Professional Documents
Culture Documents
http://www.pdf4test.com
Free valid test questions and dumps pdf for certification test prep
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
Exam : CCSP
Vendor : ISC
Version : DEMO
1
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
NO.1 Who should be the only entity allowed to declare that an organization can return to normal
following contingency or BCDR operations?
A. Senior management
B. Law enforcement
C. The incident manager
D. Regulators
Answer: A
NO.2 Which type of testing tends to produce the best and most comprehensive results for
discovering system vulnerabilities?
A. Static
B. Dynamic
C. Pen
D. Vulnerability
Answer: A
NO.5 The Open Web Application Security Project (OWASP) Top Ten is a list of web application
security threats that is composed by a member-driven OWASP committee of application
development experts and published approximately every 24 months.
The 2013 OWASP Top Ten list includes "cross- site scripting (XSS)."
Which of the following is not a method for reducing the risk of XSS attacks?
A. HTML escape JSON values in an HTML context and read the data with JSON.parse.
B. Sanitize HTML markup with a library designed for the purpose.
C. Use an auto-escaping template system.
2
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
NO.8 Which entity requires all collection and storing of data on their citizens to be done on
hardware that resides within their borders?
A. Germany
B. Russia
C. United States
D. France
Answer: B
Explanation:
Signed into law and effective starting on September 1, 2015, Russian Law 526-FZ establishes that any
collecting, storing, or processing of personal information or data on Russian citizens must be done
from systems and databases that are physically located with the Russian Federation.
NO.9 Which data state would be most likely to use TLS as a protection mechanism?
A. Data in transit
B. Data in use
C. Data at rest
D. Archived
Answer: A
Explanation:
TLS would be used with data in transit, when packets are exchanged between clients or services and
sent across a network. During the data-in-use state, the data is already protected via a technology
such as TLS as it is exchanged over the network and then relies on other technologies such as digital
signatures for protection while being used. The data-at-rest state primarily uses encryption for stored
3
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
file objects.
Archived data would be the same as data at rest.
NO.10 Which of the following is the dominant driver behind the regulations to which a system or
application must adhere?
A. Contract
B. Locality
C. SLA
D. Data source
Answer: B
Explanation:
The locality--or physical location and jurisdiction where the system or data resides--is the dominant
driver of regulations. This may be based on the type of data contained within the application or the
way in which the data is used. The contract and SLA both articulate requirements for regulatory
compliance and the responsibilities for the cloud provider and cloud customer, but neither artifact
defines the actual requirements. Instead, the contract and SLA merely form the official
documentation between the cloud provider and cloud customer. The source of the data may place
contractual requirements or best practice guidelines on its usage, but ultimately jurisdiction has legal
force and greater authority.
NO.11 Alice is the CEO for a software company; she is considering migrating the operation from the
current on-premises legacy environment into the cloud.
In order to protect her company's intellectual property, Alice might want to consider implementing
all these techniques/solutions except __________________.
Response:
A. Egress monitoring
B. Digital watermarking
C. Encryption
D. Turnstiles
Answer: D
NO.12 Which value refers to the percentage of production level restoration needed to meet BCDR
objectives?
A. RTO
B. SRE
C. RSL
D. RPO
Answer: C
Explanation:
The recovery service level (RSL) is a percentage measure of the total typical production service level
that needs to be restored to meet BCDR objectives in the case of a failure.
NO.13 A localized incident or disaster can be addressed in a cost-effective manner by using which of
the following?
4
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
NO.14 You are the security manager for a small surgical center. Your organization is reviewing
upgrade options for its current, on-premises data center. In order to best meet your needs, which
one of the following options would you recommend to senior management?
Response:
A. Staying with the current data center
B. Building a completely new data center
C. Leasing a data center that is currently owned by another firm
D. Renting private cloud space in a Tier 2 data center
Answer: B
NO.15 Which one of the following threat types to applications and services involves the sending of
requests that are invalid and manipulated through a user's client to execute commands on the
application under the user's own credentials?
A. Injection
B. Cross-site request forgery
C. Missing function-level access control
D. Cross-site scripting
Answer: B
Explanation:
A cross-site request forgery (CSRF) attack forces a client that a user has used to authenticate to an
application to send forged requests under the user's own credentials to execute commands and
requests that the application thinks are coming from a trusted client and user. Although this type of
attack cannot be used to steal data directly because the attacker has no way of seeing the results of
the commands, it does open other ways to compromise an application. Missing function-level access
control exists where an application only checks for authorization during the initial login process and
does not further validate with each function call. Cross-site scripting occurs when an attacker is able
to send untrusted data to a user's browser without going through validation processes. An injection
attack is where a malicious actor sends commands or other arbitrary data through input and data
fields with the intent of having the application or system execute the code as part of its normal
processing and queries.
5
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
NO.17 When reviewing the BIA after a cloud migration, the organization should take into account
new factors related to data breach impacts. One of these new factors is:
A. Legal liability can't be transferred to the cloud provider.
B. Many states have data breach notification laws.
C. Breaches can cause the loss of proprietary data.
D. Breaches can cause the loss of intellectual property.
Answer: A
Explanation:
State notification laws and the loss of proprietary data/intellectual property pre-existed the cloud;
only the lack of ability to transfer liability is new.
NO.18 What type of software is often considered secured and validated via community knowledge?
A. Scripting
B. Proprietary
C. Object-oriented
D. Open source
Answer: D
NO.19 All of the following are techniques to enhance the portability of cloud data, in order to
minimize the potential of vendor lock-in except:
A. Avoid proprietary data formats
B. Ensure favorable contract terms to support portability
C. Ensure there are no physical limitations to moving
D. Use DRM and DLP solutions widely throughout the cloud operation
Answer: D
Explanation:
DRM and DLP are used for increased authentication/access control and egress monitoring,
respectively, and would actually decrease portability instead of enhancing it.
NO.20 Which of the following features is a main benefit of PaaS over IaaS?
A. Location independence
B. Auto-scaling
C. High-availability
D. Physical security requirements
Answer: B
Explanation:
With PaaS providing a fully configured and managed framework, auto-scaling can be implemented to
programmatically adjust resources based on the current demands of the environment.
6
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
NO.21 The BCDR plan/process should be written and documented in such a way that it can be used
by ____________.
Response:
A. Regulators
B. Users
C. Essential BCDR team members
D. Someone with the requisite skills
Answer: D
NO.22 Data centers have enormous power resources that are distributed and consumed throughout
the entire facility.
Which of the following standards pertains to the proper fire safety standards within that scope?
A. BICSI
B. Uptime Institute
C. IDCA
D. NFPA
Answer: D
Explanation:
The National Fire Protection Association (NFPA) publishes a broad range of fire safety and design
standards for many different types of facilities. Building Industry Consulting Services International
(BICSI) issues certifications for data center cabling. The Uptime Institute publishes the most widely
known and used standard for data center topologies and tiers. The International Data Center
Authority (IDCA) offers the Infinity Paradigm, which takes a macro-level approach to data center
design.
NO.25 Which of the following storage types is most closely associated with a database-type storage
implementation?
7
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
A. Object
B. Structured
C. Volume
D. Unstructured
Answer: B
Explanation:
Structured storage involves organized and categorized data, which most closely resembles and
operates like a database system would.
NO.27 It's important to maintain a current asset inventory list, including surveying your environment
on a regular basis, in order to ____________.
Response:
A. Ensure that any lost devices are automatically entered into the acquisition system for
repurchasing and replacement
B. Prevent unknown, unpatched assets from being used as back doors to the environment
C. Ensure that billing for all devices is handled by the appropriate departments
D. Maintain user morale by having their devices properly catalogued and annotated
Answer: B
NO.28 In which cloud service model is the customer required to maintain the OS?
A. Iaas
B. PaaS
C. CaaS
D. SaaS
Answer: A
Explanation:
In IaaS, the service is bare metal, and the customer has to install the OS and the software; the
customer then is responsible for maintaining that OS. In the other models, the provider installs and
maintains the OS.
NO.29 From a security perspective, what component of a cloud computing infrastructure represents
the biggest concern?
A. Management plane
B. Encryption
8
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
C. Object storage
D. Hypervisor
Answer: A
Explanation:
The management plane will have broad administrative access to all host systems throughout an
environment; as such, it represents the most pressing security concerns. A compromise of the
management plane can directly lead to compromises of any other systems within the environment.
Although hypervisors represent a significant security concern to an environment because their
compromise would expose any virtual systems hosted within them, the management plane is a
better choice in this case because it controls multiple hypervisors. Encryption and object storage both
represent lower-level security concerns.
NO.30 Which technique involves replacing values within a specific data field to protect sensitive
data?
A. Tokenization
B. Anonymization
C. Obfuscation
D. Masking
Answer: D
Explanation:
Masking involves replacing specific data within a data set with new values. For example, with credit
card fields, as most who have ever purchased anything online can attest, nearly the entire credit card
number is masked with a character such as an asterisk, with the last four digits left visible for
identification and confirmation.
NO.32 Which concept of cloud computing pertains to the ability to reuse components and services
of an application for other purposes?
A. Portability
B. Resource pooling
C. Elasticity
D. Interoperability
Answer: D
NO.33 With a cloud service category where the cloud customer is provided a full application
framework into which to deploy their code and services, which storage types are MOST likely to be
available to them?
A. Structured and unstructured
9
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html
Valid CCSP test answers & ISC CCSP exam pdf - CCSP actual test
IT Certification Guaranteed, The Easy Way!
NO.34 You work for a company that operates a production environment in the cloud. Another
company using the same cloud provider is under investigation by law enforcement for racketeering.
Your company should be concerned about this because of the cloud characteristic of ____________.
Response:
A. Elasticity
B. Automated self-service
C. Virtualization
D. Pooled resources
Answer: D
NO.35 Security best practices in a virtualized network environment would include which of the
following?
Response:
A. Hardening all outward-facing firewalls in order to make them resistant to attack
B. Using distinct ports and port groups for various VLANs on a virtual switch rather than running
them through the same port
C. Adding HIDS to all virtual guests
D. Running iSCSI traffic unencrypted in order to have it observed and monitored by NIDS
Answer: B
10
CCSP pdf vce, CCSP practice test, ISC CCSP test questions
https://www.pdf4test.com/CCSP-dump-torrent.html