ISC2-CCSP Domain 3: Cloud Platform and Infrastructure Security Welcome to your ISC2-CCSP Domain 3: Cloud Platform and Infrastructure Security 1. CCSP: Cloud Platform and Infrastructure Security In the context of cloud infrastructure security, which of the following is the MOST critical consideration when implementing network segmentation in a public cloud environment? A. The physical location of data centers. B. The compatibility of network devices. C. The separation of resources by sensitivity level. D. The bandwidth limitations of the cloud provider. None 2. CCSP: Cloud Platform and Infrastructure Security When deploying a multi-cloud architecture, which of the following is the MOST significant challenge related to cloud platform and infrastructure security? A. Managing different SLAs for each cloud service provider. B. Integrating security policies across diverse cloud platforms. C. Choosing cloud providers based on geographical location. D. Balancing the workload distribution evenly across providers. None 3. CCSP: Cloud Platform and Infrastructure Security In securing cloud infrastructure, which of the following best describes the principle of "security through obscurity" and its effectiveness? A. Enhancing security by hiding system configurations, considered highly effective. B. Relying solely on undisclosed security measures, considered ineffective. C. Encrypting data at rest and in transit, considered an essential security practice. D. Regularly changing cloud provider to avoid targeted attacks, considered impractical. None 4. CCSP: Cloud Platform and Infrastructure Security What is the MOST critical factor to consider when implementing a cloud-based Intrusion Detection System (IDS) for monitoring east-west traffic within a virtual private cloud 'VPC'? A. The geographic distribution of virtual machines. B. The compatibility of the IDS with virtual network appliances. C. The impact of IDS on cloud resource consumption and performance. D. The latency introduced by IDS in high-traffic scenarios. None 5. CCSP: Cloud Platform and Infrastructure Security Which of the following best describes the importance of implementing a Cloud Access Security Broker 'CASB' in a hybrid cloud environment? A. To ensure consistent network performance across cloud services. B. To provide a single point of encryption for data at rest. C. To centralize visibility and control over multiple cloud services. D. To manage physical access to cloud data centers. None 6. CCSP: Cloud Platform and Infrastructure Security In the context of Infrastructure as a Service (IaaS), which of the following BEST ensures the integrity of data stored in cloud-based block storage? A. Implementing strict access controls. B. Regularly updating the cloud provider's API. C. Utilizing encryption for data at rest. D. Deploying anti-virus software on storage servers. None 7. CCSP: Cloud Platform and Infrastructure Security When considering the security of virtual networks within cloud environments, which of the following is the MOST significant risk associated with inadequate network segmentation? A. Decreased performance due to increased network traffic. B. Increased complexity in network management. C. Lateral movement of attackers within the cloud environment. D. Overutilization of network bandwidth. None 8. CCSP: Cloud Platform and Infrastructure Security Which of the following is a PRIMARY security concern when implementing serverless computing architectures in cloud environments? A. The physical security of the underlying infrastructure. B. The management of server operating system updates. C. The potential for insecure application dependencies. D. The allocation of dedicated network resources. None 9. CCSP: Cloud Platform and Infrastructure Security For cloud environments, which of the following strategies is MOST effective in ensuring the resilience of cloud-based applications against Distributed Denial of Service (DDoS) attacks? A. Deploying redundant physical network infrastructure. B. Implementing rate limiting on API calls. C. Utilizing geographically dispersed data centers. D. Regularly conducting penetration testing. None 10. CCSP: Cloud Platform and Infrastructure Security In a cloud computing environment, what is the MOST critical factor to consider when securing containerized applications? A. The size of the containers. B. The isolation between containers. C. The physical location of the container host. D. The version of the container management software. None 11. CCSP: Cloud Platform and Infrastructure Security Which of the following BEST describes the role of automated compliance monitoring tools in cloud infrastructure security? A. Reducing the need for physical security controls. B. Eliminating the risk of data breaches. C. Ensuring continuous compliance with security policies. D. Completely automating the security response process. None 12. CCSP: Cloud Platform and Infrastructure Security In the implementation of cloud security controls, which of the following is MOST essential to protect against data exfiltration in a cloud environment? A. Enforcing strong password policies. B. Configuring network access control lists (ACLs). C. Implementing Data Loss Prevention (DLP) mechanisms. D. Regularly updating antivirus software on virtual machines. None 13. CCSP: Cloud Platform and Infrastructure Security For cloud infrastructure, which of the following BEST describes the challenge of "shadow IT" in terms of security? A. It increases the complexity of network architecture. B. It leads to unauthorized use of cloud services that may bypass security controls. C. It necessitates frequent changes to access management policies. D. It requires additional physical security measures in data centers. None 14. CCSP: Cloud Platform and Infrastructure Security In cloud computing, which of the following is the PRIMARY security benefit of implementing microsegmentation within a cloud data center? A. It simplifies the network architecture. B. It enhances the performance of network traffic. C. It reduces the attack surface by isolating workloads. D. It decreases the cost of network maintenance. None 15. CCSP: Cloud Platform and Infrastructure Security When securing a cloud environment, which of the following represents the MOST significant risk associated with weak identity and access management (IAM) practices? A. Increased operational costs. B. Unauthorized access to sensitive resources. C. Incompatibility with cloud service provider APIs. D. Decreased efficiency of cloud resource utilization. None 16. CCSP: Cloud Platform and Infrastructure Security What is the MOST effective method to secure API keys used in cloud services against exposure and misuse? A. Storing API keys in source code repositories. B. Embedding API keys in client-side code. C. Using a secure vault service for API key management. D. Sending API keys via email to team members for easy access. None 17. CCSP: Cloud Platform and Infrastructure Security In cloud environments, which of the following is the PRIMARY concern when implementing encryption key rotation policies? A. Ensuring compatibility with all cloud services. B. Minimizing the performance impact on applications. C. Preventing unauthorized access during the rotation process. D. Maintaining availability of encrypted data during rotation. None 18. CCSP: Cloud Platform and Infrastructure Security Which of the following strategies is MOST critical for protecting cloud environments against zero-day vulnerabilities? A. Regularly updating firewall rules. B. Conducting annual security audits. C. Implementing a robust patch management process. D. Deploying intrusion detection systems (IDS). None 19. CCSP: Cloud Platform and Infrastructure Security In the design of cloud infrastructure, which of the following is MOST important for ensuring the security of data processed by third-party cloud services? A. Selecting cloud services with the highest uptime guarantees. B. Ensuring physical security of the third-party service provider's data centers. C. Implementing end-to-end encryption for data in transit and at rest. D. Choosing services based solely on cost-effectiveness. None 20. CCSP: Cloud Platform and Infrastructure Security What is the PRIMARY benefit of integrating Security Information and Event Management (SIEM) systems with cloud infrastructure? A. Reducing the cost of cloud storage solutions. B. Enhancing the visualization of cloud resource utilization. C. Improving the detection and response to security incidents. D. Simplifying the management of cloud service provider interfaces. None 1 out of 20 Time is Up! Time's up
