ISC2 CCSP Free Practice Questions

NEW QUESTION 1

A process for ______ can aid in protecting against data disclosure due to lost devices. Response:

• A. User punishment
• B. Credential revocation
• C. Law enforcement notification
• D. Device tracking

Answer: B

NEW QUESTION 2

The physical layout of a cloud data center campus should include redundancies of all the following except
______ .
Response:

• A. Generators
• B. HVAC units
• C. Generator fuel storage
• D. Points of personnel ingress

Answer: D

NEW QUESTION 3

Which of the following in a federated environment is responsible for consuming authentication tokens? Response:

• A. Relying party
• B. Identity provider
• C. Cloud services broker
• D. Authentication provider

Answer: A

NEW QUESTION 4

Which security certification serves as a general framework that can be applied to any type of system or application?
Response:

• A. ISO/IEC 27001
• B. PCI DSS
• C. FIPS 140-2
• D. NIST SP 800-53

Answer: A

NEW QUESTION 5

Heating, ventilation, and air conditioning (HVAC) systems cool the data center by pushing warm air into ______.
Response:

• A. The server inlets
• B. Underfloor plenums
• C. HVAC intakes
• D. The outside world

Answer: D

NEW QUESTION 6

Which of the following would NOT be used to determine the classification of data?
Response:

• A. Metadata
• B. PII
• C. Creator
• D. Future use

Answer: D

NEW QUESTION 7

You are the security manager for a small application development company. Your company is considering the use of the cloud for software testing purposes. Which cloud service model is most likely to suit your needs?
Response:

• A. IaaS
• B. PaaS
• C. SaaS
• D. LaaS

Answer: B

NEW QUESTION 8

Which of the following is characterized by a set maximum capacity? Response:

• A. A secret-sharing-made-short (SSMS) bit-splitting implementation
• B. A tightly coupled cloud storage cluster
• C. A loosely coupled cloud storage cluster
• D. A public-key infrastructure

Answer: B

NEW QUESTION 9

What type of identity system allows trust and verifications between the authentication systems of multiple organizations?
Response:

• A. Federated
• B. Collaborative
• C. Integrated
• D. Bidirectional

Answer: A

NEW QUESTION 10

Which type of report is considered for “general” use and does not contain any sensitive information? Response:

• A. SOC 1
• B. SAS-70
• C. SOC 3
• D. SOC 2

Answer: C

NEW QUESTION 11

Your organization is considering a move to a cloud environment and is looking for certifications or audit reports from cloud providers to ensure adequate security controls and processes.
Which of the following is NOT a security certification or audit report that would be pertinent? Response:

• A. FedRAMP
• B. PCI DSS
• C. FIPS 140-2
• D. SOC Type 2

Answer: C

NEW QUESTION 12

Your application has been a continued target for SQL injection attempts. Which of the following technologies would be best used to combat the likeliness of a successful SQL injection exploit from occurring?
Response:

• A. XML accelerator
• B. WAF
• C. Sandbox
• D. Firewall

Answer: B

NEW QUESTION 13

The ISO/IEC 27001:2013 security standard contains 14 different domains that cover virtually all areas of IT operations and procedures. Which of the following is NOT one of the domains listed in the standard?
Response:

• A. Legal
• B. Management
• C. Assets
• D. Supplier Relationships

Answer: A

NEW QUESTION 14

What are the phases of a software development lifecycle process model? Response:

• A. Planning and requirements analysis, define, design, develop, testing, and maintenance
• B. Define, planning and requirements analysis, design, develop, testing, and maintenance
• C. Planning and requirements analysis, define, design, testing, develop, and maintenance
• D. Planning and requirements analysis, design, define, develop, testing, and maintenance

Answer: A

NEW QUESTION 15

Vulnerability scans are dependent on ______ in order to function. Response:

• A. Privileged access
• B. Vulnerability signatures
• C. Malware libraries
• D. Forensic analysis

Answer: B

NEW QUESTION 16

When a customer performs a penetration test in the cloud, why isn’t the test an optimum simu-lation of attack conditions?
Response:

• A. Attackers don’t use remote access for cloud activity
• B. Advanced notice removes the element of surprise
• C. When cloud customers use malware, it’s not the same as when attackers use malware
• D. Regulator involvement changes the attack surface

Answer: B

NEW QUESTION 17

Which of the following is a risk that stems from a virtualized environment? Response:

• A. Live virtual machines in the production environment are moved from one host to another in the clear.
• B. Cloud data centers can become a single point of failure.
• C. It is difficult to find and contract with multiple utility providers of the same type (electric, water, etc.).
• D. Modern SLA demands are stringent and very hard to meet.

Answer: A

NEW QUESTION 18

Your company maintains an on-premises data center for daily production activities but wants to use a cloud service to augment this capability during times of increased demand (cloud bursting).
Which deployment model would probably best suit the company’s needs? Response:

• A. Public
• B. Private
• C. Community
• D. Hybrid

Answer: D

NEW QUESTION 19

Which cloud service category offers the most customization options and control to the cloud customer?
Response:

• A. PaaS
• B. IaaS
• C. SaaS
• D. DaaS

Answer: B

NEW QUESTION 20

______ is the most prevalent protocol used in identity federation.

• A. HTTP
• B. SAML
• C. FTP
• D. WS-Federation

Answer: B

NEW QUESTION 21

What are the four cloud deployment models? Response:

• A. Public, Internal, Hybrid, and Community
• B. External, Private, Hybrid, and Community
• C. Public, Private, Joint, and Community
• D. Public, Private, Hybrid, and Community

Answer: D

NEW QUESTION 22

Using one cloud provider for your operational environment and another for your BCDR backup will also give you the additional benefit of ______.
Response:

• A. Allowing any custom VM builds you use to be instantly ported to another environment
• B. Avoiding vendor lock-in/lockout
• C. Increased performance
• D. Lower cost

Answer: B

NEW QUESTION 23

Which of the following tools might be useful in data discovery efforts that are based on content analysis?

• A. DLP
• B. Digital Rights Management (DRM)
• C. iSCSI
• D. Fibre Channel over Ethernet (FCoE)

Answer: A

NEW QUESTION 24

What is the federal agency that accepts applications for new patents?

• A. USDA
• B. USPTO
• C. OSHA
• D. SEC

Answer: B

NEW QUESTION 25

Which kind of SSAE report comes with a seal of approval from a certified auditor? Response:

• A. SOC 1
• B. SOC 2
• C. SOC 3
• D. SOC 4

Answer: C

NEW QUESTION 26

The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “security misconfiguration.”
Which of these is a technique to reduce the potential for a security misconfiguration? Response:

• A. Get regulatory approval for major configuration modifications.
• B. Update the BCDR plan on a timely basis.
• C. Train all users on proper security procedures.
• D. Perform periodic scans and audits of the environment.

Answer: D

NEW QUESTION 27

Your organization is developing software for wide use by the public. You have decided to test it in a cloud environment, in a PaaS model. Which of the following should be of particular concern to your organization for this situation?
Response:

• A. Vendor lock-in
• B. Backdoors
• C. Regulatory compliance
• D. High-speed network connectivity

Answer: B

NEW QUESTION 28

Which of the following is the best example of a key component of regulated PII? Response:

• A. Items that should be implemented
• B. Mandatory breach reporting
• C. Audit rights of subcontractors
• D. PCI DSS

Answer: B

NEW QUESTION 29

The final phase of the cloud data lifecycle is the destroy phase, where data is ultimately deleted and done so in a secure manner to ensure it cannot be recovered or reconstructed. Which cloud service category poses the most challenges to data destruction or the cloud customer?

• A. Platform
• B. Software
• C. Infrastructure
• D. Desktop

Answer: B

NEW QUESTION 30
......