test business continuity?
A、组织级的停机时间 Organized Downtime
B、计划的停机 Planned Outages
C、预期工程 Expected Engineering
D、混沌工程 Chaos Engineering
E、弹性规划 Resiliency Planning
18、哪一项最好地描述了云计算对业务连续性管理的影响?
Which statement best describes the impact of Cloud Computing on business continuity
management?
A、地理冗余确保云提供者提供高可用服务
B、普遍缺乏互操作性标准,这意味着必须额外考虑在云提供者之间迁移的安全控制
C、SaaS 提供者的客户尤其需要降低应用程序锁定的风险
D、客户需要进行业务连续计划的尽职调查, 以防他们突然需要更换提供者
E、如果需要迁移到另一个提供者,则云提供者托管的数据集的大小可能会给迁移带来挑战
19、哪一层对于安全最重要并且被认为是云安全运行的基础?
Which layer is the most important for securing because it is considered to be the foundation
for secure cloud operations?
A、元结构 Metastructure
B、基础设施 Infrastructure
C、信息结构 Infostructure
D、应用结构 Applistructure
E、数据结构 Datastructure
20、在云提供者和消费者关系中, 哪个实体管理虚拟或抽象的基础设施?
In the cloud provider and consumer relationship, which entity manages the virtual or
abstracted infrastructure?
A、仅云提供者 Only the cloud provider
B、仅消费者 Only the cloud consumer
C、包括云提供者和消费者 Both the cloud provider and consumer
D、由实体之间的协议来决定 It is determined in the agreement between the entities
E、按照实体协议进行外包 It is outsourced as per the entity agreement
- 5 -
21、由于没有重叠的流量或功能,最常见的被隔离到不同硬件的是____网络?
In What are the most commonly seen networks isolated to distinct hardware because of no
overlapping traffic or function?
A、企业,管理和存储 Corporate, Management, and Storage
B、企业,服务和存储 Corporate, Service, and Storage
C、企业,管理,服务和存储 Corporate, Management, Service, and Storage
D、管理,服务和存储 Management, Service, and Storage
E、企业,管理和服务 Corporate, Management, and Service
22、为什么不同服务类型的网络通常被隔离在不同的硬件上(比如通过同一宿主机的不同物理
网卡提供不同的服务)?
Why is a service type of network typically isolated on different hardware?
A、它们需要独特的安全性 It requires unique security
B、它们需要不同的访问控制 It requires distinct access controls
C、它具有与其它网络不同的功能 It has distinct functions from other networks
D、它管理与其它网络之间的通信 It manages the traffic between other networks
E、它管理云消费者的资源池 It manages resource pools for cloud consumers
23、虚拟设备可能成为瓶颈,因为它们在发生故障时不能自动放行所有流量,相反会拦截流
量。
Virtual appliances can become bottlenecks because they cannot fail open and must intercept
all traffic.
A、正确
B、错误
24、配置 SDN 防火墙时,在添加所有资产之后的首要配置操作是什么?
When configuring SDN firewalls, after adding all assets, what is typically the first
configuration you must address?
A、创建更新规则 Creating update rules
B、配置额外的访问 Configuring additional access
C、打开连接 Opening connections
D、配置日志 Configuring logging
E、断开以前的防火墙 Disconnecting previous firewalls
25、在不同的虚拟网络上运行应用程序,并且只在需要时连接网络,这样做的好处是什么?
How does running applications on distinct virtual networks and only connecting networks as
needed help?
A、它允许您围绕业务组配置应用程序
It enables you to configure applications around business groups
B、它降低了硬件成本 It reduces hardware costs
C、它锁定访问并提供更强的数据安全性
It locks down access and provides stronger data security
- 6 -
D、它减少了系统被破坏时的爆炸半径(影响范围)
It reduces the blast radius of a compromised system
E、它提供动态和细粒度的策略,减少管理开销
It provides dynamic and granular policies with less management overhead
26、对共享安全模型中私有云平台的安全性的描述,下面哪一项是对的?
What is true about the security for a private cloud platform in the shared security model?
A、云提供者必须确保所有层都是安全的 The cloud provider must ensure all layers are
secure
B、云消费者必须确保所有层都是安全的 The cloud consumer must ensure all layers are
secure
C、云平台维护人员必须确保所有层都是安全的 Whoever maintains the platform must
ensure all layers are secure
D、安全责任取决于平台层 The responsibility of security depends on the platform layer
E 、 提 供 者 和 消 费 者 分 担 安 全 责 任 The provider and consumer split the security
responsibilities
27、谁负责实现对可用的虚拟化资源的安全控制并了解潜在风险?
Who is responsible for implementing the available virtualized security controls and
understanding the underlying risks?
A、云提供者 The cloud provider
B、云消费者 The cloud consumer
C、取决于协议 It depends on the agreement
D、责任均等 The responsibility is split equally
E、大部分由提供者承担 The majority is covered by the provider
28、当流量可能无法通过物理网络时,如何监控和过滤虚拟网络中的数据?How can you
monitor and filter data in a virtual network when traffic might not cross the physical network?
A、将流量路由到物理网络以进行捕获
Route traffic to the physical network for capturing
B、将流量路由到同一虚拟网络上的虚拟设备
Route traffic to a virtual appliance on the same virtual network
C、将流量路由到同一硬件上的虚拟网络监视或过滤工具
Route traffic to a virtual network monitoring or filtering tool on the same hardware
D、A 和 B
E、A 和 C
29、云消费者管理基础设施的主要安全职责是什么?
What are the primary security responsibilities of the cloud consumer in the management
infrastructure?
A、构建并正确配置安全的网络基础设施
Building and properly configuring a secure network infrastructure
B、正确配置部署虚拟网络,尤其是防火墙
- 7 -
Properly configuring the deployment of the virtual network, especially the firewalls
C、正确配置部署虚拟网络,除了防火墙
Properly configuring the deployment of the virtual network, except the firewalls
D、全网配置双因素身份验证
Configuring second factor authentication across the network
E、为自定义访问和配置提供尽可能多的 API 端点
Providing as many API endpoints as possible for custom access and configurations
30、哪个组件是软件容器系统的关键部分?
Which component is a key part of software container systems?
A、客户端 A client
B、执行环境 The execution environment
C、自动化控制器 An automated controller
D、操作系统 Operating system
E、工作负载工具 Workload tools
31、尽可能使用弹性服务器并将工作负载移至新实例。
Use elastic servers when possible and move workloads to new instances.
A、正确
B、错误
32、以下哪个不是影响事件响应的云计算特性?
Which of the following is NOT a cloud computing characteristic that impacts incidence
response?
A、云服务实现的资源池,以及云基础设施提供的快速弹性
The resource pooling practiced by cloud services, in addition to the rapid elasticity offered by
cloud infrastructures
B、云计算环境按需自服务性质
The on demand self-service nature of cloud computing environments
C、数据跨越地理位置或管辖区边界的可能性
The possibility of data crossing geographic or jurisdictional boundaries
D、私有云中基于对象的存储 Object-based storage in a private cloud
E、合租(共享基础设施)用户在收集和分析与事件有关的信息时涉及的隐私问题
Privacy concerns for co-tenants regarding the collection and analysis of telemetry and
artifacts associated with an incident
33、每个云客户应该如何设置其云服务提供者(CSP),以便在发生事故时使用?
What should every cloud customer set up with its cloud service provider (CSP) that can be
utilized in the event of an incident?
A、数据销毁计划 A data destruction plan
B、备份站点 A back-up website
C、泄漏修复工具 A spill remediation kit
D、沟通计划 A communication plan
- 8 -
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
