ISC Cloud Security CCSP Dumps Full Questions with Free PDF Questions to Pass [Q354-Q377]

ISC Cloud Security CCSP Dumps Full Questions with Free PDF Questions to Pass

100% Updated ISC CCSP Enterprise PDF Dumps

How to study the CCSP Exam

There are two main types of resources for preparation of certification exams first there are the study guides and the books that are detailed and suitable for building knowledge from ground up then there are video tutorial and lectures that can somehow ease the pain of through study and are comparatively less boring for some candidates yet these demand time and concentration from the learner. Smart Candidates who want to build a solid foundation in all exam topics and related technologies usually combine video lectures with study guides to reap the benefits of both but there is one crucial preparation tool as often overlooked by most candidates the practice exams. Practice exams are built to make students comfortable with the real exam environment. Statistics have shown that most students fail not due to that preparation but due to exam anxiety the fear of the unknown. Dumpexams expert team recommends you to prepare some notes on these topics along with it don’t forget to practice ISC CCSP dumps which been written by our expert team, Both these will help you a lot to clear this exam with good marks.

 

NEW QUESTION 354
Firewalls are used to provide network security throughout an enterprise and to control what information can be accessed--and to a certain extent, through what means.
Which of the following is NOT something that firewalls are concerned with?

• A. Port
• B. Protocol
• C. Encryption
• D. IP address

Answer: C

Explanation:
Firewalls work at the network level and control traffic based on the source, destination, protocol, and ports.
Whether or not the traffic is encrypted is not a factor with firewalls and their decisions about routing traffic.
Firewalls work primarily with IP addresses, ports, and protocols.

 

NEW QUESTION 355
The Cloud Security Alliance's (CSA's) Cloud Controls Matrix (CCM) addresses all the following security architecture elements except ____________.
Response:

• A. Physical security
• B. Application security
• C. IaaS
• D. Business drivers

Answer: D

 

NEW QUESTION 356
The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes "cross-site scripting (XSS)." Which of the following is not a method for reducing the risk of XSS attacks?
Response:

• A. XML escape all identity assertions.
• B. HTML escape JSON values in an HTML context and read the data with JSON.parse.
• C. Sanitize HTML markup with a library designed for the purpose.
• D. Use an auto-escaping template system.

Answer: A

 

NEW QUESTION 357
Which of the following is not a way to manage risk?

• A. Transferring
• B. Accepting
• C. Mitigating
• D. Enveloping

Answer: D

Explanation:
Explanation
Enveloping is a nonsense term, unrelated to risk management. The rest are not.

 

NEW QUESTION 358
Which of the following is NOT one of the components of multifactor authentication?

• A. Something the user knows
• B. Something the user is
• C. Something the user sends
• D. Something the user has

Answer: C

Explanation:
Explanation
Multifactor authentication systems are composed of something the user knows, has, and/or is, not something the user sends. Multifactor authentication commonly uses something that a user knows, has, and/or is (such as biometrics or features).

 

NEW QUESTION 359
At which layer does the IPSec protocol operate to encrypt and protect communications between two parties?
Response:

• A. Transport
• B. Network
• C. Application
• D. Data link

Answer: B

 

NEW QUESTION 360
Which of the following are the storage types associated with PaaS?

• A. Database and file system
• B. Structured and freeform
• C. Volume and object
• D. Structured and unstructured

Answer: D

Explanation:
Explanation

 

NEW QUESTION 361
All of the following entitles are required to use FedRAMP-accredited Cloud Service Providers except ___________.
Response:

• A. The Department of Homeland Security
• B. The CIA
• C. The US post office
• D. Federal Express

Answer: D

 

NEW QUESTION 362
Data centers have enormous power resources that are distributed and consumed throughout the entire facility.
Which of the following standards pertains to the proper fire safety standards within that scope?

• A. IDCA
• B. Uptime Institute
• C. BICSI
• D. NFPA

Answer: D

Explanation:
The National Fire Protection Association (NFPA) publishes a broad range of fire safety and design standards for many different types of facilities. Building Industry Consulting Services International (BICSI) issues certifications for data center cabling. The Uptime Institute publishes the most widely known and used standard for data center topologies and tiers. The International Data Center Authority (IDCA) offers the Infinity Paradigm, which takes a macro-level approach to data center design.

 

NEW QUESTION 363
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?

• A. Injection
• B. Cross-site scripting
• C. Cross-site request forgery
• D. Missing function level access control

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Cross-site scripting (XSS) is an attack where a malicious actor is able to send untrusted data to a user's browser without going through any validation or sanitization processes, or where the code is not properly escaped from processing by the browser. The code is then executed on the user's browser with the user's own access and permissions, allowing an attacker to redirect their web traffic, steal data from their session, or potentially access information on the user's own computer that their browser has the ability to access.

 

NEW QUESTION 364
You are performing an audit of the security controls used in a cloud environment. Which of the following would best serve your purpose?
Response:

• A. A copy of the VM baseline configuration
• B. The business impact analysis (BIA)
• C. The latest version of the company's financial records
• D. A SOC 3 report from another (external) auditor

Answer: A

 

NEW QUESTION 365
What is used with a single sign-on system for authentication after the identity provider has successfully authenticated a user?

• A. Key
• B. SAML
• C. XML
• D. Token

Answer: D

 

NEW QUESTION 366
What are the objectives of change management?
(Choose all that apply.)
Response:

• A. Respond to a customer's changing business requirements while maximizing value and reducing incidents, disruption, and rework
• B. Respond to business and IT requests for change that will disassociate services with business needs
• C. Ensure that changes are recorded and evaluated
• D. Ensure that all changes are prioritized, planned, tested, implemented, documented, and reviewed in a controlled manner

Answer: A,C

 

NEW QUESTION 367
The president of your company has tasked you with implementing cloud services as the most efficient way of obtaining a robust disaster recovery configuration for your production services.
Which of the cloud deployment models would you MOST likely be exploring?

• A. Public
• B. Community
• C. Hybrid
• D. Private

Answer: C

Explanation:
A hybrid cloud model spans two more different hosting configurations or cloud providers. This would enable an organization to continue using its current hosting configuration, while adding additional cloud services to enable disaster recovery capabilities. The other cloud deployment models--public, private, and community--would not be applicable for seeking a disaster recovery configuration where cloud services are to be leveraged for that purpose rather than production service hosting.

 

NEW QUESTION 368
Which of the cloud deployment models offers the easiest initial setup and access for the cloud customer?

• A. Community
• B. Private
• C. Hybrid
• D. Public

Answer: D

Explanation:
Explanation
Because the public cloud model is available to everyone, in most instances all a customer will need to do to gain access is set up an account and provide a credit card number through the service's web portal. No additional contract negotiations, agreements, or specific group memberships are typically needed to get started.

 

NEW QUESTION 369
Which of the following data protection methodologies maintains the ability to connect back values to the original values?

• A. Dynamic mapping
• B. Anonymization
• C. Tokenization
• D. Obfuscation

Answer: C

 

NEW QUESTION 370
Which aspect of SaaS will alleviate much of the time and energy organizations spend on compliance (specifically baselines)?

• A. Standardization
• B. Development
• C. Maintenance
• D. Licensing

Answer: A

Explanation:
With the entire software platform being controlled by the cloud provider, the standardization of configurations and versioning is done automatically for the cloud customer. This alleviates the customer's need to track upgrades and releases for its own systems and development; instead, the onus is on the cloud provider.
Although licensing is the responsibility of the cloud customer within SaaS, it does not have an impact on compliance requirements. Within SaaS, development and maintenance of the system are solely the responsibility of the cloud provider.

 

NEW QUESTION 371
What is the experimental technology that might lead to the possibility of processing encrypted data without having to decrypt it first?

• A. Homomorphic encryption
• B. AES
• C. One-time pads
• D. Link encryption

Answer: A

Explanation:
AES is an encryption standard. Link encryption is a method for protecting communications traffic. One-time pads are an encryption method.

 

NEW QUESTION 372
The cloud customer will have the most control of their data and systems, and the cloud provider will have the least amount of responsibility, in which cloud computing arrangement?

• A. IaaS
• B. SaaS
• C. PaaS
• D. Community cloud

Answer: A

Explanation:
IaaS entails the cloud customer installing and maintaining the OS, programs, and data; PaaS has the customer installing programs and data; in SaaS, the customer only uploads data. In a community cloud, data and device owners are distributed.

 

NEW QUESTION 373
Which data protection strategy would be useful for a situation where the ability to remove sensitive data from a set is needed, but a requirement to retain the ability to map back to the original values is also present?

• A. Anonymization
• B. Tokenization
• C. Encryption
• D. Masking

Answer: B

Explanation:
Tokenization involves the replacement of sensitive data fields with key or token values, which can ultimately be mapped back to the original, sensitive data values. Masking refers to the overall approach to covering sensitive data, and anonymization is a type of masking, where indirect identifiers are removed from a data set to prevent the mapping back of data to an individual.
Encryption refers to the overall process of protecting data via key pairs and protecting confidentiality.

 

NEW QUESTION 374
The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?

• A. Attackers have already published vulnerabilities for all known APIs.
• B. Most of the cloud customer's interaction with resources will be performed through APIs.
• C. APIs are inherently insecure.
• D. APIs are known carcinogens.

Answer: B

 

NEW QUESTION 375
Which of the following storage types is most closely associated with a database-type storage implementation?

• A. Object
• B. Volume
• C. Structured
• D. Unstructured

Answer: C

Explanation:
Explanation
Structured storage involves organized and categorized data, which most closely resembles and operates like a database system would.

 

NEW QUESTION 376
Without the extensive funds of a large corporation, a small-sized company could gain considerable and cost-effective services for which of the following concepts by moving to a cloud environment?

• A. Regulatory
• B. Testing
• C. Security
• D. Development

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Cloud environments, regardless of the specific deployment model used, have extensive and robust security controls in place, especially in regard to physical and infrastructure security. A small company can leverage the extensive security controls and monitoring provided by a cloud provider, which they would unlikely ever be able to afford on their own. Moving to a cloud would not result in any gains for development and testing because these areas require the same rigor regardless of where deployment and hosting occur. Regulatory compliance in a cloud would not be a gain for an organization because it would likely result in additional oversight and auditing as well as require the organization to adapt to a new environment.

 

NEW QUESTION 377
......

Legal, Compliance, & Risk (13%):

• Understand Cloud contract design and outsourcing.
• Understand the privacy issues;
• Understand the audit process, required adaptations, and methodologies for the Cloud environment;
• Understand the inferences of Cloud/enterprise risk management;
• Explain the legal prerequisites and distinctive risks associated with the Cloud environment;

 

Use Valid Exam CCSP by Dumpexams Books For Free Website: https://www.dumpexams.com/CCSP-real-answers.html

Free ISC Cloud Security CCSP Official Cert Guide PDF Download: https://drive.google.com/open?id=14UFCc2rRtpAexwbKii0GuvthcmYbvVb3