ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 11

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
What is the biggest benefit to leasing space in a data center versus building or maintain your own?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?

Question 101

Report
Export
Collapse

Which if the following is NOT one of the three components of a federated identity system transaction?

A.
Relying party
A.
Relying party
Answers
B.
Identity provider
B.
Identity provider
Answers
C.
User
C.
User
Answers
D.
Proxy relay
D.
Proxy relay
Answers
Suggested answer: D

Question 102

Report
Export
Collapse

Which value refers to the amount of time it takes to recover operations in a BCDR situation to meet management's objectives?

A.
RSL
A.
RSL
Answers
B.
RPO
B.
RPO
Answers
C.
SRE
C.
SRE
Answers
D.
RTO
D.
RTO
Answers
Suggested answer: D

Explanation:

The recovery time objective (RTO) is a measure of the amount of time it would take to recover operations in the event of a disaster to the point where management's objectives are met for BCDR.

Question 103

Report
Export
Collapse

Which of the cloud deployment models requires the cloud customer to be part of a specific group or organization in order to host cloud services within it?

A.
Community
A.
Community
Answers
B.
Hybrid
B.
Hybrid
Answers
C.
Private
C.
Private
Answers
D.
Public
D.
Public
Answers
Suggested answer: A

Explanation:

A community cloud model is where customers that share a certain common bond or group membership come together to offer cloud services to their members, focused on common goals and interests.

Question 104

Report
Export
Collapse

What provides the information to an application to make decisions about the authorization level appropriate when granting access?

A.
User
A.
User
Answers
B.
Relying party
B.
Relying party
Answers
C.
Federation
C.
Federation
Answers
D.
Identity Provider
D.
Identity Provider
Answers
Suggested answer: D

Explanation:

Upon successful user authentication, the identity provider gives information about the user to the relying party that it needs to make authorization decisions for granting access as well as the level of access needed.

Question 105

Report
Export
Collapse

What is a standard configuration and policy set that is applied to systems and virtual machines called?

A.
Standardization
A.
Standardization
Answers
B.
Baseline
B.
Baseline
Answers
C.
Hardening
C.
Hardening
Answers
D.
Redline
D.
Redline
Answers
Suggested answer: B

Explanation:

The most common and efficient manner of securing operating systems is through the use of baselines. A baseline is a standardized and understood set of base configurations and settings. When a new system is built or a new virtual machine is established, baselines will be applied to a new image to ensure the base configuration meets organizational policy and regulatory requirements.

Question 106

Report
Export
Collapse

Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders?

A.
Russia
A.
Russia
Answers
B.
France
B.
France
Answers
C.
Germany
C.
Germany
Answers
D.
United States
D.
United States
Answers
Suggested answer: A

Explanation:

Signed into law and effective starting on September 1, 2015, Russian Law 526-FZ establishes that any collecting, storing, or processing of personal information or data on Russian citizens must be done from systems and databases that are physically located with the Russian Federation.

Question 107

Report
Export
Collapse

Which of the cloud cross-cutting aspects relates to the ability to easily move services and applications between different cloud providers?

A.
Reversibility
A.
Reversibility
Answers
B.
Availability
B.
Availability
Answers
C.
Portability
C.
Portability
Answers
D.
Interoperability
D.
Interoperability
Answers
Suggested answer: C

Explanation:

Portability is the ease with which a service or application can be moved between different cloud providers. Maintaining portability gives an organization great flexibility between cloud providers and the ability to shop for better deals or offerings.

Question 108

Report
Export
Collapse

Which type of audit report is considered a "restricted use" report for its intended audience?

A.
SAS-70
A.
SAS-70
Answers
B.
SSAE-16
B.
SSAE-16
Answers
C.
SOC Type 1
C.
SOC Type 1
Answers
D.
SOC Type 2
D.
SOC Type 2
Answers
Suggested answer: C

Explanation:

SOC Type 1 reports are considered "restricted use" reports. They are intended for management and stakeholders of an organization, clients of the service organization, and auditors of the organization. They are not intended for release beyond those audiences.

Question 109

Report
Export
Collapse

What is the concept of segregating information or processes, within the same system or application, for security reasons?

A.
fencing
A.
fencing
Answers
B.
Sandboxing
B.
Sandboxing
Answers
C.
Cellblocking
C.
Cellblocking
Answers
D.
Pooling
D.
Pooling
Answers
Suggested answer: B

Explanation:

Sandboxing involves segregating and isolating information or processes from others within the same system or application, typically for security concerns. This is generally used for data isolation (for example, keeping different communities and populations of users isolated from other similar data).

Question 110

Report
Export
Collapse

The European Union passed the first major regulation declaring data privacy to be a human right. In what year did it go into effect?

A.
2010
A.
2010
Answers
B.
2000
B.
2000
Answers
C.
1995
C.
1995
Answers
D.
1990
D.
1990
Answers
Suggested answer: C

Explanation:

Adopted in 1995, Directive 95/46 EC establishes strong data protection and policy requirements, including the declaring of data privacy to be a human right. It establishes that an individual has the right to be notified when their personal data is being access or processed, that it only will ever be accessed for legitimate purposes, and that data will only be accessed to the exact extent it needs to be for the particular process or request.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms