ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?
What is one of the reasons a baseline might be changed?

Question 1

Report
Export
Collapse

Which of the following roles is responsible for creating cloud components and the testing and validation of services?

A.
Cloud auditor
A.
Cloud auditor
Answers
B.
Inter-cloud provider
B.
Inter-cloud provider
Answers
C.
Cloud service broker
C.
Cloud service broker
Answers
D.
Cloud service developer
D.
Cloud service developer
Answers
Suggested answer: D

Explanation:

The cloud service developer is responsible for developing and creating cloud components and services, as well as for testing and validating services.

Question 2

Report
Export
Collapse

What is the best source for information about securing a physical asset's BIOS?

A.
Security policies
A.
Security policies
Answers
B.
Manual pages
B.
Manual pages
Answers
C.
Vendor documentation
C.
Vendor documentation
Answers
D.
Regulations
D.
Regulations
Answers
Suggested answer: C

Explanation:

Vendor documentation from the manufacturer of the physical hardware is the best source of best practices for securing the BIOS.

Question 3

Report
Export
Collapse

Which of the following is not a component of contractual PII?

A.
Scope of processing
A.
Scope of processing
Answers
B.
Value of data
B.
Value of data
Answers
C.
Location of data
C.
Location of data
Answers
D.
Use of subcontractors
D.
Use of subcontractors
Answers
Suggested answer: C

Explanation:

The value of data itself has nothing to do with it being considered a part of contractual

Question 4

Report
Export
Collapse

Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment, and only for the duration that they are consuming them?

A.
Consumable service
A.
Consumable service
Answers
B.
Measured service
B.
Measured service
Answers
C.
Billable service
C.
Billable service
Answers
D.
Metered service
D.
Metered service
Answers
Suggested answer: B

Explanation:

Measured service is where cloud services are delivered and billed in a metered way, where the cloud customer only pays for those that they actually use, and for the duration of time that they use them.

Question 5

Report
Export
Collapse

Which of the following roles involves testing, monitoring, and securing cloud services for an organization?

A.
Cloud service integrator
A.
Cloud service integrator
Answers
B.
Cloud service business manager
B.
Cloud service business manager
Answers
C.
Cloud service user
C.
Cloud service user
Answers
D.
Cloud service administrator
D.
Cloud service administrator
Answers
Suggested answer: D

Explanation:

The cloud service administrator is responsible for testing cloud services, monitoring services, administering security for services, providing usage reports on cloud services, and addressing problem reports

Question 6

Report
Export
Collapse

What is the only data format permitted with the SOAP API?

A.
HTML
A.
HTML
Answers
B.
SAML
B.
SAML
Answers
C.
XSML
C.
XSML
Answers
D.
XML
D.
XML
Answers
Suggested answer: D

Explanation:

The SOAP protocol only supports the XML data format.

Question 7

Report
Export
Collapse

Which data formats are most commonly used with the REST API?

A.
JSON and SAML
A.
JSON and SAML
Answers
B.
XML and SAML
B.
XML and SAML
Answers
C.
XML and JSON
C.
XML and JSON
Answers
D.
SAML and HTML
D.
SAML and HTML
Answers
Suggested answer: C

Explanation:

JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the most commonly used data formats for the Representational State Transfer (REST) API, and are typically implemented with caching for increased scalability and performance.

Question 8

Report
Export
Collapse

Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?

A.
Injection
A.
Injection
Answers
B.
Missing function-level access control
B.
Missing function-level access control
Answers
C.
Cross-site request forgery
C.
Cross-site request forgery
Answers
D.
Cross-site scripting
D.
Cross-site scripting
Answers
Suggested answer: B

Explanation:

It is imperative that an application perform checks when each function or portion of the application is accessed, to ensure that the user is properly authorized to access it. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted.

Question 9

Report
Export
Collapse

Which of the following roles involves overseeing billing, purchasing, and requesting audit reports for an organization within a cloud environment?

A.
Cloud service user
A.
Cloud service user
Answers
B.
Cloud service business manager
B.
Cloud service business manager
Answers
C.
Cloud service administrator
C.
Cloud service administrator
Answers
D.
Cloud service integrator
D.
Cloud service integrator
Answers
Suggested answer: B

Explanation:

The cloud service business manager is responsible for overseeing business and billing administration, purchasing cloud services, and requesting audit reports when necessary

Question 10

Report
Export
Collapse

What is the biggest concern with hosting a key management system outside of the cloud environment?

A.
Confidentiality
A.
Confidentiality
Answers
B.
Portability
B.
Portability
Answers
C.
Availability
C.
Availability
Answers
D.
Integrity
D.
Integrity
Answers
Suggested answer: C

Explanation:

When a key management system is outside of the cloud environment hosting the application, availability is a primary concern because any access issues with the encryption keys will render the entire application unusable.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms