CCSP Cloud Security Operations • Complete Question Bank
Complete CCSP Cloud Security Operations question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"StringEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
}
]
}
```Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "192.0.2.0/24"
}
}
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
```Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/24"
}
}
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Encryption using AES-256
TLS 1.2+ encryption
Homomorphic or confidential computing
Encryption with separate key management
Drag a concept onto its matching description — or click a concept then click the description.
Software that manages virtual machines
Attack breaking out of VM isolation
Virtual machine introspection for monitoring
Moving a running VM between hosts
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
},
{
"Effect": "Deny",
"Action": [
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}Refer to the exhibit. Security Group: sg-12345 (web-sg) Inbound Rules: - Type: HTTP (80), Protocol: TCP, Port Range: 80, Source: 0.0.0.0/0 - Type: HTTPS (443), Protocol: TCP, Port Range: 443, Source: 0.0.0.0/0 - Type: SSH (22), Protocol: TCP, Port Range: 22, Source: 10.0.0.0/8 Outbound Rules: - Type: All traffic, Protocol: All, Port Range: All, Destination: 0.0.0.0/0
Refer to the exhibit. A data sync job fails with the error shown. The IAM role 'data-sync-role' has the following policy attached:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject"
],
"Resource": "arn:aws:s3:*:*:data-bucket-2024/*"
}
]
}What is the MOST likely cause of the failure?
Refer to the exhibit. Error log from cloud storage sync tool: [ERROR] Failed to sync file 'financial_report.xlsx'. Cause: AccessDenied (403) - User: arn:aws:iam::123456789012:role/data-sync-role is not authorized to perform: s3:GetObject on resource: arn:aws:s3:::data-bucket-2024/financial_report.xlsx because no identity-based policy allows the s3:GetObject action
Refer to the exhibit. The following is an excerpt from an AWS S3 bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}Refer to the exhibit. The following is a log entry from a cloud load balancer:
{
"timestamp": "2025-03-10T14:23:45Z",
"client_ip": "203.0.113.5",
"request_method": "POST",
"request_uri": "/api/login",
"response_code": 200,
"user_agent": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
}Refer to the exhibit. The following is an excerpt from a cloud infrastructure configuration file (Terraform HCL):
resource "aws_instance" "web" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
user_data = <<-EOF
#!/bin/bash
apt-get update
apt-get install -y nginx
systemctl enable nginx
systemctl start nginx
EOF
vpc_security_group_ids = [aws_security_group.web_sg.id]
}
resource "aws_security_group" "web_sg" {
name = "web_sg"
description = "Allow HTTP traffic"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}Refer to the exhibit.
{
"Records": [
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"arn": "arn:aws:iam::123456789012:user/john.doe",
"accountId": "123456789012",
"userName": "john.doe"
},
"eventTime": "2024-03-15T10:30:00Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "RunInstances",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.50",
"userAgent": "console.amazonaws.com",
"requestParameters": {
"instancesSet": {
"items": [{"instanceId": "i-0abcd1234efgh5678"}]
},
"groupSet": {
"items": [{"groupId": "sg-12345678"}]
}
},
"responseElements": {
"instancesSet": {
"items": [{"instanceId": "i-0abcd1234efgh5678"}]
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}