ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 16

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Over time, what is a primary concern for data archiving?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
What concept does the "D" represent with the STRIDE threat model?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What is the biggest benefit to leasing space in a data center versus building or maintain your own?
The baseline should cover which of the following?
What is the data encapsulation used with the SOAP protocol referred to?

Question 151

Report
Export
Collapse

Which of the following would NOT be a reason to activate a BCDR strategy?

A.
Staffing loss
A.
Staffing loss
Answers
B.
Terrorism attack
B.
Terrorism attack
Answers
C.
Utility disruptions
C.
Utility disruptions
Answers
D.
Natural disaster
D.
Natural disaster
Answers
Suggested answer: A

Explanation:

The loss of staffing would not be a reason to declare a BCDR situation because it does not impact production operations or equipment, and the same staff would be needed for a BCDR situation.

Question 152

Report
Export
Collapse

Which of the cloud cross-cutting aspects relates to the oversight of processes and systems, as well as to ensuring their compliance with specific policies and regulations?

A.
Governance
A.
Governance
Answers
B.
Regulatory requirements
B.
Regulatory requirements
Answers
C.
Service-level agreements
C.
Service-level agreements
Answers
D.
Auditability
D.
Auditability
Answers
Suggested answer: D

Explanation:

Auditing involves reports and evidence that show user activity, compliance with controls and regulations, the systems and processes that run and what they do, as well as information and data access and modification records. A cloud environment adds additional complexity to traditional audits because the cloud customer will not have the same level of access to systems and data as they would in a traditional data center.

Question 153

Report
Export
Collapse

Which of the cloud cross-cutting aspects relates to the ability to reuse or move components of an application or service?

A.
Availability
A.
Availability
Answers
B.
Interoperability
B.
Interoperability
Answers
C.
Reversibility
C.
Reversibility
Answers
D.
Portability
D.
Portability
Answers
Suggested answer: B

Explanation:

Interoperability is the ease with which one can move or reuse components of an application or service. This is maximized when services are designed without specific dependencies on underlying platforms, operating systems, locations, or cloud providers.

Question 154

Report
Export
Collapse

Which of the following is a restriction that can be enforced by information rights management (IRM) that is not possible for traditional file system controls?

A.
Delete
A.
Delete
Answers
B.
Modify
B.
Modify
Answers
C.
Read
C.
Read
Answers
D.
Print
D.
Print
Answers
Suggested answer: D

Explanation:

IRM allows an organization to control who can print a set of information. This is not be possible under traditional file system controls, where if a user can read a file, they are able to print it as well.

Question 155

Report
Export
Collapse

What strategy involves hiding data in a data set to prevent someone from identifying specific individuals based on other data fields present?

A.
Anonymization
A.
Anonymization
Answers
B.
Tokenization
B.
Tokenization
Answers
C.
Masking
C.
Masking
Answers
D.
Obfuscation
D.
Obfuscation
Answers
Suggested answer: A

Explanation:

With data anonymization, data is manipulated in such a way so as to prevent the identification of an individual through various data objects, and is often used in conjunction with other concepts such as masking.

Question 156

Report
Export
Collapse

What type of security threat is DNSSEC designed to prevent?

A.
Account hijacking
A.
Account hijacking
Answers
B.
Snooping
B.
Snooping
Answers
C.
Spoofing
C.
Spoofing
Answers
D.
Injection
D.
Injection
Answers
Suggested answer: C

Explanation:

DNSSEC is designed to prevent the spoofing and redirection of DNS resolutions to rogue sites.

Question 157

Report
Export
Collapse

Which European Union directive pertains to personal data privacy and an individual's control over their personal data?

A.
99/9/EC
A.
99/9/EC
Answers
B.
95/46/EC
B.
95/46/EC
Answers
C.
2000/1/EC
C.
2000/1/EC
Answers
D.
2013/27001/EC
D.
2013/27001/EC
Answers
Suggested answer: B

Explanation:

Directive 95/46/EC is titled "On the protection of individuals with regard to the processing of personal data and on the free movement of such data."

Question 158

Report
Export
Collapse

Which of the cloud cross-cutting aspects relates to the requirements placed on a system or application by law, policy, or requirements from standards?

A.
regulatory requirements
A.
regulatory requirements
Answers
B.
Auditability
B.
Auditability
Answers
C.
Service-level agreements
C.
Service-level agreements
Answers
D.
Governance
D.
Governance
Answers
Suggested answer: A

Explanation:

Regulatory requirements are those imposed upon businesses and their operations either by law, regulation, policy, or standards and guidelines. These requirements are specific either to the locality in which the company or application is based or to the specific nature of the data and transactions conducted.

Question 159

Report
Export
Collapse

Which data point that auditors always desire is very difficult to provide within a cloud environment?

A.
Access policy
A.
Access policy
Answers
B.
Systems architecture
B.
Systems architecture
Answers
C.
Baselines
C.
Baselines
Answers
D.
Privacy statement
D.
Privacy statement
Answers
Suggested answer: B

Explanation:

Cloud environments are constantly changing and often span multiple physical locations. A cloud customer is also very unlikely to have knowledge and insight into the underlying systems architecture in a cloud environment. Both of these realities make it very difficult, if not impossible, for an organization to provide a comprehensive systems design document.

Question 160

Report
Export
Collapse

What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?

A.
Proxy
A.
Proxy
Answers
B.
Bastion
B.
Bastion
Answers
C.
Honeypot
C.
Honeypot
Answers
D.
WAF
D.
WAF
Answers
Suggested answer: B

Explanation:

A bastion host is a server that is fully exposed to the public Internet, but is extremely hardened to prevent attacks and is usually dedicated for a specific application or usage; it is not something that will serve multiple purposes. This singular focus allows for much more stringent security hardening and monitoring.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms