Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

CCSP Certified Cloud Security Professional (CCSP) Questions and Answers

Questions 4

What does the REST API use to protect data transmissions?

Options:

A.

NetBIOS

B.

VPN

C.

Encapsulation

D.

TLS

Buy Now
Questions 5

What is an often overlooked concept that is essential to protecting the confidentiality of data?

Options:

A.

Strong password

B.

Training

C.

Security controls

D.

Policies

Buy Now
Questions 6

Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments?

Options:

A.

Platform

B.

Infrastructure

C.

Software

D.

Desktop

Buy Now
Questions 7

Which regulatory system pertains to the protection of healthcare data?

Options:

A.

HIPAA

B.

HAS

C.

HITECH

D.

HFCA

Buy Now
Questions 8

With software-defined networking, what aspect of networking is abstracted from the forwarding of traffic?

Options:

A.

Routing

B.

Session

C.

Filtering

D.

Firewalling

Buy Now
Questions 9

What does the "SOC" acronym refer to with audit reports?

Options:

A.

Service Origin Confidentiality

B.

System Organization Confidentiality

C.

Service Organizational Control

D.

System Organization Control

Buy Now
Questions 10

Which approach is typically the most efficient method to use for data discovery?

Options:

A.

Metadata

B.

Content analysis

C.

Labels

D.

ACLs

Buy Now
Questions 11

What is the concept of segregating information or processes, within the same system or application, for security reasons?

Options:

A.

fencing

B.

Sandboxing

C.

Cellblocking

D.

Pooling

Buy Now
Questions 12

Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?

Options:

A.

SRE

B.

RTO

C.

RPO

D.

RSL

Buy Now
Questions 13

Who would be responsible for implementing IPsec to secure communications for an application?

Options:

A.

Developers

B.

Systems staff

C.

Auditors

D.

Cloud customer

Buy Now
Questions 14

What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?

Options:

A.

Proxy

B.

Bastion

C.

Honeypot

D.

WAF

Buy Now
Questions 15

Which if the following is NOT one of the three components of a federated identity system transaction?

Options:

A.

Relying party

B.

Identity provider

C.

User

D.

Proxy relay

Buy Now
Questions 16

Which of the following is NOT a focus or consideration of an internal audit?

Options:

A.

Certification

B.

Design

C.

Costs

D.

Operational efficiency

Buy Now
Questions 17

Which of the following is a widely used tool for code development, branching, and collaboration?

Options:

A.

GitHub

B.

Maestro

C.

Orchestrator

D.

Conductor

Buy Now
Questions 18

Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?

Options:

A.

Data center security

B.

Human resources

C.

Mobile security

D.

Budgetary and cost controls

Buy Now
Questions 19

Gap analysis is performed for what reason?

Options:

A.

To begin the benchmarking process

B.

To assure proper accounting practices are being used

C.

To provide assurances to cloud customers

D.

To ensure all controls are in place and working properly

Buy Now
Questions 20

Which of the following is NOT a factor that is part of a firewall configuration?

Options:

A.

Encryption

B.

Port

C.

Protocol

D.

Source IP

Buy Now
Questions 21

All of the following are terms used to described the practice of obscuring original raw data so that only a portion is displayed for operational purposes, except:

Options:

A.

Tokenization

B.

Masking

C.

Data discovery

D.

Obfuscation

Buy Now
Questions 22

Which kind of SSAE audit report is most beneficial for a cloud customer, even though it’s unlikely the cloud provider will share it?

Options:

A.

SOC 3

B.

SOC 1 Type 2

C.

SOC 2 Type 2

D.

SOC 1 Type 1

Buy Now
Questions 23

Which security concept would business continuity and disaster recovery fall under?

Options:

A.

Confidentiality

B.

Availability

C.

Fault tolerance

D.

Integrity

Buy Now
Questions 24

An SLA contains the official requirements for contract performance and satisfaction between the cloud provider and cloud customer. Which of the following would NOT be a component with measurable metrics and requirements as part of an SLA?

Options:

A.

Network

B.

Users

C.

Memory

D.

CPU

Buy Now
Questions 25

With an API, various features and optimizations are highly desirable to scalability, reliability, and security.

What does the REST API support that the SOAP API does NOT support?

Options:

A.

Acceleration

B.

Caching

C.

Redundancy

D.

Encryption

Buy Now
Questions 26

Humidity levels for a data center are a prime concern for maintaining electrical and computing resources properly as well as ensuring that conditions are optimal for top performance.

Which of the following is the optimal humidity level, as established by ASHRAE?

Options:

A.

20 to 40 percent relative humidity

B.

50 to 75 percent relative humidity

C.

40 to 60 percent relative humidity

D.

30 to 50 percent relative humidity

Buy Now
Questions 27

Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user’s valid credentials?

Options:

A.

Injection

B.

Missing function-level access control

C.

Cross-site scripting

D.

Cross-site request forgery

Buy Now
Questions 28

Within a federated identity system, which entity accepts tokens from the identity provider?

Options:

A.

Assertion manager

B.

Servicing party

C.

Proxy party

D.

Relying party

Buy Now
Questions 29

Which of the following roles involves the provisioning and delivery of cloud services?

Options:

A.

Cloud service deployment manager

B.

Cloud service business manager

C.

Cloud service manager

D.

Cloud service operations manager

Buy Now
Questions 30

Which technology can be useful during the "share" phase of the cloud data lifecycle to continue to protect data as it leaves the original system and security controls?

Options:

A.

IPS

B.

WAF

C.

DLP

D.

IDS

Buy Now
Questions 31

What are the two protocols that TLS uses?

Options:

A.

Handshake and record

B.

Transport and initiate

C.

Handshake and transport

D.

Record and transmit

Buy Now
Questions 32

Which data formats are most commonly used with the REST API?

Options:

A.

JSON and SAML

B.

XML and SAML

C.

XML and JSON

D.

SAML and HTML

Buy Now
Questions 33

Which of the following roles is responsible for peering with other cloud services and providers?

Options:

A.

Cloud auditor

B.

Inter-cloud provider

C.

Cloud service broker

D.

Cloud service developer

Buy Now
Questions 34

Which of the following roles involves testing, monitoring, and securing cloud services for an organization?

Options:

A.

Cloud service integrator

B.

Cloud service business manager

C.

Cloud service user

D.

Cloud service administrator

Buy Now
Questions 35

Which term relates to the application of scientific methods and practices to evidence?

Options:

A.

Forensics

B.

Methodical

C.

Theoretical

D.

Measured

Buy Now
Questions 36

Which of the following actions will NOT make data part of the "create" phase of the cloud data lifecycle?

Options:

A.

Modifying metadata

B.

Importing data

C.

Modifying data

D.

Constructing new data

Buy Now
Questions 37

What must be secured on physical hardware to prevent unauthorized access to systems?

Options:

A.

BIOS

B.

SSH

C.

RDP

D.

ALOM

Buy Now
Questions 38

Which United States law is focused on accounting and financial practices of organizations?

Options:

A.

Safe Harbor

B.

GLBA

C.

SOX

D.

HIPAA

Buy Now
Questions 39

What is a serious complication an organization faces from the perspective of compliance with international operations?

Options:

A.

Different certifications

B.

Multiple jurisdictions

C.

Different capabilities

D.

Different operational procedures

Buy Now
Questions 40

Which aspect of cloud computing pertains to cloud customers only paying for the resources and services they actually use?

Options:

A.

Metered service

B.

Measured billing

C.

Metered billing

D.

Measured service

Buy Now
Questions 41

Which of the following is not a risk management framework?

Options:

A.

COBIT

B.

Hex GBL

C.

ISO 31000:2009

D.

NIST SP 800-37

Buy Now
Questions 42

You just hired an outside developer to modernize some applications with new web services and functionality. In order to implement a comprehensive test platform for validation, the developer needs a data set that resembles a production data set in both size and composition.

In order to accomplish this, what type of masking would you use?

Options:

A.

Development

B.

Replicated

C.

Static

D.

Dynamic

Buy Now
Questions 43

The president of your company has tasked you with implementing cloud services as the most efficient way of obtaining a robust disaster recovery configuration for your production services.

Which of the cloud deployment models would you MOST likely be exploring?

Options:

A.

Hybrid

B.

Private

C.

Community

D.

Public

Buy Now
Questions 44

A crucial decision any company must make is in regard to where it hosts the data systems it depends on. A debate exists as to whether it's best to lease space in a data center or build your own data center--and now with cloud computing, whether to purchase resources within a cloud.

What is the biggest advantage to leasing space in a data center versus procuring cloud services?

Options:

A.

Regulations

B.

Control

C.

Security

D.

Costs

Buy Now
Questions 45

Which data state would be most likely to use digital signatures as a security protection mechanism?

Options:

A.

Data in use

B.

Data in transit

C.

Archived

D.

Data at rest

Buy Now
Questions 46

Which of the following threat types involves an application that does not validate authorization for portions of itself beyond when the user first enters it?

Options:

A.

Cross-site request forgery

B.

Missing function-level access control

C.

Injection

D.

Cross-site scripting

Buy Now
Questions 47

Which of the following is NOT one of the main intended goals of a DLP solution?

Options:

A.

Showing due diligence

B.

Preventing malicious insiders

C.

Regulatory compliance

D.

Managing and minimizing risk

Buy Now
Questions 48

In order to ensure ongoing compliance with regulatory requirements, which phase of the cloud data lifecycle must be tested regularly?

Options:

A.

Archive

B.

Share

C.

Store

D.

Destroy

Buy Now
Questions 49

Your boss has tasked your team with getting your legacy systems and applications connected with new cloud-based services that management has decided are crucial to customer service and offerings.

Which role would you be assuming under this directive?

Options:

A.

Cloud service administrator

B.

Cloud service user

C.

Cloud service integrator

D.

Cloud service business manager

Buy Now
Questions 50

Many tools and technologies are available for securing or monitoring data in transit within a data center, whether it is a traditional data center or a cloud.

Which of the following is NOT a technology for securing data in transit?

Options:

A.

VPN

B.

TLS

C.

DNSSEC

D.

HTTPS

Buy Now
Questions 51

IRM solutions allow an organization to place different restrictions on data usage than would otherwise be possible through traditional security controls.

Which of the following controls would be possible with IRM that would not with traditional security controls?

Options:

A.

Copy

B.

Read

C.

Delete

D.

Print

Buy Now
Questions 52

Which type of testing uses the same strategies and toolsets that hackers would use?

Options:

A.

Static

B.

Malicious

C.

Penetration

D.

Dynamic

Buy Now
Questions 53

A localized incident or disaster can be addressed in a cost-effective manner by using which of the following?

Options:

A.

UPS

B.

Generators

C.

Joint operating agreements

D.

Strict adherence to applicable regulations

Buy Now
Questions 54

When using an IaaS solution, what is a key benefit provided to the customer?

Options:

A.

Metered and priced on the basis of units consumed

B.

Increased energy and cooling system efficiencies

C.

Transferred cost of ownership

D.

The ability to scale up infrastructure services based on projected usage

Buy Now
Questions 55

Because of multitenancy, specific risks in the public cloud that don’t exist in the other cloud service models include all the following except:

Options:

A.

DoS/DDoS

B.

Information bleed

C.

Risk of loss/disclosure due to legal seizures

D.

Escalation of privilege

Buy Now
Questions 56

Database activity monitoring (DAM) can be:

Options:

A.

Host-based or network-based

B.

Server-based or client-based

C.

Used in the place of encryption

D.

Used in place of data masking

Buy Now
Questions 57

Which of the following roles is responsible for overseeing customer relationships and the processing of financial transactions?

Options:

A.

Cloud service manager

B.

Cloud service deployment

C.

Cloud service business manager

D.

Cloud service operations manager

Buy Now
Questions 58

When is a virtual machine susceptible to attacks while a physical server in the same state would not be?

Options:

A.

When it is behind a WAF

B.

When it is behind an IPS

C.

When it is not patched

D.

When it is powered off

Buy Now
Questions 59

Which United States law is focused on PII as it relates to the financial industry?

Options:

A.

HIPAA

B.

SOX

C.

Safe Harbor

D.

GLBA

Buy Now
Questions 60

Which of the following approaches would NOT be considered sufficient to meet the requirements of secure data destruction within a cloud environment?

Options:

A.

Cryptographic erasure

B.

Zeroing

C.

Overwriting

D.

Deletion

Buy Now
Questions 61

Which of the following is considered an external redundancy for a data center?

Options:

A.

Power feeds to rack

B.

Generators

C.

Power distribution units

D.

Storage systems

Buy Now
Questions 62

Why does a Type 1 hypervisor typically offer tighter security controls than a Type 2 hypervisor?

Options:

A.

A Type 1 hypervisor also controls patching of its hosted virtual machines ensure they are always secure.

B.

A Type 1 hypervisor is tied directly to the bare metal and only runs with code necessary to perform its specific mission.

C.

A Type 1 hypervisor performs hardware-level encryption for tighter security and efficiency.

D.

A Type 1 hypervisor only hosts virtual machines with the same operating systems as the hypervisor.

Buy Now
Questions 63

Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?

Options:

A.

Sensitive data exposure

B.

Security misconfiguration

C.

Insecure direct object references

D.

Unvalidated redirect and forwards

Buy Now
Questions 64

What is the primary reason that makes resolving jurisdictional conflicts complicated?

Options:

A.

Different technology standards

B.

Costs

C.

Language barriers

D.

Lack of international authority

Buy Now
Questions 65

The goals of SIEM solution implementation include all of the following, except:

Options:

A.

Dashboarding

B.

Performance enhancement

C.

Trend analysis

D.

Centralization of log streams

Buy Now
Questions 66

As a result of scandals involving publicly traded corporations such as Enron, WorldCom, and Adelphi, Congress passed legislation known as:

Options:

A.

SOX

B.

HIPAA

C.

FERPA

D.

GLBA

Buy Now
Questions 67

An audit scope statement defines the limits and outcomes from an audit.

Which of the following would NOT be included as part of an audit scope statement?

Options:

A.

Reports

B.

Certification

C.

Billing

D.

Exclusions

Buy Now
Questions 68

Hardening the operating system refers to all of the following except:

Options:

A.

Limiting administrator access

B.

Closing unused ports

C.

Removing antimalware agents

D.

Removing unnecessary services and libraries

Buy Now
Questions 69

In attempting to provide a layered defense, the security practitioner should convince senior management to include security controls of which type?

Options:

A.

Physical

B.

All of the above

C.

technological

D.

Administrative

Buy Now
Questions 70

Cloud systems are increasingly used for BCDR solutions for organizations.

What aspect of cloud computing makes their use for BCDR the most attractive?

Options:

A.

On-demand self-service

B.

Measured service

C.

Portability

D.

Broad network access

Buy Now
Questions 71

In which cloud service model is the customer required to maintain the OS?

Options:

A.

Iaas

B.

CaaS

C.

PaaS

D.

SaaS

Buy Now
Questions 72

Which is the lowest level of the CSA STAR program?

Options:

A.

Attestation

B.

Self-assessment

C.

Hybridization

D.

Continuous monitoring

Buy Now
Questions 73

Which of the following are cloud computing roles?

Options:

A.

Cloud service broker and user

B.

Cloud customer and financial auditor

C.

CSP and backup service provider

D.

Cloud service auditor and object

Buy Now
Questions 74

If you are running an application that has strict legal requirements that the data cannot reside on systems that contain other applications or systems, which aspect of cloud computing would be prohibitive in this case?

Options:

A.

Multitenancy

B.

Broad network access

C.

Portability

D.

Elasticity

Buy Now
Questions 75

You are working for a cloud service provider and receive an eDiscovery order pertaining to one of your customers.

Which of the following would be the most appropriate action to take first?

Options:

A.

Take a shapshot of the virtual machines

B.

Escrow the encryption keys

C.

Copy the data

D.

Notify the customer

Buy Now
Questions 76

The management plane is used to administer a cloud environment and perform administrative tasks across a variety of systems, but most specifically it's used with the hypervisors.

What does the management plane typically leverage for this orchestration?

Options:

A.

APIs

B.

Scripts

C.

TLS

D.

XML

Buy Now
Exam Code: CCSP
Exam Name: Certified Cloud Security Professional (CCSP)
Last Update: Jul 19, 2024
Questions: 512

PDF + Testing Engine

$56  $159.99

Testing Engine

$42  $119.99
buy now CCSP testing engine

PDF (Q&A)

$35  $99.99
buy now CCSP pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 20 Jul 2024