ISC2 CCSP Free Practice Questions

NEW QUESTION 1

Which of the following best describes a cloud carrier?

• A. A person or entity responsible for making a cloud service available to consumers
• B. The intermediary who provides connectivity and transport of cloud services between cloud providers and cloud consumers
• C. The person or entity responsible for keeping cloud services running for customers
• D. The person or entity responsible for transporting data across the Internet

Answer: B

NEW QUESTION 2

SOC 2 reports were intended to be ______.
Response:

• A. Released to the public
• B. Only technical assessments
• C. Retained for internal use
• D. Nonbinding

Answer: C

NEW QUESTION 3

A virtual network interface card (NIC) exists at layer ______ of the OSI model. Response:

• A. 2
• B. 4
• C. 6
• D. 8

Answer: A

NEW QUESTION 4

You are in charge of creating the BCDR plan and procedures for your organization. Your organization has its production environment hosted by a cloud provider, and you have appropriate protections in place.
Which of the following is a significant consideration for your BCDR backup? Response:

• A. Enough personnel at the BCDR recovery site to ensure proper operations
• B. Good cryptographic key management
• C. Access to the servers where the BCDR backup is stored
• D. Forensic analysis capabilities

Answer: B

NEW QUESTION 5

Which of the following is not included in the OWASP Top Ten web application security threats? Response:

• A. Injection
• B. Cross-site scripting
• C. Internal theft
• D. Sensitive data exposure

Answer: C

NEW QUESTION 6

Which Common Criteria Evaluation Assurance Level (EAL) is granted to those products that are formally verified in terms of design and tested by an independent third party?

• A. 1
• B. 3
• C. 5
• D. 7

Answer: D

NEW QUESTION 7

Which type of threat is often used in conjunction with phishing attempts and is often viewed as greatly increasing the likeliness of success?
Response:

• A. Unvalidated redirects and forwards
• B. Cross-site request forgery
• C. Cross-site scripting
• D. Insecure direct object references

Answer: A

NEW QUESTION 8

If bit-splitting is used to store data sets across multiple jurisdictions, how may this enhance security? Response:

• A. By making seizure of data by law enforcement more difficult
• B. By hiding it from attackers in a specific jurisdiction
• C. By ensuring that users can only accidentally disclose data to one geographic area
• D. By restricting privilege user access

Answer: A

NEW QUESTION 9

Virtual machine (VM) configuration management (CM) tools should probably include ______.
Response:

• A. Biometric recognition
• B. Anti-tampering mechanisms
• C. Log file generation
• D. Hackback capabilities

Answer: C

NEW QUESTION 10

Which of the following is NOT a core component of an SIEM solution? Response:

• A. Correlation
• B. Aggregation
• C. Compliance
• D. Escalation

Answer: D

NEW QUESTION 11

You work for a government research facility. Your organization often shares data with other government research organizations.
You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations.
Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources.
In order to pass the user IDs and authenticating credentials of each user among the organizations, what
protocol/language/motif will you most likely utilize? Response:

• A. Representational State Transfer (REST)
• B. Security Assertion Markup Language (SAML)
• C. Simple Object Access Protocol (SOAP)
• D. Hypertext Markup Language (HTML)

Answer: B

NEW QUESTION 12

Access should be based on ______.
Response:

• A. Regulatory mandates
• B. Business needs and acceptable risk
• C. User requirements and management requests
• D. Optimum performance and security provision

Answer: B

NEW QUESTION 13

Which of the following is not a feature of SAST? Response:

• A. Source code review
• B. Team-building efforts
• C. “White-box” testing
• D. Highly skilled, often expensive outside consultants

Answer: B

NEW QUESTION 14

You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
Which of these activities should you perform before deploying the tool? Response:

• A. Survey your company’s departments about the data under their control
• B. Reconstruct your firewalls
• C. Harden all your routers
• D. Adjust the hypervisors

Answer: A

NEW QUESTION 15

What principle must always been included with an SOC 2 report? Response:

• A. Confidentiality
• B. Security
• C. Privacy
• D. Processing integrity

Answer: B

NEW QUESTION 16

Which type of testing tends to produce the best and most comprehensive results for discovering system vulnerabilities?
Response:

• A. Static
• B. Dynamic
• C. Pen
• D. Vulnerability

Answer: A

NEW QUESTION 17
......