CCSP Exam - Certified Cloud Security Professional

NEW QUESTION 1

______ is perhaps the main external factor driving IAM efforts. Response:

• A. Regulation
• B. Business need
• C. The evolving threat landscape
• D. Monetary value

Answer: A

NEW QUESTION 2

Which of the following is not an enforceable governmental request? Response:

• A. Warrant
• B. Subpoena
• C. Court order
• D. Affidavit

Answer: D

NEW QUESTION 3

Which of the following are contractual components that the CSP should review and understand fully when contracting with a cloud service provider?
(Choose two.)

• A. Concurrently maintainable site infrastructure
• B. Use of subcontractors
• C. Redundant site infrastructure capacity components
• D. Scope of processing

Answer: BD

NEW QUESTION 4

You have been tasked with creating an audit scope statement and are making your project outline. Which of the following is NOT typically included in an audit scope statement?

• A. Statement of purpose
• B. Deliverables
• C. Classification
• D. Costs

Answer: D

NEW QUESTION 5

At which phase of the SDLC process should security begin participating? Response:

• A. Requirements gathering
• B. Requirements analysis
• C. Design
• D. Testing

Answer: A

NEW QUESTION 6

What principle must always been included with an SOC 2 report? Response:

• A. Confidentiality
• B. Security
• C. Privacy
• D. Processing integrity

Answer: B

NEW QUESTION 7

When a user accesses a system, what process determines the roles and privileges that user is granted within the application?
Response:

• A. Authorization
• B. Authentication
• C. Provisioning
• D. Privilege

Answer: A

NEW QUESTION 8

Which of the following is the best example of a key component of regulated PII? Response:

• A. Items that should be implemented
• B. Mandatory breach reporting
• C. Audit rights of subcontractors
• D. PCI DSS

Answer: B

NEW QUESTION 9

Anonymization is the process of removing from data sets. Response:

• A. Access
• B. Cryptographic keys
• C. Numeric values
• D. Identifying information

Answer: D

NEW QUESTION 10

Which of the following is NOT a core component of an SIEM solution? Response:

• A. Correlation
• B. Aggregation
• C. Compliance
• D. Escalation

Answer: D

NEW QUESTION 11

Which of the following aspects of the BC/DR process poses a risk to the organization? Response:

• A. Threat intelligence gathering
• B. Preplacement of response assets
• C. Budgeting for disaster
• D. Full testing of the plan

Answer: D

NEW QUESTION 12

A denial of service (DoS) attack can potentially impact all customers within a cloud environment with the continued allocation of additional resources. Which of the following can be useful for a customer to protect themselves from a DoS attack against another customer?
Response:

• A. Limits
• B. Reservations
• C. Shares
• D. Borrows

Answer: B

NEW QUESTION 13

What type of identity system allows trust and verifications between the authentication systems of multiple organizations?
Response:

• A. Federated
• B. Collaborative
• C. Integrated
• D. Bidirectional

Answer: A

NEW QUESTION 14

In general, a cloud BCDR solution will be ______ than a physical solution. Response:

• A. Slower
• B. Less expensive
• C. Larger
• D. More difficult to engineer

Answer: B

NEW QUESTION 15

The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “using components with known vulnerabilities.”
Why would an organization ever use components with known vulnerabilities to create software? Response:

• A. The organization is insured.
• B. The particular vulnerabilities only exist in a context not being used by developers.
• C. Some vulnerabilities only exist in foreign countries.
• D. A component might have a hidden vulnerability.

Answer: B

NEW QUESTION 16

You are the security manager for a small retail business involved mainly in direct e-commerce transactions with individual customers (members of the public). The bulk of your market is in Asia, but you do fulfill orders globally.
Your company has its own data center located within its headquarters building in Hong Kong, but it also uses a public cloud environment for contingency backup and archiving purposes. Your company has decided to expand its business to include selling and monitoring life-support equipment for medical providers.
What characteristic do you need to ensure is offered by your cloud provider? Response:

• A. Full automation of security controls within the cloud data center
• B. Tier 4 of the Uptime Institute certifications
• C. Global remote access
• D. Prevention of ransomware infections

Answer: B

NEW QUESTION 17

The Transport Layer Security (TLS) protocol creates a secure communications channel over public media (such as the Internet). In a typical TLS session, what is the usual means for establishing trust between the parties?
Response:

• A. Out-of-band authentication
• B. Multifactor authentication
• C. PKI certificates
• D. Preexisting knowledge of each other

Answer: C

NEW QUESTION 18

Which of the following is not a way to manage risk? Response:

• A. Enveloping
• B. Mitigating
• C. Accepting
• D. Transferring

Answer: A

NEW QUESTION 19

Federation should be ______ to the users.
Response:

• A. Hostile
• B. Proportional
• C. Transparent
• D. Expensive

Answer: C

NEW QUESTION 20

You are the security manager for a software development firm. Your company is interested in using a managed cloud service provider for hosting its testing environment. Management is interested in adopting an Agile development style.
This will be typified by which of the following traits? Response:

• A. Reliance on a concrete plan formulated during the Define phase
• B. Rigorous, repeated security testing
• C. Isolated programming experts for specific functional elements
• D. Short, iterative work periods

Answer: D

NEW QUESTION 21

What is the primary security mechanism used to protect SOAP and REST APIs? Response:

• A. Firewalls
• B. XML firewalls
• C. Encryption
• D. WAFs

Answer: C

NEW QUESTION 22

The destruction of a cloud customer’s data can be required by all of the following except ______.
Response:

• A. Statute
• B. Regulation
• C. The cloud provider’s policy
• D. Contract

Answer: C

NEW QUESTION 23

______ can often be the result of inadvertent activity. Response:

• A. DDoS
• B. Phishing
• C. Sprawl
• D. Disasters

Answer: C

NEW QUESTION 24

Which type of software is most likely to be reviewed by the most personnel, with the most varied perspectives?
Response:

• A. Database management software
• B. Open source software
• C. Secure software
• D. Proprietary software

Answer: B

NEW QUESTION 25

Which of the following is the best and only completely secure method of data destruction? Response:

• A. Degaussing
• B. Crypto-shredding
• C. Physical destruction of resources that store the data
• D. Legal order issued by the prevailing jurisdiction where the data is geographically situated

Answer: C

NEW QUESTION 26
......