Get Ready to Pass the CCSP exam with ISC Latest Practice Exam
Get Prepared for Your CCSP Exam With Actual ISC Study Guide!
ISC CCSP (Certified Cloud Security Professional) Exam is a globally recognized certification for individuals who work with cloud computing technology. It is designed to validate a candidate's knowledge and skills in cloud security, and demonstrate their ability to manage and secure cloud environments. The CCSP certification is offered by the International Information System Security Certification Consortium (ISC)², which is a non-profit organization that is dedicated to providing education and certification programs in the field of information security.
The CCSP certification was created by the International Information System Security Certification Consortium (ISC)² and the Cloud Security Alliance (CSA). The goal of the CCSP certification is to build a common understanding of cloud security practices and promote a globally recognized standard for cloud security expertise.
NEW QUESTION # 95
Clustered systems can be used to ensure high availability and load balancing across individual systems through a variety of methodologies.
What process is used within a clustered system to ensure proper load balancing and to maintain the health of the overall system to provide high availability?
- A. Distributed optimization
- B. Distributed balancing
- C. Distributed resource scheduling
- D. Distributed clustering
Answer: C
Explanation:
Distributed resource scheduling (DRS) is used within all clustered systems as the method for providing high availability, scaling, management, workload distribution, and the balancing of jobs and processes. None of the other choices is the correct term in this case.
NEW QUESTION # 96
During the course of an audit, which of the following would NOT be an input into the control requirements used as part of a gap analysis.
- A. Corporate policy
- B. Contractual requirements
- C. Vendor recommendations
- D. Regulations
Answer: C
Explanation:
Vendor recommendations would not be pertinent to the gap analysis after an audit. Although vendor recommendations will typically play a role in the development of corporate policies or contractual requirements, they are not required. Regulations, corporate policy, and contractual requirements all determine the expected or mandated controls in place on a system.
NEW QUESTION # 97
In addition to battery backup, a UPS can offer which capability?
- A. Breach alert
- B. Confidentiality
- C. Line conditioning
- D. Communication redundancy
Answer: C
Explanation:
A UPS can provide line conditioning, adjusting power so that it is optimized for the devices it serves and smoothing any power fluctuations; it does not offer any of the other listed functions.
NEW QUESTION # 98
What controls the formatting and security settings of a volume storage system within a cloud environment?
- A. SAN host controller
- B. Management plane
- C. Hypervisor
- D. Operating system of the host
Answer: D
Explanation:
Once a storage LUN is allocated to a virtual machine, the operating system of that virtual machine will format, manage, and control the file system and security of the data on that LUN.
NEW QUESTION # 99
The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?
Response:
- A. Cloud customers and third parties are continually enhancing and modifying APIs.
- B. It is impossible to uninstall APIs.
- C. APIs are a form of malware.
- D. APIs can have automated settings.
Answer: A
NEW QUESTION # 100
The BIA can be used to provide information about all the following, except:
- A. Secure acquisition
- B. Risk analysis
- C. BC/DR planning
- D. Selection of security controls
Answer: A
Explanation:
The business impact analysis gathers asset valuation information that is beneficial for risk analysis and selection of security controls (it helps avoid putting the ten-dollar lock on the five- dollar bicycle), and criticality information that helps in BC/DR planning by letting the organization understand which systems, data, and personnel are necessary to continuously maintain.
However, it does not aid secure acquisition efforts, since the assets examined by the BIA have already been acquired.
NEW QUESTION # 101
What are the U.S. Commerce Department controls on technology exports known as?
- A. EAR
- B. DRM
- C. EAL
- D. ITAR
Answer: A
Explanation:
Explanation
EAR is a Commerce Department program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.
NEW QUESTION # 102
Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user's valid credentials?
- A. Cross-site scripting
- B. Missing function-level access control
- C. Cross-site request forgery
- D. Injection
Answer: C
Explanation:
Explanation
Cross-site scripting (XSS) is an attack where a malicious actor is able to send untrusted data to a user's browser without going through any validation or sanitization processes, or perhaps the code is not properly escaped from processing by the browser. The code is then executed on the user's browser with their own access and permissions, allowing the attacker to redirect the user's web traffic, steal data from their session, or potentially access information on the user's own computer that their browser has the ability to access. Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. An injection attack is where a malicious actor sends commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries. Cross-site request forgery occurs when an attack forces an authenticated user to send forged requests to an application running under their own access and credentials.
NEW QUESTION # 103
Heating, ventilation, and air conditioning (HVAC) systems cool the data center by pushing warm air into ____________.
- A. The server inlets
- B. The outside world
- C. Underfloor plenums
- D. HVAC intakes
Answer: B
NEW QUESTION # 104
What are SOCI/SOCII/SOCIII?
- A. Access controls
- B. Software development phases
- C. Risk management frameworks
- D. Audit reports
Answer: D
NEW QUESTION # 105
APIs are defined as which of the following?
- A. A set of routines and tools for building software applications to access web-based software applications
- B. A set of standards for building software applications to access a web-based software application or tool
- C. A set of routines, standards, protocols, and tools for building software applications to access a web- based software application or tool
- D. A set of protocols, and tools for building software applications to access a web-based software application or tool
Answer: C
Explanation:
Explanation/Reference:
Explanation:
All the answers are true, but B is the most complete.
NEW QUESTION # 106
An audit scope statement defines the limits and outcomes from an audit.
Which of the following would NOT be included as part of an audit scope statement?
- A. Certification
- B. Reports
- C. Exclusions
- D. Billing
Answer: D
Explanation:
Billing for an audit, or other cost-related items, would not be part of an audit scope statement and would instead be handled prior to the actual audit as part of the contract between the organization and auditors.
Reports, exclusions to the scope of the audit, and required certifications on behalf of the systems or auditors are all crucial elements of an audit scope statement.
NEW QUESTION # 107
Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?
Response:
- A. Delineating biometric catalogs
- B. Mapping to existing access control lists (ACLs)
- C. Preventing multifactor authentication
- D. Prohibiting unauthorized transposition
Answer: B
NEW QUESTION # 108
The goals of DLP solution implementation include all of the following, except:
- A. Loss of mitigation
- B. Policy enforcement
- C. Elasticity
- D. Data discovery
Answer: C
Explanation:
Explanation
Explanation:
DLP does not have anything to do with elasticity, which is the capability of the environment to scale up or down according to demand. All the rest are goals of DLP implementations.
NEW QUESTION # 109
Which kind of SSAE audit reviews controls dealing with the organization's controls for assuring the confidentiality, integrity, and availability of data?
- A. SOC 4
- B. SOC 3
- C. SOC 2
- D. SOC 1
Answer: C
Explanation:
Explanation
SOC 2 deals with the CIA triad. SOC 1 is for financial reporting. SOC 3 is only an attestation by the auditor.
There is no SOC 4.
NEW QUESTION # 110
Which of the following would NOT be a reason to activate a BCDR strategy?
- A. Natural disaster
- B. Terrorism attack
- C. Utility disruptions
- D. Staffing loss
Answer: D
Explanation:
The loss of staffing would not be a reason to declare a BCDR situation because it does not impact production operations or equipment, and the same staff would be needed for a BCDR situation.
NEW QUESTION # 111
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
- A. RTO
- B. RPO
- C. SRE
- D. RSL
Answer: D
Explanation:
The recovery service level (RSL) is a percentage measure of the total typical production service level that needs to be restored to meet BCDR objectives in the case of a failure.
NEW QUESTION # 112
Which of the following is NOT a focus or consideration of an internal audit?
- A. Certification
- B. Design
- C. Costs
- D. Operational efficiency
Answer: A
Explanation:
In order to obtain and comply with certifications, independent external audits must be performed and satisfied. Although some testing of certification controls can be part of an internal audit, they will not satisfy requirements.
NEW QUESTION # 113
Using one cloud provider for your operational environment and another for your BCDR backup will also give you the additional benefit of ____________.
Response:
- A. Avoiding vendor lock-in/lockout
- B. Lower cost
- C. Allowing any custom VM builds you use to be instantly ported to another environment
- D. Increased performance
Answer: A
NEW QUESTION # 114
An organization could have many reasons that are common throughout the industry to activate a BCDR situation. Which of the following is NOT a typical reason to activate a BCDR plan?
Response:
- A. Natural disaster
- B. Utility outage
- C. Staff loss
- D. Terrorist attack
Answer: C
NEW QUESTION # 115
Which of the following is essential for getting full security value from your system baseline?
Response:
- A. Using a baseline from another industry member so as not to engage in repetitious efforts
- B. Having the baseline vetted by an objective third party
- C. Keeping a copy of upcoming suggested modifications to the baseline
- D. Capturing and storing an image of the baseline
Answer: D
NEW QUESTION # 116
Which of the following is a risk associated with manual patching especially in the cloud?
Response:
- A. Lack of applicability to the environment
- B. No notice before the impact is realized
- C. The possibility for human error
- D. Patches may or may not address the vulnerability they were designed to fix.
Answer: C
NEW QUESTION # 117
In application-level encryption, where does the encryption engine reside?
Response:
- A. In the volume where the database resides
- B. Within the database accessed by the application
- C. In the application accessing the database
- D. In the OS on which the application is run
Answer: C
NEW QUESTION # 118
......
Pass Your Next CCSP Certification Exam Easily & Hassle Free: https://www.dumpexams.com/CCSP-real-answers.html
Free ISC CCSP Exam Question Practice Exams: https://drive.google.com/open?id=1lmIcIx429QJIOGlUVYYu75aaD6GO4qO9