ISC CCSP Practice Test - Questions Answers, Page 13
List of questions
Question 121
What process is used within a clustered system to provide high availability and load balancing?
Explanation:
Dynamic resource scheduling (DRS) is used within all clustering systems as the method for clusters to provide high availability, scaling, management, and workload distribution and balancing of jobs and processes. From a physical infrastructure perspective, DRS is used to balance compute loads between physical hosts in a cloud to maintain the desired thresholds and limits on the physical hosts.
Question 122
Which of the following is NOT a function performed by the handshake protocol of TLS?
Explanation:
The handshake protocol negotiates and establishes the connection as well as handles the key exchange and establishes the session ID. It does not perform the actual encryption of data packets.
Question 123
Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?
Explanation:
SOC Type 2 reports are focused on the same policies and procedures, as well as their effectiveness, as SOC Type 1 reports, but are evaluated over a period of at least six consecutive months, rather than a finite point in time.
Question 124
What changes are necessary to application code in order to implement DNSSEC?
Explanation:
To implement DNSSEC, no additional changes are needed to applications or their code because the integrity checks are all performed at the system level.
Question 125
Which type of controls are the SOC Type 1 reports specifically focused on?
Explanation:
SOC Type 1 reports are focused specifically on internal controls as they relate to financial reporting.
Question 126
Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?
Explanation:
The main goal of confidentiality is to ensure that sensitive information is not made available or leaked to parties that should not have access to it, while at the same time ensuring that those with appropriate need and authorization to access it can do so in a manner commensurate with their needs and confidentiality requirements.
Question 127
Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?
Explanation:
Budgetary and cost controls is not one of the domains outlined in the CCM.
Question 128
Which security concept, if implemented correctly, will protect the data on a system, even if a malicious actor gains access to the actual system?
Explanation:
In any environment, data encryption is incredibly important to prevent unauthorized exposure of data either internally or externally. If a system is compromised by an attack, having the data encrypted on the system will prevent its unauthorized exposure or export, even with the system itself being exposed.
Question 129
Which of the following is the sole responsibility of the cloud provider, regardless of which cloud model is used?
Explanation:
Regardless of which cloud-hosting model is used, the cloud provider always has sole responsibility for the physical environment.
Question 130
Which of the following is NOT a factor that is part of a firewall configuration?
Explanation:
Firewalls take into account source IP, destination IP, the port the traffic is using, as well as the network protocol (UDP/TCP). Whether or not the traffic is encrypted is not something a firewall is concerned with.
Question