Scribd
Upload
21 views35 pages

Question No: 1: Isc CCSP Exam

Uploaded by

CI CD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views35 pages

Question No: 1: Isc CCSP Exam

Uploaded by

CI CD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 35

ISC CCSP Exam

QUESTION NO: 1

Which of the following roles is responsible for creating cloud components and the testing and
validation of services?

A.
Cloud auditor

B.
Inter-cloud provider

C.
Cloud service broker

D.
Cloud service developer

QUESTION NO: 2

What is the best source for information about securing a physical asset's BIOS?

A.
Security policies

B.
Manual pages

C.
Vendor documentation

D.
Regulations

QUESTION NO: 3

Which of the following is not a component of contractual PII?

A.
Scope of processing

B.
Value of data

"Pass Any Exam. Any Time." - www.actualtests.com 2


ISC CCSP Exam
C.
Location of data

D.
Use of subcontractors

QUESTION NO: 4

Which of the following concepts refers to a cloud customer paying only for the resources and
offerings they use within a cloud environment, and only for the duration that they are consuming
them?

A.
Consumable service

B.
Measured service

C.
Billable service

D.
Metered service

QUESTION NO: 5

Which of the following roles involves testing, monitoring, and securing cloud services for an
organization?

A.
Cloud service integrator

B.
Cloud service business manager

C.
Cloud service user

D.
Cloud service administrator

"Pass Any Exam. Any Time." - www.actualtests.com 3


ISC CCSP Exam
QUESTION NO: 6
What is the only data format permitted with the SOAP API?

A.
HTML

B.
SAML

C.
XSML

D.
XML

QUESTION NO: 7

Which data formats are most commonly used with the REST API?

A.
JSON and SAML

B.
XML and SAML

C.
XML and JSON

D.
SAML and HTML

QUESTION NO: 8

Which of the following threat types involves an application that does not validate authorization for
portions of itself after the initial checks?

A.
Injection

B.
Missing function-level access control

C.
"Pass Any Exam. Any Time." - www.actualtests.com 4
ISC CCSP Exam
Cross-site request forgery

D.
Cross-site scripting

QUESTION NO: 9

Which of the following roles involves overseeing billing, purchasing, and requesting audit reports
for an organization within a cloud environment?

A.
Cloud service user

B.
Cloud service business manager

C.
Cloud service administrator

D.Cloud service integrator

QUESTION NO: 10

What is the biggest concern with hosting a key management system outside of the cloud
environment?

A.
Confidentiality

B.
Portability

C.
Availability

D.
Integrity

"Pass Any Exam. Any Time." - www.actualtests.com 5


ISC CCSP Exam

QUESTION NO: 11

Which of the following approaches would NOT be considered sufficient to meet the requirements
of secure data destruction within a cloud environment?
A.
Cryptographic erasure

B.
Zeroing

C.
Overwriting

D.
Deletion

QUESTION NO: 12

Which of the following cloud aspects complicates eDiscovery?

A.
Resource pooling

B.
On-demand self-service

C.
Multitenancy

D.
Measured service

"Pass Any Exam. Any Time." - www.actualtests.com 6


ISC CCSP Exam

QUESTION NO: 13

What does the management plane typically utilize to perform administrative functions on the
hypervisors that it has access to?

A.
Scripts

B.
RDP

C.
APIs

D.
XML

QUESTION NO: 14

What is a serious complication an organization faces from the perspective of compliance with
international operations?

A.
Different certifications

B.
Multiple jurisdictions

C.
Different capabilities

D.
Different operational procedures

"Pass Any Exam. Any Time." - www.actualtests.com 7


ISC CCSP Exam
QUESTION NO: 15

Which networking concept in a cloud environment allows for network segregation and isolation of
IP spaces?

A.
PLAN

B.
WAN

C.
LAN

D.
VLAN

QUESTION NO: 16

Which of the following standards primarily pertains to cabling designs and setups in a data center?
A.
IDCA

B.
BICSI

C.
NFPA

D.
Uptime Institute

QUESTION NO: 17
Which of the following publishes the most commonly used standard for data center design in
regard to tiers and topologies?

A.
IDCA

B.
Uptime Institute

C.
NFPA

D.
BICSI

"Pass Any Exam. Any Time." - www.actualtests.com 8


ISC CCSP Exam

QUESTION NO: 18

What type of segregation and separation of resources is needed within a cloud environment for
multitenancy purposes versus a traditional data center model?

A.
Virtual

B.
Security

C.
Physical

D.
Logical

QUESTION NO: 19

Which United States law is focused on data related to health records and privacy?

A.
Safe Harbor

B.
SOX

C.
GLBA
D.
HIPAA

QUESTION NO: 20
What is used for local, physical access to hardware within a data center?

A.
SSH

B.
KVM

C.
VPN

D.
RDP

"Pass Any Exam. Any Time." - www.actualtests.com 9


ISC CCSP Exam

QUESTION NO: 21

Within an Infrastructure as a Service model, which of the following would NOT be a measured
service?
A.
CPU

B.
Storage

C.
Number of users

D.
Memory
QUESTION NO: 22

Which of the following is NOT a criterion for data within the scope of eDiscovery?

A.
Possession

B.
Custody

C.
Control

D.
Archive

QUESTION NO: 23
Which United States law is focused on accounting and financial practices of organizations?

A.
Safe Harbor

B.
GLBA

C.
SOX

D.
HIPAA

QUESTION NO: 24
"Pass Any Exam. Any Time." - www.actualtests.com 10
ISC CCSP Exam
What type of masking strategy involves making a separate and distinct copy of data with masking
in place?

A.
Dynamic

B.
Replication

C.
Static
D.
Duplication

QUESTION NO: 25

Which of the following storage types is most closely associated with a database-type storage
implementation?

A.
Object

B.
Unstructured

C.
Volume

D.
Structured

QUESTION NO: 26
Which of the following roles is responsible for overseeing customer relationships and the
processing of financial transactions?

A.
Cloud service manager

B.
Cloud service deployment

C.
Cloud service business manager

D.
Cloud service operations manager

"Pass Any Exam. Any Time." - www.actualtests.com 11


ISC CCSP Exam
QUESTION NO: 27
Which protocol does the REST API depend on?

A.
HTTP

B.
XML

C.
SAML

D.
SSH

QUESTION NO: 28
Which United States program was designed to enable organizations to bridge the gap between
privacy laws and requirements of the United States and the European Union?

A.
GLBA

B.
HIPAA

C.
Safe Harbor

D.
SOX

QUESTION NO: 29
What is the biggest benefit to leasing space in a data center versus building or maintain your own?

A.
Certification

B.
Costs
C.
Regulation

D.
Control

"Pass Any Exam. Any Time." - www.actualtests.com 12


ISC CCSP Exam

QUESTION NO: 30

Which of the following security measures done at the network layer in a traditional data center are
also applicable to a cloud environment?

A.
Dedicated switches

B.
Trust zones

C.
Redundant network circuits

D.
Direct connections

QUESTION NO: 31
Which aspect of cloud computing will be most negatively impacted by vendor lock-in?

A.
Elasticity

B.
Reversibility

C.
Interoperability

D.
Portability

QUESTION NO: 32
Which of the following APIs are most commonly used within a cloud environment?

A.
REST and SAML

B.
SOAP and REST

C.
REST and XML

D.
XML and SAML
"Pass Any Exam. Any Time." - www.actualtests.com 13
ISC CCSP Exam

QUESTION NO: 33
Which of the following attempts to establish an international standard for eDiscovery processes
and best practices?

A.
ISO/IEC 31000

B.
ISO/IEC 27050

C.
ISO/IEC 19888

D.
ISO/IEC 27001

QUESTION NO: 34
Which of the following roles is responsible for obtaining new customers and securing contracts
and agreements?

A.
Inter-cloud provider

B.
Cloud service broker

C.
Cloud auditor

D.
Cloud service developer

QUESTION NO: 35

Which term relates to the application of scientific methods and practices to evidence?

A.
Forensics

B.
Methodical

C.
Theoretical

D.
Measured
"Pass Any Exam. Any Time." - www.actualtests.com 14
ISC CCSP Exam

QUESTION NO: 36
Which of the following roles involves the provisioning and delivery of cloud services?

A.
Cloud service deployment manager

B.
Cloud service business manager

C.
Cloud service manager

D.
Cloud service operations manager

QUESTION NO: 37

What is the primary reason that makes resolving jurisdictional conflicts complicated?

A.
Different technology standards

B.
Costs

C.
Language barriers

D.
Lack of international authority

QUESTION NO: 38
GAAPs are created and maintained by which organization?

A.
ISO/IEC

B.
AICPA

C.
PCI Council

D.
ISO

QUESTION NO: 39
"Pass Any Exam. Any Time." - www.actualtests.com 15
ISC CCSP Exam

Which of the following roles is responsible for preparing systems for the cloud, administering and
monitoring services, and managing inventory and assets?

A.
Cloud service business manager

B.
Cloud service deployment manager

C.
Cloud service operations manager
D.
Cloud service manager

QUESTION NO: 40
Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP
network traffic instead?

A.
SATA

B.
iSCSI

C.
TLS

D.
SCSI
QUESTION NO: 41
Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, and
OneDrive?

A.
Hybrid

B.
Public

C.
Private

D.
Community

QUESTION NO: 42

"Pass Any Exam. Any Time." - www.actualtests.com 16


ISC CCSP Exam

Why does a Type 2 hypervisor typically offer less security control than a Type 1 hypervisor?

A.
A Type 2 hypervisor runs on top of another operating system and is dependent on the security of
the OS for its own security.

B.
A Type 2 hypervisor allows users to directly perform some functions with their own access.

C.
A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities
with that access.

D.
A Type 2 hypervisor is always exposed to the public Internet for federated identity access.

QUESTION NO: 43

Which is the appropriate phase of the cloud data lifecycle for determining the data's classification?

A.
Create

B.
Use

C.
Share

D.
Store

QUESTION NO: 44

Which of the following is the optimal temperature for a data center, per the guidelines established
by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?

A.
69.8-86.0degF (21-30degC)
B.
64.4-80.6degF(18-27degC)

C.
51.8-66.2degF(11-19degC)

D.
44.6-60-8degF(7-16degC)

"Pass Any Exam. Any Time." - www.actualtests.com 17


ISC CCSP Exam

QUESTION NO: 45

Which of the following is not a risk management framework?

A.
COBIT

B.
Hex GBL

C.
ISO 31000:2009

D.
NIST SP 800-37

QUESTION NO: 46
Which of the following threat types involves the sending of untrusted data to a user's browser to be
executed with their own credentials and access?

A.
Missing function level access control

B.
Cross-site scripting

C.
Cross-site request forgery

D.
Injection

QUESTION NO: 47

How is an object stored within an object storage system?

A.
Key value

B.
Database

C.
LDAP

D.
Tree structure
"Pass Any Exam. Any Time." - www.actualtests.com 18
ISC CCSP Exam

QUESTION NO: 48
Which of the following is NOT a regulatory system from the United States federal government?

A.
PCI DSS

B.
FISMA

C.
SOX

D.
HIPAA

QUESTION NO: 49

Which jurisdiction lacks specific and comprehensive privacy laws at a national or top level of legal
authority?

A.
European Union

B.
Germany

C.
Russia

D.
United States

QUESTION NO: 50
Which United States law is focused on PII as it relates to the financial industry?

A.
HIPAA

B.
SOX

C.
Safe Harbor

D.
GLBA
"Pass Any Exam. Any Time." - www.actualtests.com 19
ISC CCSP Exam

QUESTION NO: 51
Which of the following threat types can occur when encryption is not properly applied or insecure transport
mechanisms are used?

A.
Security misconfiguration

B.
Insecure direct object references

C.
Sensitive data exposure

D.
Unvalidated redirects and forwards

QUESTION NO: 52
What is the best approach for dealing with services or utilities that are installed on a system but
not needed to perform their desired function?

A.
Remove

B.
Monitor

C.
Disable

D.
Stop

QUESTION NO: 53
Which of the following actions will NOT make data part of the "create" phase of the cloud data
lifecycle?

A.
Modifying metadata

B.
Importing data

C.
Modifying data

D.
Constructing new data

"Pass Any Exam. Any Time." - www.actualtests.com 20


ISC CCSP Exam
QUESTION NO: 54
What are the two protocols that TLS uses?

A.
Handshake and record

B.
Transport and initiate

C.
Handshake and transport

D.
Record and transmit

QUESTION NO: 55

Which type of cloud model typically presents the most challenges to a cloud customer during the
"destroy" phase of the cloud data lifecycle?

A.
IaaS

B.
DaaS

C.
SaaS

D.
PaaS

QUESTION NO: 56

Which of the following may unilaterally deem a cloud hosting model inappropriate for a system or
application?

A.
Multitenancy

B.
Certification

C.
Regulation

D.
Virtualization

"Pass Any Exam. Any Time." - www.actualtests.com 21


ISC CCSP Exam

QUESTION NO: 57

Which of the following is considered an internal redundancy for a data center?

A.
Power distribution units
B.
Network circuits

C.
Power substations

D.
Generators

QUESTION NO: 58

Which of the following represents a control on the maximum amount of resources that a single
customer, virtual machine, or application can consume within a cloud environment?

A.
Share

B.
Reservation

C.
Provision

D.
Limit

QUESTION NO: 59
Which of the following roles is responsible for peering with other cloud services and providers?

A.
Cloud auditor

B.
Inter-cloud provider

C.
Cloud service broker

D.
Cloud service developer
"Pass Any Exam. Any Time." - www.actualtests.com 22
ISC CCSP Exam

QUESTION NO: 60

Which of the following does NOT relate to the hiding of sensitive data from data sets?

A.
Obfuscation

B.
Federation

C.
Masking

D.
Anonymization

QUESTION NO: 61
Which of the following are the storage types associated with IaaS?

A.
Volume and object

B.
Volume and label

C.
Volume and container

D.
Object and target

QUESTION NO: 62
Which technology can be useful during the "share" phase of the cloud data lifecycle to continue to
protect data as it leaves the original system and security controls?

A.
IPS

B.
WAF

C.
DLP

D.
IDS

"Pass Any Exam. Any Time." - www.actualtests.com 23


ISC CCSP Exam
QUESTION NO: 63
Which of the following storage types is most closely associated with a traditional file system and
tree structure?

A.
Volume

B.
Unstructured

C.
Object

D.
Structured

QUESTION NO: 64
Which of the following represents a prioritization of applications or cloud customers for the
allocation of additional requested resources when there is a limitation on available resources?

A.
Provision
B.
Limit

C.
Reservation

D.
Share

QUESTION NO: 65
Which type of audit report does many cloud providers use to instill confidence in their policies,
practices, and procedures to current and potential customers?

A.
SAS-70

B.
SOC 2

C.
SOC 1

D.
SOX

"Pass Any Exam. Any Time." - www.actualtests.com 24


ISC CCSP Exam
QUESTION NO: 66

Which of the following statements accurately describes VLANs?

A.
They are not restricted to the same data center or the same racks.

B.
They are not restricted to the name rack but restricted to the same data center.

C.
They are restricted to the same racks and data centers.

D.
They are not restricted to the same rack but restricted to same switches.

QUESTION NO: 67
What must be secured on physical hardware to prevent unauthorized access to systems?

A.
BIOS

B.
SSH

C.
RDP

D.
ALOM

QUESTION NO: 68

What type of PII is regulated based on the type of application or per the conditions of the specific
hosting agreement?

A.
Specific

B.
Contractual

C.
regulated

D.
Jurisdictional

"Pass Any Exam. Any Time." - www.actualtests.com 25


ISC CCSP Exam
QUESTION NO: 69
Which of the following security technologies is commonly used to give administrators access into
trust zones within an environment?

A.
VPN

B.
WAF

C.
IPSec

D.
HTTPS

QUESTION NO: 70
Which concept BEST describes the capability for a cloud environment to automatically scale a
system or application, based on its current resource demands?

A.
On-demand self-service

B.
Resource pooling

C.
Measured service

D.
Rapid elasticity

QUESTION NO: 71
If you're using iSCSI in a cloud environment, what must come from an external protocol or
application?

A.
Kerberos support

B.
CHAP support

C.
Authentication

D.
Encryption

"Pass Any Exam. Any Time." - www.actualtests.com 26


ISC CCSP Exam
QUESTION NO: 72
Which of the following pertains to a macro level approach to data center design rather than the
traditional tiered approach to data centers?

A.
IDCA

B.
NFPA

C.
BICSI

D.
Uptime Institute

QUESTION NO: 73
What does the REST API support that SOAP does NOT support?

A.
Caching

B.
Encryption

C.
Acceleration

D.
Redundancy

QUESTION NO: 74
Why does a Type 1 hypervisor typically offer tighter security controls than a Type 2 hypervisor?

A.
A Type 1 hypervisor also controls patching of its hosted virtual machines ensure they are always
secure.

B.
A Type 1 hypervisor is tied directly to the bare metal and only runs with code necessary to perform
its specific mission.

C.
A Type 1 hypervisor performs hardware-level encryption for tighter security and efficiency.

D.
A Type 1 hypervisor only hosts virtual machines with the same operating systems as the
hypervisor.

"Pass Any Exam. Any Time." - www.actualtests.com 27


ISC CCSP Exam
QUESTION NO: 75

Which of the following are the storage types associated with PaaS?

A.
Structured and freeform

B.
Volume and object

C.
Structured and unstructured

D.
Database and file system

QUESTION NO: 76

Which of the following threat types can occur when baselines are not appropriately applied or
unauthorized changes are made?

A.
Insecure direct object references

B.
Unvalidated redirects and forwards

C.
Security misconfiguration

D.
Sensitive data exposure

QUESTION NO: 77
What is the data encapsulation used with the SOAP protocol referred to?

A.
Packet

B.
Envelope

C.
Payload

D.
Object

"Pass Any Exam. Any Time." - www.actualtests.com 28


ISC CCSP Exam

QUESTION NO: 78
Which of the following threat types can occur when an application does not properly validate input
and can be leveraged to send users to malicious sites that appear to be legitimate?

A.
Unvalidated redirects and forwards

B.
Insecure direct object references

C.
Security misconfiguration

D.
Sensitive data exposure

QUESTION NO: 79
Which publication from the United States National Institute of Standards and Technology pertains
to defining cloud concepts and definitions for the various core components of cloud computing?

A.
SP 800-153

B.
SP 800-145

C.
SP 800-53

D.
SP 800-40

QUESTION NO: 80
What is the biggest negative to leasing space in a data center versus building or maintain your
own?

A.
Costs

B.
Control

C.
Certification
D.
Regulation

"Pass Any Exam. Any Time." - www.actualtests.com 29


ISC CCSP Exam
QUESTION NO: 81

Which aspect of archiving must be tested regularly for the duration of retention requirements?

A.
Availability

B.
Recoverability

C.
Auditability

D.
Portability

QUESTION NO: 82
Which of the following represents a minimum guaranteed resource within a cloud environment for
the cloud customer?

A.
Reservation

B.
Share

C.
Limit

D.
Provision

QUESTION NO: 83
When is a virtual machine susceptible to attacks while a physical server in the same state would
not be?

A.
When it is behind a WAF

B.
When it is behind an IPS

C.
When it is not patched

D.
When it is powered off

"Pass Any Exam. Any Time." - www.actualtests.com 30


ISC CCSP Exam
QUESTION NO: 84
Which of the following threat types involves an application developer leaving references to internal
information and configurations in code that is exposed to the client?

A.
Sensitive data exposure

B.
Security misconfiguration

C.
Insecure direct object references

D.
Unvalidated redirect and forwards

QUESTION NO: 85
Which of the following is the biggest concern or challenge with using encryption?

A.
Dependence on keys

B.
Cipher strength

C.
Efficiency

D.
Protocol standards

QUESTION NO: 86

Which of the following would NOT be considered part of resource pooling with an Infrastructure as
a Service implementation?

A.
Storage

B.
Application

C.
Mamory

D.
CPU

"Pass Any Exam. Any Time." - www.actualtests.com 31


ISC CCSP Exam

QUESTION NO: 87

Which technology is NOT commonly used for security with data in transit?

A.
DNSSEC

B.
IPsec

C.
VPN

D.
HTTPS

QUESTION NO: 88
Which of the following roles is responsible for gathering metrics on cloud services and managing
cloud deployments and the deployment processes?

A.
Cloud service business manager

B.
Cloud service operations manager

C.
Cloud service manager

D.
Cloud service deployment manager

QUESTION NO: 89

Which of the following is considered an external redundancy for a data center?

A.
Power feeds to rack

B.
Generators

C.
Power distribution units

D.
Storage systems

"Pass Any Exam. Any Time." - www.actualtests.com 32


ISC CCSP Exam

QUESTION NO: 90
Which of the following is the optimal humidity level for a data center, per the guidelines established
by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?

A.
30-50 percent relative humidity
B.
50-75 percent relative humidity

C.
20-40 percent relative humidity

D.
40-60 percent relative humidity

QUESTION NO: 91
What is the first stage of the cloud data lifecycle where security controls can be implemented?

A.
Use

B.
Store

C.
Share

D.
Create

QUESTION NO: 92

What controls the formatting and security settings of a volume storage system within a cloud
environment?

A.
Management plane

B.
SAN host controller

C.
Hypervisor

D.

"Pass Any Exam. Any Time." - www.actualtests.com 33


ISC CCSP Exam
Operating system of the host

QUESTION NO: 93

What does SDN stand for within a cloud environment?

A.
Software-dynamic networking

B.
Software-defined networking

C.
Software-dependent networking

D.
System-dynamic nodes

QUESTION NO: 94
From a legal perspective, what is the most important first step after an eDiscovery order has been
received by the cloud provider?

A.
Notification

B.
Key identification

C.
Data collection

D.
Virtual image snapshots

QUESTION NO: 95
Which of the following would make it more likely that a cloud provider would be unwilling to satisfy
specific certification requirements?

A.
Resource pooling

B.
Virtualization

C.
Multitenancy

D.
Regulation
"Pass Any Exam. Any Time." - www.actualtests.com 34
ISC CCSP Exam
QUESTION NO: 96
Which of the following pertains to fire safety standards within a data center, specifically with their
enormous electrical consumption?

A.
NFPA

B.
BICSI

C.
IDCA

D.
Uptime Institute

QUESTION NO: 97

Which of the following roles involves the connection and integration of existing systems and
services to a cloud environment?

A.
Cloud service business manager

B.
Cloud service user

C.
Cloud service administrator

D.
Cloud service integrator

QUESTION NO: 98
Which technique involves replacing values within a specific data field to protect sensitive data?

A.
Anonymization

B.
Masking

C.
Tokenization

D.
Obfuscation

"Pass Any Exam. Any Time." - www.actualtests.com 35


ISC CCSP Exam
QUESTION NO: 99
What expectation of data custodians is made much more challenging by a cloud implementation,
especially with PaaS or SaaS?

A.
Data classification

B.
Knowledge of systems

C.
Access to data

D.
Encryption requirements

QUESTION NO: 100


What type of PII is controlled based on laws and carries legal penalties for noncompliance with
requirements?

A.
Contractual

B.
Regulated

C.
Specific

D.
Jurisdictional

QUESTION NO: 101


Which if the following is NOT one of the three components of a federated identity system
transaction?

A.
Relying party

B.
Identity provider

C.
User

D.
Proxy relay

"Pass Any Exam. Any Time." - www.actualtests.com 36

You might also like