CCSP Cloud Concepts, Architecture and Design • Complete Question Bank
Complete CCSP Cloud Concepts, Architecture and Design question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/24"
}
}
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Access Control
Audit and Accountability
System and Communications Protection
System and Information Integrity
Physical and Environmental Protection
Drag a concept onto its matching description — or click a concept then click the description.
Service organization control report for security
Assessment of cloud provider controls
Analysis of logs for incident investigation
Real-time assessment of security controls
Refer to the exhibit. The following is an excerpt from a cloud provider's access control policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"NotIpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
}
]
}Refer to the exhibit. The following is a log entry from a cloud access security broker (CASB): Event: Anomalous data transfer User: user@example.com Application: Salesforce Data size: 2.5 GB Time: 02:00 AM Location: IP 203.0.113.45 (country: Unknown) Action: Allow (policy exception)
Security Group Rule Analysis: Rule 1: Inbound | TCP | Port 22 | 0.0.0.0/0 | Allow Rule 2: Inbound | TCP | Port 443 | 0.0.0.0/0 | Allow Rule 3: Inbound | TCP | Port 3389 | 192.168.1.0/24 | Allow Rule 4: Outbound | All Traffic | 0.0.0.0/0 | Allow
IAM Policy Document:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:ListBucket"],
"Resource": ["arn:aws:s3:::example-db-backup", "arn:aws:s3:::example-db-backup/*"]
},
{
"Effect": "Allow",
"Action": "kms:Decrypt",
"Resource": "*"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringNotEquals": {
"aws:PrincipalArn": "arn:aws:iam::123456789012:role/DataAccessRole"
}
}
},
{
"Effect": "Allow",
"Principal": "arn:aws:iam::123456789012:role/DataAccessRole",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}