New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ISC CCSP Certified Cloud Security Professional (CCSP) Exam Practice Test

Demo: 76 questions
Total 512 questions

Certified Cloud Security Professional (CCSP) Questions and Answers

Question 1

Which of the following is the dominant driver behind the regulations to which a system or application must adhere?

Options:

A.

Data source

B.

Locality

C.

Contract

D.

SLA

Question 2

Identity and access management (IAM) is a security discipline that ensures which of the following?

Options:

A.

That all users are properly authorized

B.

That the right individual gets access to the right resources at the right time for the right reasons.

C.

That all users are properly authenticated

D.

That unauthorized users will get access to the right resources at the right time for the right reasons

Question 3

Which of the following methods of addressing risk is most associated with insurance?

Options:

A.

Mitigation

B.

Transference

C.

Avoidance

D.

Acceptance

Question 4

What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?

Options:

A.

Live testing

B.

Source code access

C.

Production system scanning

D.

Injection attempts

Question 5

Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cloud customers.

Which of the following is NOT a unit covered by limits?

Options:

A.

Hypervisor

B.

Cloud customer

C.

Virtual machine

D.

Service

Question 6

Which of the following best describes SAML?

Options:

A.

A standard used for directory synchronization

B.

A standard for developing secure application management logistics

C.

A standard for exchanging usernames and passwords across devices.

D.

A standards for exchanging authentication and authorization data between security domains.

Question 7

Which component of ITIL involves planning for the restoration of services after an unexpected outage or incident?

Options:

A.

Continuity management

B.

Problem management

C.

Configuration management

D.

Availability management

Question 8

Which kind of SSAE audit reviews controls dealing with the organization’s controls for assuring the confidentiality, integrity, and availability of data?

Options:

A.

SOC 1

B.

SOC 2

C.

SOC 3

D.

SOC 4

Question 9

The BC/DR kit should include all of the following except:

Options:

A.

Annotated asset inventory

B.

Flashlight

C.

Hard drives

D.

Documentation equipment

Question 10

Gathering business requirements can aid the organization in determining all of this information about organizational assets, except:

Options:

A.

Full inventory

B.

Criticality

C.

Value

D.

Usefulness

Question 11

During the course of an audit, which of the following would NOT be an input into the control requirements used as part of a gap analysis.

Options:

A.

Contractual requirements

B.

Regulations

C.

Vendor recommendations

D.

Corporate policy

Question 12

With a federated identity system, what does the identity provider send information to after a successful authentication?

Options:

A.

Relying party

B.

Service originator

C.

Service relay

D.

Service relay

Question 13

What are the U.S. Commerce Department controls on technology exports known as?

Options:

A.

ITAR

B.

DRM

C.

EAR

D.

EAL

Question 14

Which of the following is not a risk management framework?

Options:

A.

COBIT

B.

Hex GBL

C.

ISO 31000:2009

D.

NIST SP 800-37

Question 15

With the rapid emergence of cloud computing, very few regulations were in place that pertained to it specifically, and organizations often had to resort to using a collection of regulations that were not specific to cloud in order to drive audits and policies.

Which standard from the ISO/IEC was designed specifically for cloud computing?

Options:

A.

ISO/IEC 27001

B.

ISO/IEC 19889

C.

ISO/IEC 27001:2015

D.

ISO/IEC 27018

Question 16

Which data protection strategy would be useful for a situation where the ability to remove sensitive data from a set is needed, but a requirement to retain the ability to map back to the original values is also present?

Options:

A.

Masking

B.

Tokenization

C.

Encryption

D.

Anonymization

Question 17

Web application firewalls (WAFs) are designed primarily to protect applications from common attacks like:

Options:

A.

Ransomware

B.

Syn floods

C.

XSS and SQL injection

D.

Password cracking

Question 18

Which ITIL component focuses on ensuring that system resources, processes, and personnel are properly allocated to meet SLA requirements?

Options:

A.

Continuity management

B.

Availability management

C.

Configuration management

D.

Problem management

Question 19

DLP can be combined with what other security technology to enhance data controls?

Options:

A.

DRM

B.

Hypervisor

C.

SIEM

D.

Kerberos

Question 20

Most APIs will support a variety of different data formats or structures.

However, the SOAP API will only support which one of the following data formats?

Options:

A.

XML

B.

XSLT

C.

JSON

D.

SAML

Question 21

ISO/IEC has established international standards for many aspects of computing and any processes or procedures related to information technology.

Which ISO/IEC standard has been established to provide a framework for handling eDiscovery processes?

Options:

A.

ISO/IEC 27001

B.

ISO/IEC 27002

C.

ISO/IEC 27040

D.

ISO/IEC 27050

Question 22

Different types of audits are intended for different audiences, such as internal, external, regulatory, and so on.

Which of the following audits are considered "restricted use" versus being for a more broad audience?

Options:

A.

SOC Type 2

B.

SOC Type 1

C.

SOC Type 3

D.

SAS-70

Question 23

The European Union is often considered the world leader in regard to the privacy of personal data and has declared privacy to be a "human right."

In what year did the EU first assert this principle?

Options:

A.

1995

B.

2000

C.

2010

D.

1999

Question 24

Clustered systems can be used to ensure high availability and load balancing across individual systems through a variety of methodologies.

What process is used within a clustered system to ensure proper load balancing and to maintain the health of the overall system to provide high availability?

Options:

A.

Distributed clustering

B.

Distributed balancing

C.

Distributed optimization

D.

Distributed resource scheduling

Question 25

Which of the following is considered an internal redundancy for a data center?

Options:

A.

Power feeds

B.

Chillers

C.

Network circuits

D.

Generators

Question 26

Firewalls are used to provide network security throughout an enterprise and to control what information can be accessed--and to a certain extent, through what means.

Which of the following is NOT something that firewalls are concerned with?

Options:

A.

IP address

B.

Encryption

C.

Port

D.

Protocol

Question 27

What is a serious complication an organization faces from the compliance perspective with international operations?

Options:

A.

Multiple jurisdictions

B.

Different certifications

C.

Different operational procedures

D.

Different capabilities

Question 28

Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user’s valid credentials?

Options:

A.

Injection

B.

Missing function-level access control

C.

Cross-site scripting

D.

Cross-site request forgery

Question 29

Which cloud storage type resembles a virtual hard drive and can be utilized in the same manner and with the same type of features and capabilities?

Options:

A.

Volume

B.

Unstructured

C.

Structured

D.

Object

Question 30

Which of the following threat types can occur when baselines are not appropriately applied or when unauthorized changes are made?

Options:

A.

Security misconfiguration

B.

Insecure direct object references

C.

Unvalidated redirects and forwards

D.

Sensitive data exposure

Question 31

Which of the following statements best describes a Type 1 hypervisor?

Options:

A.

The hypervisor software runs within an operating system tied to the hardware.

B.

The hypervisor software runs as a client on a server and needs an external service to administer it.

C.

The hypervisor software runs on top of an application layer.

D.

The hypervisor software runs directly on “bare metal” without an intermediary.

Question 32

From a security perspective, what component of a cloud computing infrastructure represents the biggest concern?

Options:

A.

Hypervisor

B.

Management plane

C.

Object storage

D.

Encryption

Question 33

When dealing with PII, which category pertains to those requirements that can carry legal sanctions or penalties for failure to adequately safeguard the data and address compliance requirements?

Options:

A.

Contractual

B.

Jurisdictional

C.

Regulated

D.

Legal

Question 34

With a cloud service category where the cloud customer is responsible for deploying all services, systems, and components needed for their applications, which of the following storage types are MOST likely to be available to them?

Options:

A.

Structured and hierarchical

B.

Volume and object

C.

Volume and database

D.

Structured and unstructured

Question 35

Many of the traditional concepts of systems and services for a traditional data center also apply to the cloud. Both are built around key computing concepts.

Which of the following compromise the two facets of computing?

Options:

A.

CPU and software

B.

CPU and storage

C.

CPU and memory

D.

Memory and networking

Question 36

Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?

Options:

A.

Memory

B.

Number of users

C.

Storage

D.

CPU

Question 37

Data centers have enormous power resources that are distributed and consumed throughout the entire facility.

Which of the following standards pertains to the proper fire safety standards within that scope?

Options:

A.

IDCA

B.

BICSI

C.

NFPA

D.

Uptime Institute

Question 38

In order to ensure ongoing compliance with regulatory requirements, which phase of the cloud data lifecycle must be tested regularly?

Options:

A.

Archive

B.

Share

C.

Store

D.

Destroy

Question 39

Which of the cloud deployment models involves spanning multiple cloud environments or a mix of cloud hosting models?

Options:

A.

Community

B.

Public

C.

Hybrid

D.

Private

Question 40

Which of the following would be a reason to undertake a BCDR test?

Options:

A.

Functional change of the application

B.

Change in staff

C.

User interface overhaul of the application

D.

Change in regulations

Question 41

Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?

Options:

A.

Functionality

B.

Programming languages

C.

Software platform

D.

Security requirements

Question 42

From a security perspective, which of the following is a major concern when evaluating possible BCDR solutions?

Options:

A.

Access provisioning

B.

Auditing

C.

Jurisdictions

D.

Authorization

Question 43

Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders?

Options:

A.

Russia

B.

France

C.

Germany

D.

United States

Question 44

Which type of controls are the SOC Type 1 reports specifically focused on?

Options:

A.

Integrity

B.

PII

C.

Financial

D.

Privacy

Question 45

What is the concept of segregating information or processes, within the same system or application, for security reasons?

Options:

A.

fencing

B.

Sandboxing

C.

Cellblocking

D.

Pooling

Question 46

Who would be responsible for implementing IPsec to secure communications for an application?

Options:

A.

Developers

B.

Systems staff

C.

Auditors

D.

Cloud customer

Question 47

Which process serves to prove the identity and credentials of a user requesting access to an application or data?

Options:

A.

Repudiation

B.

Authentication

C.

Identification

D.

Authorization

Question 48

Which security concept is focused on the trustworthiness of data?

Options:

A.

Integrity

B.

Availability

C.

Nonrepudiation

D.

Confidentiality

Question 49

Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met?

Options:

A.

Regulatory requirements

B.

SLAs

C.

Auditability

D.

Governance

Question 50

Which of the following is the MOST important requirement and guidance for testing during an audit?

Options:

A.

Stakeholders

B.

Shareholders

C.

Management

D.

Regulations

Question 51

Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?

Options:

A.

Infrastructure

B.

Platform

C.

Application

D.

Data

Question 52

What provides the information to an application to make decisions about the authorization level appropriate when granting access?

Options:

A.

User

B.

Relying party

C.

Federation

D.

Identity Provider

Question 53

Which of the following is NOT a key area for performance monitoring as far as an SLA is concerned?

Options:

A.

CPU

B.

Users

C.

Memory

D.

Network

Question 54

What type of data does data rights management (DRM) protect?

Options:

A.

Consumer

B.

PII

C.

Financial

D.

Healthcare

Question 55

Which of the following is NOT something that an HIDS will monitor?

Options:

A.

Configurations

B.

User logins

C.

Critical system files

D.

Network traffic

Question 56

Which approach is typically the most efficient method to use for data discovery?

Options:

A.

Metadata

B.

Content analysis

C.

Labels

D.

ACLs

Question 57

Which security concept, if implemented correctly, will protect the data on a system, even if a malicious actor gains access to the actual system?

Options:

A.

Sandboxing

B.

Encryption

C.

Firewalls

D.

Access control

Question 58

Which of the following storage types is most closely associated with a traditional file system and tree structure?

Options:

A.

Volume

B.

Unstructured

C.

Object

D.

Structured

Question 59

Which aspect of archiving must be tested regularly for the duration of retention requirements?

Options:

A.

Availability

B.

Recoverability

C.

Auditability

D.

Portability

Question 60

Which United States law is focused on data related to health records and privacy?

Options:

A.

Safe Harbor

B.

SOX

C.

GLBA

D.

HIPAA

Question 61

Which of the following does NOT relate to the hiding of sensitive data from data sets?

Options:

A.

Obfuscation

B.

Federation

C.

Masking

D.

Anonymization

Question 62

Which of the following are the storage types associated with PaaS?

Options:

A.

Structured and freeform

B.

Volume and object

C.

Structured and unstructured

D.

Database and file system

Question 63

Which of the following roles is responsible for gathering metrics on cloud services and managing cloud deployments and the deployment processes?

Options:

A.

Cloud service business manager

B.

Cloud service operations manager

C.

Cloud service manager

D.

Cloud service deployment manager

Question 64

Which protocol does the REST API depend on?

Options:

A.

HTTP

B.

XML

C.

SAML

D.

SSH

Question 65

Which of the following APIs are most commonly used within a cloud environment?

Options:

A.

REST and SAML

B.

SOAP and REST

C.

REST and XML

D.

XML and SAML

Question 66

What must be secured on physical hardware to prevent unauthorized access to systems?

Options:

A.

BIOS

B.

SSH

C.

RDP

D.

ALOM

Question 67

Why does a Type 2 hypervisor typically offer less security control than a Type 1 hypervisor?

Options:

A.

A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.

B.

A Type 2 hypervisor allows users to directly perform some functions with their own access.

C.

A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities with that access.

D.

A Type 2 hypervisor is always exposed to the public Internet for federated identity access.

Question 68

GAAPs are created and maintained by which organization?

Options:

A.

ISO/IEC

B.

AICPA

C.

PCI Council

D.

ISO

Question 69

Which of the following is NOT a criterion for data within the scope of eDiscovery?

Options:

A.

Possession

B.

Custody

C.

Control

D.

Archive

Question 70

Which of the following publishes the most commonly used standard for data center design in regard to tiers and topologies?

Options:

A.

IDCA

B.

Uptime Institute

C.

NFPA

D.

BICSI

Question 71

Which type of cloud model typically presents the most challenges to a cloud customer during the "destroy" phase of the cloud data lifecycle?

Options:

A.

IaaS

B.

DaaS

C.

SaaS

D.

PaaS

Question 72

Within an Infrastructure as a Service model, which of the following would NOT be a measured service?

Options:

A.

CPU

B.

Storage

C.

Number of users

D.

Memory

Question 73

Which of the following would NOT be considered part of resource pooling with an Infrastructure as a Service implementation?

Options:

A.

Storage

B.

Application

C.

Mamory

D.

CPU

Question 74

Which United States law is focused on accounting and financial practices of organizations?

Options:

A.

Safe Harbor

B.

GLBA

C.

SOX

D.

HIPAA

Question 75

Which technology is NOT commonly used for security with data in transit?

Options:

A.

DNSSEC

B.

IPsec

C.

VPN

D.

HTTPS

Question 76

Which of the following storage types is most closely associated with a database-type storage implementation?

Options:

A.

Object

B.

Unstructured

C.

Volume

D.

Structured

Demo: 76 questions
Total 512 questions