New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CCSP Certified Cloud Security Professional Questions and Answers

Questions 4

Which of the following is a widely used tool for code development, branching, and collaboration?

Options:

A.

GitHub

B.

Maestro

C.

Orchestrator

D.

Conductor

Buy Now
Questions 5

What process is used within a clustered system to provide high availability and load balancing?

Options:

A.

Dynamic balancing

B.

Dynamic clustering

C.

Dynamic optimization

D.

Dynamic resource scheduling

Buy Now
Questions 6

What is the biggest challenge to data discovery in a cloud environment?

Options:

A.

Format

B.

Ownership

C.

Location

D.

Multitenancy

Buy Now
Questions 7

Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?

Options:

A.

Functionality

B.

Programming languages

C.

Software platform

D.

Security requirements

Buy Now
Questions 8

Which aspect of cloud computing makes data classification even more vital than in a traditional data center?

Options:

A.

Interoperability

B.

Virtualization

C.

Multitenancy

D.

Portability

Buy Now
Questions 9

What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?

Options:

A.

Proxy

B.

Bastion

C.

Honeypot

D.

WAF

Buy Now
Questions 10

Your boss has tasked your team with getting your legacy systems and applications connected with new cloud-based services that management has decided are crucial to customer service and offerings.

Which role would you be assuming under this directive?

Options:

A.

Cloud service administrator

B.

Cloud service user

C.

Cloud service integrator

D.

Cloud service business manager

Buy Now
Questions 11

Which aspect of cloud computing serves as the biggest challenge to using DLP to protect data at rest?

Options:

A.

Portability

B.

Resource pooling

C.

Interoperability

D.

Reversibility

Buy Now
Questions 12

Which of the following storage types is most closely associated with a traditional file system and tree structure?

Options:

A.

Volume

B.

Unstructured

C.

Object

D.

Structured

Buy Now
Questions 13

Configurations and policies for a system can come from a variety of sources and take a variety of formats. Which concept pertains to the application of a set of configurations and policies that is applied to all systems or a class of systems?

Options:

A.

Hardening

B.

Leveling

C.

Baselines

D.

Standards

Buy Now
Questions 14

Gap analysis is performed for what reason?

Options:

A.

To begin the benchmarking process

B.

To assure proper accounting practices are being used

C.

To provide assurances to cloud customers

D.

To ensure all controls are in place and working properly

Buy Now
Questions 15

Which aspect of security is DNSSEC designed to ensure?

Options:

A.

Integrity

B.

Authentication

C.

Availability

D.

Confidentiality

Buy Now
Questions 16

Which of the following types of data would fall under data rights management (DRM) rather than information rights management (IRM)?

Options:

A.

Personnel data

B.

Security profiles

C.

Publications

D.

Financial records

Buy Now
Questions 17

Which component of ITIL involves handling anything that can impact services for either internal or public users?

Options:

A.

Incident management

B.

Deployment management

C.

Problem management

D.

Change management

Buy Now
Questions 18

DLP can be combined with what other security technology to enhance data controls?

Options:

A.

DRM

B.

Hypervisor

C.

SIEM

D.

Kerberos

Buy Now
Questions 19

For performance purposes, OS monitoring should include all of the following except:

Options:

A.

Disk space

B.

Disk I/O usage

C.

CPU usage

D.

Print spooling

Buy Now
Questions 20

Which of the following jurisdictions lacks a comprehensive national policy on data privacy and the protection of personally identifiable information (PII)?

Options:

A.

European Union

B.

Asian-Pacific Economic Cooperation

C.

United States

D.

Russia

Buy Now
Questions 21

Where is a DLP solution generally installed when utilized for monitoring data in use?

Options:

A.

Application server

B.

Database server

C.

Network perimeter

D.

User’s client

Buy Now
Questions 22

An SLA contains the official requirements for contract performance and satisfaction between the cloud provider and cloud customer. Which of the following would NOT be a component with measurable metrics and requirements as part of an SLA?

Options:

A.

Network

B.

Users

C.

Memory

D.

CPU

Buy Now
Questions 23

Which of the following is NOT one of five principles of SOC Type 2 audits?

Options:

A.

Privacy

B.

Processing integrity

C.

Financial

D.

Security

Buy Now
Questions 24

Which of the following is not a risk management framework?

Options:

A.

COBIT

B.

Hex GBL

C.

ISO 31000:2009

D.

NIST SP 800-37

Buy Now
Questions 25

Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments?

Options:

A.

Platform

B.

Infrastructure

C.

Software

D.

Desktop

Buy Now
Questions 26

Your new CISO is placing increased importance and focus on regulatory compliance as your applications and systems move into cloud environments.

Which of the following would NOT be a major focus of yours as you develop a project plan to focus on regulatory compliance?

Options:

A.

Data in transit

B.

Data in use

C.

Data at rest

D.

Data custodian

Buy Now
Questions 27

BCDR strategies do not typically involve the entire operations of an organization, but only those deemed critical to their business.

Which concept pertains to the amount of services that need to be recovered to meet BCDR objectives?

Options:

A.

RSL

B.

RTO

C.

RPO

D.

SRE

Buy Now
Questions 28

Which of the following is NOT one of the official risk rating categories?

Options:

A.

Critical

B.

Low

C.

Catastrophic

D.

Minimal

Buy Now
Questions 29

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?

Options:

A.

Missing function level access control

B.

Cross-site scripting

C.

Cross-site request forgery

D.

Injection

Buy Now
Questions 30

In order to comply with regulatory requirements, which of the following secure erasure methods would be available to a cloud customer using volume storage within the IaaS service model?

Options:

A.

Demagnetizing

B.

Shredding

C.

Degaussing

D.

Cryptographic erasure

Buy Now
Questions 31

Implementing baselines on systems would take an enormous amount of time and resources if the staff had to apply them to each server, and over time, it would be almost impossible to keep all the systems in sync on an ongoing basis.

Which of the following is NOT a package that can be used for implementing and maintaining baselines across an enterprise?

Options:

A.

Puppet

B.

SCCM

C.

Chef

D.

GitHub

Buy Now
Questions 32

Within a federated identity system, which entity accepts tokens from the identity provider?

Options:

A.

Assertion manager

B.

Servicing party

C.

Proxy party

D.

Relying party

Buy Now
Questions 33

The GAPP framework was developed through a joint effort between the major Canadian and American professional accounting associations in order to assist their members with managing and preventing risks to the privacy of their data and customers.

Which of the following is the meaning of GAPP?

Options:

A.

General accounting personal privacy

B.

Generally accepted privacy practices

C.

Generally accepted privacy principles

D.

General accounting privacy policies

Buy Now
Questions 34

What are the U.S. State Department controls on technology exports known as?

Options:

A.

DRM

B.

ITAR

C.

EAR

D.

EAL

Buy Now
Questions 35

In addition to battery backup, a UPS can offer which capability?

Options:

A.

Breach alert

B.

Confidentiality

C.

Communication redundancy

D.

Line conditioning

Buy Now
Questions 36

Which of the following aspects of cloud computing would make it more likely that a cloud provider would be unwilling to satisfy specific certification requirements?

Options:

A.

Regulation

B.

Multitenancy

C.

Virtualization

D.

Resource pooling

Buy Now
Questions 37

Which of the following is NOT an application or utility to apply and enforce baselines on a system?

Options:

A.

Chef

B.

GitHub

C.

Puppet

D.

Active Directory

Buy Now
Questions 38

Which aspect of archiving must be tested regularly for the duration of retention requirements?

Options:

A.

Availability

B.

Recoverability

C.

Auditability

D.

Portability

Buy Now
Questions 39

Which of the following are attributes of cloud computing?

Options:

A.

Minimal management effort and shared resources

B.

High cost and unique resources

C.

Rapid provisioning and slow release of resources

D.

Limited access and service provider interaction

Buy Now
Questions 40

The baseline should cover which of the following?

Options:

A.

Data breach alerting and reporting

B.

All regulatory compliance requirements

C.

As many systems throughout the organization as possible

D.

A process for version control

Buy Now
Questions 41

Which data point that auditors always desire is very difficult to provide within a cloud environment?

Options:

A.

Access policy

B.

Systems architecture

C.

Baselines

D.

Privacy statement

Buy Now
Questions 42

Digital investigations have adopted many of the same methodologies and protocols as other types of criminal or scientific inquiries.

What term pertains to the application of scientific norms and protocols to digital investigations?

Options:

A.

Scientific

B.

Investigative

C.

Methodological

D.

Forensics

Buy Now
Questions 43

Within a federated identity system, which of the following would you be MOST likely to use for sending information for consumption by a relying party?

Options:

A.

XML

B.

HTML

C.

WS-Federation

D.

SAML

Buy Now
Questions 44

The president of your company has tasked you with implementing cloud services as the most efficient way of obtaining a robust disaster recovery configuration for your production services.

Which of the cloud deployment models would you MOST likely be exploring?

Options:

A.

Hybrid

B.

Private

C.

Community

D.

Public

Buy Now
Questions 45

Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?

Options:

A.

Injection

B.

Missing function-level access control

C.

Cross-site scripting

D.

Cross-site request forgery

Buy Now
Questions 46

Which of the following pertains to fire safety standards within a data center, specifically with their enormous electrical consumption?

Options:

A.

NFPA

B.

BICSI

C.

IDCA

D.

Uptime Institute

Buy Now
Questions 47

Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met?

Options:

A.

Regulatory requirements

B.

SLAs

C.

Auditability

D.

Governance

Buy Now
Questions 48

Which of the following is NOT part of a retention policy?

Options:

A.

Format

B.

Costs

C.

Accessibility

D.

Duration

Buy Now
Questions 49

Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment, and only for the duration that they are consuming them?

Options:

A.

Consumable service

B.

Measured service

C.

Billable service

D.

Metered service

Buy Now
Questions 50

What expectation of data custodians is made much more challenging by a cloud implementation, especially with PaaS or SaaS?

Options:

A.

Data classification

B.

Knowledge of systems

C.

Access to data

D.

Encryption requirements

Buy Now
Questions 51

What is the first stage of the cloud data lifecycle where security controls can be implemented?

Options:

A.

Use

B.

Store

C.

Share

D.

Create

Buy Now
Questions 52

Which of the following actions will NOT make data part of the "create" phase of the cloud data lifecycle?

Options:

A.

Modifying metadata

B.

Importing data

C.

Modifying data

D.

Constructing new data

Buy Now
Questions 53

Which of the following is not a component of contractual PII?

Options:

A.

Scope of processing

B.

Value of data

C.

Location of data

D.

Use of subcontractors

Buy Now
Questions 54

How is an object stored within an object storage system?

Options:

A.

Key value

B.

Database

C.

LDAP

D.

Tree structure

Buy Now
Questions 55

Which of the following are the storage types associated with IaaS?

Options:

A.

Volume and object

B.

Volume and label

C.

Volume and container

D.

Object and target

Buy Now
Questions 56

What is the data encapsulation used with the SOAP protocol referred to?

Options:

A.

Packet

B.

Envelope

C.

Payload

D.

Object

Buy Now
Questions 57

What is a serious complication an organization faces from the perspective of compliance with international operations?

Options:

A.

Different certifications

B.

Multiple jurisdictions

C.

Different capabilities

D.

Different operational procedures

Buy Now
Questions 58

Which of the following is considered an internal redundancy for a data center?

Options:

A.

Power distribution units

B.

Network circuits

C.

Power substations

D.

Generators

Buy Now
Questions 59

Which of the following standards primarily pertains to cabling designs and setups in a data center?

Options:

A.

IDCA

B.

BICSI

C.

NFPA

D.

Uptime Institute

Buy Now
Questions 60

What is the primary reason that makes resolving jurisdictional conflicts complicated?

Options:

A.

Different technology standards

B.

Costs

C.

Language barriers

D.

Lack of international authority

Buy Now
Questions 61

What is the biggest benefit to leasing space in a data center versus building or maintain your own?

Options:

A.

Certification

B.

Costs

C.

Regulation

D.

Control

Buy Now
Questions 62

Which security concept is focused on the trustworthiness of data?

Options:

A.

Integrity

B.

Availability

C.

Nonrepudiation

D.

Confidentiality

Buy Now
Questions 63

On large distributed systems with pooled resources, cloud computing relies on extensive orchestration to maintain the environment and the constant provisioning of resources.

Which of the following is crucial to the orchestration and automation of networking resources within a cloud?

Options:

A.

DNSSEC

B.

DNS

C.

DCOM

D.

DHCP

Buy Now
Questions 64

Which of the following is considered an internal redundancy for a data center?

Options:

A.

Power feeds

B.

Chillers

C.

Network circuits

D.

Generators

Buy Now
Questions 65

Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user’s valid credentials?

Options:

A.

Injection

B.

Missing function-level access control

C.

Cross-site scripting

D.

Cross-site request forgery

Buy Now
Questions 66

When an API is being leveraged, it will encapsulate its data for transmission back to the requesting party or service.

What is the data encapsulation used with the SOAP protocol referred to as?

Options:

A.

Packet

B.

Payload

C.

Object

D.

Envelope

Buy Now
Questions 67

Which cloud deployment model is MOST likely to offer free or very cheap services to users?

Options:

A.

Hybrid

B.

Community

C.

Public

D.

Private

Buy Now
Questions 68

Although much of the attention given to data security is focused on keeping data private and only accessible by authorized individuals, of equal importance is the trustworthiness of the data.

Which concept encapsulates this?

Options:

A.

Validity

B.

Integrity

C.

Accessibility

D.

Confidentiality

Buy Now
Questions 69

Which of the following threat types involves the sending of invalid and manipulated requests through a user's client to execute commands on the application under their own credentials?

Options:

A.

Injection

B.

Cross-site request forgery

C.

Missing function-level access control

D.

Cross-site scripting

Buy Now
Questions 70

The share phase of the cloud data lifecycle involves allowing data to leave the application, to be shared with external systems, services, or even other vendors/contractors.

What technology would be useful for protecting data at this point?

Options:

A.

IDS

B.

DLP

C.

IPS

D.

WAF

Buy Now
Questions 71

Which type of testing uses the same strategies and toolsets that hackers would use?

Options:

A.

Penetration

B.

Dynamic

C.

Static

D.

Malicious

Buy Now
Questions 72

Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?

Options:

A.

Integrity

B.

Availability

C.

Confidentiality

D.

Nonrepudiation

Buy Now
Questions 73

What does static application security testing (SAST) offer as a tool to the testers?

Options:

A.

Production system scanning

B.

Injection attempts

C.

Source code access

D.

Live testing

Buy Now
Questions 74

The SOC Type 2 reports are divided into five principles.

Which of the five principles must also be included when auditing any of the other four principles?

Options:

A.

Confidentiality

B.

Privacy

C.

Security

D.

Availability

Buy Now
Questions 75

Which of the following is a management role, versus a technical role, as it pertains to data management and oversight?

Options:

A.

Data owner

B.

Data processor

C.

Database administrator

D.

Data custodian

Buy Now
Questions 76

When a system needs to be exposed to the public Internet, what type of secure system would be used to perform only the desired operations?

Options:

A.

Firewall

B.

Proxy

C.

Honeypot

D.

Bastion

Buy Now
Exam Code: CCSP
Exam Name: Certified Cloud Security Professional
Last Update: Dec 25, 2024
Questions: 512
CCSP pdf

CCSP PDF

$25.5  $84.99
CCSP Engine

CCSP Testing Engine

$30  $99.99
CCSP PDF + Engine

CCSP PDF + Testing Engine

$40.5  $134.99