New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ISC > Cloud Security > CCSP

CCSP Certified Cloud Security Professional (CCSP) Question and Answers

Question # 4

What process is used within a cloud environment to maintain resource balancing and ensure that resources are available where and when needed?

A.

Dynamic clustering

B.

Dynamic balancing

C.

Dynamic resource scheduling

D.

Dynamic optimization

Full Access
Question # 5

What strategy involves replacing sensitive data with opaque values, usually with a means of mapping it back to the original value?

A.

Masking

B.

Anonymization

C.

Tokenization

D.

Obfuscation

Full Access
Question # 6

Other than cost savings realized due to measured service, what is another facet of cloud computing that will typically save substantial costs in time and money for an organization in the event of a disaster?

A.

Broad network access

B.

Interoperability

C.

Resource pooling

D.

Portability

Full Access
Question # 7

What strategy involves hiding data in a data set to prevent someone from identifying specific individuals based on other data fields present?

A.

Anonymization

B.

Tokenization

C.

Masking

D.

Obfuscation

Full Access
Question # 8

Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?

A.

Platform

B.

Infrastructure

C.

Governance

D.

Application

Full Access
Question # 9

Which of the following service categories entails the least amount of support needed on the part of the cloud customer?

A.

SaaS

B.

IaaS

C.

DaaS

D.

PaaS

Full Access
Question # 10

Which of the following would be a reason to undertake a BCDR test?

A.

Functional change of the application

B.

Change in staff

C.

User interface overhaul of the application

D.

Change in regulations

Full Access
Question # 11

What concept does the "I" represent with the STRIDE threat model?

A.

Integrity

B.

Information disclosure

C.

IT security

D.

Insider threat

Full Access
Question # 12

Which of the following threat types can occur when an application does not properly validate input and can be leveraged to send users to malicious sites that appear to be legitimate?

A.

Unvalidated redirects and forwards

B.

Insecure direct object references

C.

Security miscomfiguration

D.

Sensitive data exposure

Full Access
Question # 13

If you're using iSCSI in a cloud environment, what must come from an external protocol or application?

A.

Kerberos support

B.

CHAP support

C.

Authentication

D.

Encryption

Full Access
Question # 14

What is the only data format permitted with the SOAP API?

A.

HTML

B.

SAML

C.

XSML

D.

XML

Full Access
Question # 15

What is the biggest benefit to leasing space in a data center versus building or maintain your own?

A.

Certification

B.

Costs

C.

Regulation

D.

Control

Full Access
Question # 16

What type of masking strategy involves making a separate and distinct copy of data with masking in place?

A.

Dynamic

B.

Replication

C.

Static

D.

Duplication

Full Access
Question # 17

Which of the following roles is responsible for obtaining new customers and securing contracts and agreements?

A.

Inter-cloud provider

B.

Cloud service broker

C.

Cloud auditor

D.

Cloud service developer

Full Access
Question # 18

Which of the following attempts to establish an international standard for eDiscovery processes and best practices?

A.

ISO/IEC 31000

B.

ISO/IEC 27050

C.

ISO/IEC 19888

D.

ISO/IEC 27001

Full Access
Question # 19

GAAPs are created and maintained by which organization?

A.

ISO/IEC

B.

AICPA

C.

PCI Council

D.

ISO

Full Access
Question # 20

Which of the following is the optimal humidity level for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?

A.

30-50 percent relative humidity

B.

50-75 percent relative humidity

C.

20-40 percent relative humidity

D.

40-60 percent relative humidity

Full Access
Question # 21

Which of the following APIs are most commonly used within a cloud environment?

A.

REST and SAML

B.

SOAP and REST

C.

REST and XML

D.

XML and SAML

Full Access
Question # 22

What is the data encapsulation used with the SOAP protocol referred to?

A.

Packet

B.

Envelope

C.

Payload

D.

Object

Full Access
Question # 23

Which of the following roles involves the connection and integration of existing systems and services to a cloud environment?

A.

Cloud service business manager

B.

Cloud service user

C.

Cloud service administrator

D.

Cloud service integrator

Full Access
Question # 24

When is a virtual machine susceptible to attacks while a physical server in the same state would not be?

A.

When it is behind a WAF

B.

When it is behind an IPS

C.

When it is not patched

D.

When it is powered off

Full Access
Question # 25

Which of the following roles is responsible for overseeing customer relationships and the processing of financial transactions?

A.

Cloud service manager

B.

Cloud service deployment

C.

Cloud service business manager

D.

Cloud service operations manager

Full Access
Question # 26

What is the biggest negative to leasing space in a data center versus building or maintain your own?

A.

Costs

B.

Control

C.

Certification

D.

Regulation

Full Access
Question # 27

Which publication from the United States National Institute of Standards and Technology pertains to defining cloud concepts and definitions for the various core components of cloud computing?

A.

SP 800-153

B.

SP 800-145

C.

SP 800-53

D.

SP 800-40

Full Access
Question # 28

What are the two protocols that TLS uses?

A.

Handshake and record

B.

Transport and initiate

C.

Handshake and transport

D.

Record and transmit

Full Access
Question # 29

Which of the following roles is responsible for gathering metrics on cloud services and managing cloud deployments and the deployment processes?

A.

Cloud service business manager

B.

Cloud service operations manager

C.

Cloud service manager

D.

Cloud service deployment manager

Full Access
Question # 30

Which of the following roles involves the provisioning and delivery of cloud services?

A.

Cloud service deployment manager

B.

Cloud service business manager

C.

Cloud service manager

D.

Cloud service operations manager

Full Access
Question # 31

What is an experimental technology that is intended to create the possibility of processing encrypted data without having to decrypt it first?

A.

Quantum-state

B.

Polyinstantiation

C.

Homomorphic

D.

Gastronomic

Full Access
Question # 32

During the course of an audit, which of the following would NOT be an input into the control requirements used as part of a gap analysis.

A.

Contractual requirements

B.

Regulations

C.

Vendor recommendations

D.

Corporate policy

Full Access
Question # 33

Data masking can be used to provide all of the following functionality, except:

A.

Test data in sandboxed environments

B.

Authentication of privileged users

C.

Enforcing least privilege

D.

Secure remote access

Full Access
Question # 34

What concept does the A represent within the DREAD model?

A.

Affected users

B.

Authorization

C.

Authentication

D.

Affinity

Full Access
Question # 35

The different cloud service models have varying levels of responsibilities for functions and operations depending with the model's level of service.

In which of the following models would the responsibility for patching lie predominantly with the cloud customer?

A.

DaaS

B.

SaaS

C.

PaaS

D.

IaaS

Full Access
Question # 36

When a system needs to be exposed to the public Internet, what type of secure system would be used to perform only the desired operations?

A.

Firewall

B.

Proxy

C.

Honeypot

D.

Bastion

Full Access
Question # 37

There are many situations when testing a BCDR plan is appropriate or mandated.

Which of the following would not be a necessary time to test a BCDR plan?

A.

After software updates

B.

After regulatory changes

C.

After major configuration changes

D.

Annually

Full Access
Question # 38

In which cloud service model is the customer required to maintain the OS?

A.

Iaas

B.

CaaS

C.

PaaS

D.

SaaS

Full Access
Question # 39

What is the intellectual property protection for the tangible expression of a creative idea?

A.

Trade secret

B.

Copyright

C.

Trademark

D.

Patent

Full Access
Question # 40

Which component of ITIL involves the creation of an RFC ticket and obtaining official approvals for it?

A.

Problem management

B.

Release management

C.

Deployment management

D.

Change management

Full Access
Question # 41

Gathering business requirements can aid the organization in determining all of this information about organizational assets, except:

A.

Full inventory

B.

Criticality

C.

Value

D.

Usefulness

Full Access
Question # 42

Cloud systems are increasingly used for BCDR solutions for organizations.

What aspect of cloud computing makes their use for BCDR the most attractive?

A.

On-demand self-service

B.

Measured service

C.

Portability

D.

Broad network access

Full Access
Question # 43

Which kind of SSAE audit report is most beneficial for a cloud customer, even though it’s unlikely the cloud provider will share it?

A.

SOC 3

B.

SOC 1 Type 2

C.

SOC 2 Type 2

D.

SOC 1 Type 1

Full Access
Question # 44

Which of the following types of data would fall under data rights management (DRM) rather than information rights management (IRM)?

A.

Personnel data

B.

Security profiles

C.

Publications

D.

Financial records

Full Access
Question # 45

What type of masking would you employ to produce a separate data set for testing purposes based on production data without any sensitive information?

A.

Dynamic

B.

Tokenized

C.

Replicated

D.

Static

Full Access
Question # 46

In a federated identity arrangement using a trusted third-party model, who is the identity provider and who is the relying party?

A.

The users of the various organizations within the federations within the federation/a CASB

B.

Each member organization/a trusted third party

C.

Each member organization/each member organization

D.

A contracted third party/the various member organizations of the federation

Full Access
Question # 47

Which of the following roles is responsible for creating cloud components and the testing and validation of services?

A.

Cloud auditor

B.

Inter-cloud provider

C.

Cloud service broker

D.

Cloud service developer

Full Access
Question # 48

Key maintenance and security are paramount within a cloud environment due to the widespread use of encryption for both data and transmissions.

Which of the following key-management systems would provide the most robust control over and ownership of the key-management processes for the cloud customer?

A.

Remote key management service

B.

Local key management service

C.

Client key management service

D.

Internal key management service

Full Access
Question # 49

On large distributed systems with pooled resources, cloud computing relies on extensive orchestration to maintain the environment and the constant provisioning of resources.

Which of the following is crucial to the orchestration and automation of networking resources within a cloud?

A.

DNSSEC

B.

DNS

C.

DCOM

D.

DHCP

Full Access
Question # 50

Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments?

A.

Platform

B.

Infrastructure

C.

Software

D.

Desktop

Full Access
Question # 51

Which of the cloud deployment models requires the cloud customer to be part of a specific group or organization in order to host cloud services within it?

A.

Community

B.

Hybrid

C.

Private

D.

Public

Full Access
Question # 52

Which of the following can be useful for protecting cloud customers from a denial-of-service (DoS) attack against another customer hosted in the same cloud?

A.

Reservations

B.

Measured service

C.

Limits

D.

Shares

Full Access
Question # 53

Which aspect of cloud computing makes it very difficult to perform repeat audits over time to track changes and compliance?

A.

Virtualization

B.

Multitenancy

C.

Resource pooling

D.

Dynamic optimization

Full Access
Question # 54

Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met?

A.

Regulatory requirements

B.

SLAs

C.

Auditability

D.

Governance

Full Access
Question # 55

Which of the following service capabilities gives the cloud customer the most control over resources and configurations?

A.

Desktop

B.

Platform

C.

Infrastructure

D.

Software

Full Access
Question # 56

Which of the cloud deployment models offers the easiest initial setup and access for the cloud customer?

A.

Hybrid

B.

Community

C.

Private

D.

Public

Full Access
Question # 57

What concept does the "A" represent in the DREAD model?

A.

Affected users

B.

Authentication

C.

Affinity

D.

Authorization

Full Access
Question # 58

Different certifications and standards take different approaches to data center design and operations. Although many traditional approaches use a tiered methodology, which of the following utilizes a macro-level approach to data center design?

A.

IDCA

B.

BICSI

C.

Uptime Institute

D.

NFPA

Full Access
Question # 59

Which cloud storage type is typically used to house virtual machine images that are used throughout the environment?

A.

Structured

B.

Unstructured

C.

Volume

D.

Object

Full Access
Question # 60

Which of the following threat types can occur when baselines are not appropriately applied or when unauthorized changes are made?

A.

Security misconfiguration

B.

Insecure direct object references

C.

Unvalidated redirects and forwards

D.

Sensitive data exposure

Full Access
Question # 61

Where is a DLP solution generally installed when utilized for monitoring data in transit?

A.

Network perimeter

B.

Database server

C.

Application server

D.

Web server

Full Access
Question # 62

Which cloud storage type resembles a virtual hard drive and can be utilized in the same manner and with the same type of features and capabilities?

A.

Volume

B.

Unstructured

C.

Structured

D.

Object

Full Access
Question # 63

Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user’s valid credentials?

A.

Injection

B.

Missing function-level access control

C.

Cross-site scripting

D.

Cross-site request forgery

Full Access
Question # 64

Which of the following roles would be responsible for managing memberships in federations and the use and integration of federated services?

A.

Inter-cloud provider

B.

Cloud service business manager

C.

Cloud service administrator

D.

Cloud service integrator

Full Access
Question # 65

Which phase of the cloud data lifecycle would be the MOST appropriate for the use of DLP technologies to protect the data?

A.

Use

B.

Store

C.

Share

D.

Create

Full Access
Question # 66

Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?

A.

Memory

B.

Number of users

C.

Storage

D.

CPU

Full Access
Question # 67

Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?

A.

Injection

B.

Missing function-level access control

C.

Cross-site scripting

D.

Cross-site request forgery

Full Access
Question # 68

Although the REST API supports a wide variety of data formats for communications and exchange, which data formats are the most commonly used?

A.

SAML and HTML

B.

XML and SAML

C.

XML and JSON

D.

JSON and SAML

Full Access
Question # 69

With IaaS, what is responsible for handling the security and control over the volume storage space?

A.

Management plane

B.

Operating system

C.

Application

D.

Hypervisor

Full Access
Question # 70

What is a serious complication an organization faces from the compliance perspective with international operations?

A.

Multiple jurisdictions

B.

Different certifications

C.

Different operational procedures

D.

Different capabilities

Full Access
Question # 71

Which data state would be most likely to use TLS as a protection mechanism?

A.

Data in use

B.

Data at rest

C.

Archived

D.

Data in transit

Full Access
Question # 72

Which of the following statements best describes a Type 1 hypervisor?

A.

The hypervisor software runs within an operating system tied to the hardware.

B.

The hypervisor software runs as a client on a server and needs an external service to administer it.

C.

The hypervisor software runs on top of an application layer.

D.

The hypervisor software runs directly on “bare metal” without an intermediary.

Full Access
Question # 73

Data center and operations design traditionally takes a tiered, topological approach.

Which of the following standards is focused on that approach and is prevalently used throughout the industry?

A.

IDCA

B.

NFPA

C.

BICSI

D.

Uptime Institute

Full Access
Question # 74

If a company needed to guarantee through contract and SLAs that a cloud provider would always have available sufficient resources to start their services and provide a certain level of provisioning, what would the contract need to refer to?

A.

Limit

B.

Reservation

C.

Assurance

D.

Guarantee

Full Access
Question # 75

During which phase of the cloud data lifecycle is it possible for the classification of data to change?

A.

Use

B.

Archive

C.

Create

D.

Share

Full Access
Question # 76

Which of the following is NOT one of the main intended goals of a DLP solution?

A.

Showing due diligence

B.

Preventing malicious insiders

C.

Regulatory compliance

D.

Managing and minimizing risk

Full Access