ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 14

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Over time, what is a primary concern for data archiving?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What is the biggest benefit to leasing space in a data center versus building or maintain your own?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?

Question 131

Report
Export
Collapse

Which of the cloud deployment models involves spanning multiple cloud environments or a mix of cloud hosting models?

A.
Community
A.
Community
Answers
B.
Public
B.
Public
Answers
C.
Hybrid
C.
Hybrid
Answers
D.
Private
D.
Private
Answers
Suggested answer: C

Explanation:

A hybrid cloud model involves the use of more than one type of cloud hosting models, typically the mix of private and public cloud hosting models.

Question 132

Report
Export
Collapse

Which of the following is NOT one of five principles of SOC Type 2 audits?

A.
Privacy
A.
Privacy
Answers
B.
Processing integrity
B.
Processing integrity
Answers
C.
Financial
C.
Financial
Answers
D.
Security
D.
Security
Answers
Suggested answer: C

Explanation:

The SOC Type 2 audits include five principles: security, privacy, processing integrity, availability, and confidentiality.

Question 133

Report
Export
Collapse

Which aspect of cloud computing makes data classification even more vital than in a traditional data center?

A.
Interoperability
A.
Interoperability
Answers
B.
Virtualization
B.
Virtualization
Answers
C.
Multitenancy
C.
Multitenancy
Answers
D.
Portability
D.
Portability
Answers
Suggested answer: C

Explanation:

With multiple tenants within the same hosting environment, any failure to properly classify data may lead to potential exposure to other customers and applications within the same environment.

Question 134

Report
Export
Collapse

What concept does the "T" represent in the STRIDE threat model?

A.
TLS
A.
TLS
Answers
B.
Testing
B.
Testing
Answers
C.
Tampering with data
C.
Tampering with data
Answers
D.
Transport
D.
Transport
Answers
Suggested answer: C

Explanation:

Any application that sends data to the user will face the potential that the user could manipulate or alter the data, whether it resides in cookies, GET or POST commands, or headers, or manipulates client-side validations. If the user receives data from the application, it is crucial that the application validate and verify any data that is received back from the user.

Question 135

Report
Export
Collapse

Which of the following would be a reason to undertake a BCDR test?

A.
Functional change of the application
A.
Functional change of the application
Answers
B.
Change in staff
B.
Change in staff
Answers
C.
User interface overhaul of the application
C.
User interface overhaul of the application
Answers
D.
Change in regulations
D.
Change in regulations
Answers
Suggested answer: A

Explanation:

Any time a major functional change of an application occurs, a new BCDR test should be done to ensure the overall strategy and process are still applicable and appropriate.

Question 136

Report
Export
Collapse

What is the biggest challenge to data discovery in a cloud environment?

A.
Format
A.
Format
Answers
B.
Ownership
B.
Ownership
Answers
C.
Location
C.
Location
Answers
D.
Multitenancy
D.
Multitenancy
Answers
Suggested answer: C

Explanation:

With the distributed nature of cloud environments, the foremost challenge for data discovery is awareness of the location of data and keeping track of it during the constant motion of cloud storage systems.

Question 137

Report
Export
Collapse

Which crucial aspect of cloud computing can be most threatened by insecure APIs?

A.
Automation
A.
Automation
Answers
B.
Redundancy
B.
Redundancy
Answers
C.
Resource pooling
C.
Resource pooling
Answers
D.
Elasticity
D.
Elasticity
Answers
Suggested answer: A

Explanation:

Cloud environments depend heavily on API calls for management and automation. Any vulnerability with the APIs can cause significant risk and exposure to all tenants of the cloud environment.

Question 138

Report
Export
Collapse

Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?

A.
Functionality
A.
Functionality
Answers
B.
Programming languages
B.
Programming languages
Answers
C.
Software platform
C.
Software platform
Answers
D.
Security requirements
D.
Security requirements
Answers
Suggested answer: D

Explanation:

Security requirements should be incorporated into the software development lifecycle (SDLC) from the earliest requirement gathering stage and should be incorporated prior to the requirement analysis phase.

Question 139

Report
Export
Collapse

Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and roles, as well as to ensuring they are successful and properly performed?

A.
Service-level agreements
A.
Service-level agreements
Answers
B.
Governance
B.
Governance
Answers
C.
Regulatory requirements
C.
Regulatory requirements
Answers
D.
Auditability
D.
Auditability
Answers
Suggested answer: B

Explanation:

Governance at its core is the idea of assigning jobs, takes, roles, and responsibilities and ensuring they are satisfactory performed.

Question 140

Report
Export
Collapse

Which regulatory system pertains to the protection of healthcare data?

A.
HIPAA
A.
HIPAA
Answers
B.
HAS
B.
HAS
Answers
C.
HITECH
C.
HITECH
Answers
D.
HFCA
D.
HFCA
Answers
Suggested answer: A

Explanation:

The Health Insurance Portability and Accountability Act (HIPAA) sets stringent requirements in the United States for the protection of healthcare records.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms