PDF4Test

http://www.pdf4test.com
Free valid test questions and dumps pdf for certification test prep
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

Exam : CCSP

Title : Certified Cloud Security

Professional

Vendor : ISC

Version : DEMO

1
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

NO.1 Who should be the only entity allowed to declare that an organization can return to normal
following contingency or BCDR operations?
A. Senior management
B. Law enforcement
C. The incident manager
D. Regulators
Answer: A

NO.2 Which type of testing tends to produce the best and most comprehensive results for
discovering system vulnerabilities?
A. Static
B. Dynamic
C. Pen
D. Vulnerability
Answer: A

NO.3 Data transformation in a cloud environment should be of great concern to organizations

considering cloud migration because __________ could affect data classification
processes/implementations.
A. Physical distance
B. Multitenancy
C. Remote access
D. Virtualization
Answer: D

NO.4 Which of the following is not a risk management framework?

A. NIST SP 800-37
B. COBIT
C. ISO 31000:2009
D. Hex GBL
Answer: D
Explanation:
Hex GBL is a reference to a computer part in Terry Pratchett's fictional Discworld universe. The rest
are not.

NO.5 The Open Web Application Security Project (OWASP) Top Ten is a list of web application
security threats that is composed by a member-driven OWASP committee of application
development experts and published approximately every 24 months.
The 2013 OWASP Top Ten list includes "cross- site scripting (XSS)."
Which of the following is not a method for reducing the risk of XSS attacks?
A. HTML escape JSON values in an HTML context and read the data with JSON.parse.
B. Sanitize HTML markup with a library designed for the purpose.
C. Use an auto-escaping template system.

2
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

D. XML escape all identity assertions.

Answer: D

NO.6 Which of the following is not one of the types of controls?

A. Transitional
B. Technical
C. Physical
D. Administrative
Answer: A

NO.7 Which of the following statements about Type 1 hypervisors is true?

A. The hardware vendor provides an open platform for software vendors.
B. The hardware vendor and software vendor are different.
C. The hardware vendor and software vendor are the same
D. The hardware vendor and software vendor should always be different for the sake of security.
Answer: C
Explanation:
With a Type 1 hypervisor, the management software and hardware are tightly tied together and
provided by the same vendor on a closed platform. This allows for optimal security, performance,
and support. The other answers are all incorrect descriptions of a Type 1 hypervisor.

NO.8 Which entity requires all collection and storing of data on their citizens to be done on
hardware that resides within their borders?
A. Germany
B. Russia
C. United States
D. France
Answer: B
Explanation:
Signed into law and effective starting on September 1, 2015, Russian Law 526-FZ establishes that any
collecting, storing, or processing of personal information or data on Russian citizens must be done
from systems and databases that are physically located with the Russian Federation.

NO.9 Which data state would be most likely to use TLS as a protection mechanism?
A. Data in transit
B. Data in use
C. Data at rest
D. Archived
Answer: A
Explanation:
TLS would be used with data in transit, when packets are exchanged between clients or services and
sent across a network. During the data-in-use state, the data is already protected via a technology
such as TLS as it is exchanged over the network and then relies on other technologies such as digital
signatures for protection while being used. The data-at-rest state primarily uses encryption for stored

3
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

file objects.
Archived data would be the same as data at rest.

NO.10 Which of the following is the dominant driver behind the regulations to which a system or
application must adhere?
A. Contract
B. Locality
C. SLA
D. Data source
Answer: B
Explanation:
The locality--or physical location and jurisdiction where the system or data resides--is the dominant
driver of regulations. This may be based on the type of data contained within the application or the
way in which the data is used. The contract and SLA both articulate requirements for regulatory
compliance and the responsibilities for the cloud provider and cloud customer, but neither artifact
defines the actual requirements. Instead, the contract and SLA merely form the official
documentation between the cloud provider and cloud customer. The source of the data may place
contractual requirements or best practice guidelines on its usage, but ultimately jurisdiction has legal
force and greater authority.

NO.11 Alice is the CEO for a software company; she is considering migrating the operation from the
current on-premises legacy environment into the cloud.
In order to protect her company's intellectual property, Alice might want to consider implementing
all these techniques/solutions except __________________.
Response:
A. Egress monitoring
B. Digital watermarking
C. Encryption
D. Turnstiles
Answer: D

NO.12 Which value refers to the percentage of production level restoration needed to meet BCDR
objectives?
A. RTO
B. SRE
C. RSL
D. RPO
Answer: C
Explanation:
The recovery service level (RSL) is a percentage measure of the total typical production service level
that needs to be restored to meet BCDR objectives in the case of a failure.

NO.13 A localized incident or disaster can be addressed in a cost-effective manner by using which of
the following?

4
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

A. Strict adherence to applicable regulations

B. UPS
C. Joint operating agreements
D. Generators
Answer: C
Explanation:
Joint operating agreements can provide nearby relocation sites so that a disruption limited to the
organization's own facility and campus can be addressed at a different facility and campus. UPS and
generators are not limited to serving needs for localized causes. Regulations do not promote cost
savings and are not often the immediate concern during BC/DR activities.

NO.14 You are the security manager for a small surgical center. Your organization is reviewing
upgrade options for its current, on-premises data center. In order to best meet your needs, which
one of the following options would you recommend to senior management?
Response:
A. Staying with the current data center
B. Building a completely new data center
C. Leasing a data center that is currently owned by another firm
D. Renting private cloud space in a Tier 2 data center
Answer: B

NO.15 Which one of the following threat types to applications and services involves the sending of
requests that are invalid and manipulated through a user's client to execute commands on the
application under the user's own credentials?
A. Injection
B. Cross-site request forgery
C. Missing function-level access control
D. Cross-site scripting
Answer: B
Explanation:
A cross-site request forgery (CSRF) attack forces a client that a user has used to authenticate to an
application to send forged requests under the user's own credentials to execute commands and
requests that the application thinks are coming from a trusted client and user. Although this type of
attack cannot be used to steal data directly because the attacker has no way of seeing the results of
the commands, it does open other ways to compromise an application. Missing function-level access
control exists where an application only checks for authorization during the initial login process and
does not further validate with each function call. Cross-site scripting occurs when an attacker is able
to send untrusted data to a user's browser without going through validation processes. An injection
attack is where a malicious actor sends commands or other arbitrary data through input and data
fields with the intent of having the application or system execute the code as part of its normal
processing and queries.

NO.16 What is a data custodian responsible for?

A. Customer access and alerts for all data

5
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

B. Data content, context, and associated business rules

C. The safe custody, transport, storage of the data, and implementation of business rules
D. Logging and alerts for all data
Answer: C

NO.17 When reviewing the BIA after a cloud migration, the organization should take into account
new factors related to data breach impacts. One of these new factors is:
A. Legal liability can't be transferred to the cloud provider.
B. Many states have data breach notification laws.
C. Breaches can cause the loss of proprietary data.
D. Breaches can cause the loss of intellectual property.
Answer: A
Explanation:
State notification laws and the loss of proprietary data/intellectual property pre-existed the cloud;
only the lack of ability to transfer liability is new.

NO.18 What type of software is often considered secured and validated via community knowledge?
A. Scripting
B. Proprietary
C. Object-oriented
D. Open source
Answer: D

NO.19 All of the following are techniques to enhance the portability of cloud data, in order to
minimize the potential of vendor lock-in except:
A. Avoid proprietary data formats
B. Ensure favorable contract terms to support portability
C. Ensure there are no physical limitations to moving
D. Use DRM and DLP solutions widely throughout the cloud operation
Answer: D
Explanation:
DRM and DLP are used for increased authentication/access control and egress monitoring,
respectively, and would actually decrease portability instead of enhancing it.

NO.20 Which of the following features is a main benefit of PaaS over IaaS?
A. Location independence
B. Auto-scaling
C. High-availability
D. Physical security requirements
Answer: B
Explanation:
With PaaS providing a fully configured and managed framework, auto-scaling can be implemented to
programmatically adjust resources based on the current demands of the environment.

6
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

NO.21 The BCDR plan/process should be written and documented in such a way that it can be used
by ____________.
Response:
A. Regulators
B. Users
C. Essential BCDR team members
D. Someone with the requisite skills
Answer: D

NO.22 Data centers have enormous power resources that are distributed and consumed throughout
the entire facility.
Which of the following standards pertains to the proper fire safety standards within that scope?
A. BICSI
B. Uptime Institute
C. IDCA
D. NFPA
Answer: D
Explanation:
The National Fire Protection Association (NFPA) publishes a broad range of fire safety and design
standards for many different types of facilities. Building Industry Consulting Services International
(BICSI) issues certifications for data center cabling. The Uptime Institute publishes the most widely
known and used standard for data center topologies and tiers. The International Data Center
Authority (IDCA) offers the Infinity Paradigm, which takes a macro-level approach to data center
design.

NO.23 How is an object stored within an object storage system?

A. Key value
B. LDAP
C. Database
D. Tree structure
Answer: A
Explanation:
Object storage uses a flat structure with key values to store and access objects.

NO.24 Typically, SSDs are ____________.

Response:
A. More expensive than spinning platters
B. Heavier than tape libraries
C. Larger than tape backup
D. More subject to malware than legacy drives
Answer: A

NO.25 Which of the following storage types is most closely associated with a database-type storage
implementation?

7
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

A. Object
B. Structured
C. Volume
D. Unstructured
Answer: B
Explanation:
Structured storage involves organized and categorized data, which most closely resembles and
operates like a database system would.

NO.26 In addition to battery backup, a UPS can offer which capability?

A. Communication redundancy
B. Confidentiality
C. Breach alert
D. Line conditioning
Answer: D
Explanation:
A UPS can provide line conditioning, adjusting power so that it is optimized for the devices it serves
and smoothing any power fluctuations; it does not offer any of the other listed functions.

NO.27 It's important to maintain a current asset inventory list, including surveying your environment
on a regular basis, in order to ____________.
Response:
A. Ensure that any lost devices are automatically entered into the acquisition system for
repurchasing and replacement
B. Prevent unknown, unpatched assets from being used as back doors to the environment
C. Ensure that billing for all devices is handled by the appropriate departments
D. Maintain user morale by having their devices properly catalogued and annotated
Answer: B

NO.28 In which cloud service model is the customer required to maintain the OS?
A. Iaas
B. PaaS
C. CaaS
D. SaaS
Answer: A
Explanation:
In IaaS, the service is bare metal, and the customer has to install the OS and the software; the
customer then is responsible for maintaining that OS. In the other models, the provider installs and
maintains the OS.

NO.29 From a security perspective, what component of a cloud computing infrastructure represents
the biggest concern?
A. Management plane
B. Encryption

8
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

C. Object storage
D. Hypervisor
Answer: A
Explanation:
The management plane will have broad administrative access to all host systems throughout an
environment; as such, it represents the most pressing security concerns. A compromise of the
management plane can directly lead to compromises of any other systems within the environment.
Although hypervisors represent a significant security concern to an environment because their
compromise would expose any virtual systems hosted within them, the management plane is a
better choice in this case because it controls multiple hypervisors. Encryption and object storage both
represent lower-level security concerns.

NO.30 Which technique involves replacing values within a specific data field to protect sensitive
data?
A. Tokenization
B. Anonymization
C. Obfuscation
D. Masking
Answer: D
Explanation:
Masking involves replacing specific data within a data set with new values. For example, with credit
card fields, as most who have ever purchased anything online can attest, nearly the entire credit card
number is masked with a character such as an asterisk, with the last four digits left visible for
identification and confirmation.

NO.31 SOX was enacted because of which of the following?

A. All of the above
B. Poor BOD oversight
C. Poor financial controls
D. Lack of independent audits
Answer: A

NO.32 Which concept of cloud computing pertains to the ability to reuse components and services
of an application for other purposes?
A. Portability
B. Resource pooling
C. Elasticity
D. Interoperability
Answer: D

NO.33 With a cloud service category where the cloud customer is provided a full application
framework into which to deploy their code and services, which storage types are MOST likely to be
available to them?
A. Structured and unstructured

9
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
 Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!

B. Volume and object

C. Structured and hierarchical
D. Volume and database
Answer: A
Explanation:
The question is describing the Platform as a Service (PaaS) cloud offering, and as such, structured and
unstructured storage types will be available to the customer. Volume and object are storage types
associated with IaaS, and although the other answers present similar-sounding storage types, they
are a mix of real and fake names.

NO.34 You work for a company that operates a production environment in the cloud. Another
company using the same cloud provider is under investigation by law enforcement for racketeering.
Your company should be concerned about this because of the cloud characteristic of ____________.
Response:
A. Elasticity
B. Automated self-service
C. Virtualization
D. Pooled resources
Answer: D

NO.35 Security best practices in a virtualized network environment would include which of the
following?
Response:
A. Hardening all outward-facing firewalls in order to make them resistant to attack
B. Using distinct ports and port groups for various VLANs on a virtual switch rather than running
them through the same port
C. Adding HIDS to all virtual guests
D. Running iSCSI traffic unencrypted in order to have it observed and monitored by NIDS
Answer: B

10
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html