ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 18

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Over time, what is a primary concern for data archiving?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
What concept does the "D" represent with the STRIDE threat model?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What is the biggest benefit to leasing space in a data center versus building or maintain your own?
The baseline should cover which of the following?
Which of the following is NOT a key area for performance monitoring as far as an SLA is concerned?

Question 171

Report
Export
Collapse

Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments?

A.
Platform
A.
Platform
Answers
B.
Infrastructure
B.
Infrastructure
Answers
C.
Software
C.
Software
Answers
D.
Desktop
D.
Desktop
Answers
Suggested answer: C

Explanation:

The software service capability gives the cloud customer a fully established application, where only minimal user configuration options are allowed.

Question 172

Report
Export
Collapse

What does the "SOC" acronym refer to with audit reports?

A.
Service Origin Confidentiality
A.
Service Origin Confidentiality
Answers
B.
System Organization Confidentiality
B.
System Organization Confidentiality
Answers
C.
Service Organizational Control
C.
Service Organizational Control
Answers
D.
System Organization Control
D.
System Organization Control
Answers
Suggested answer: C

Question 173

Report
Export
Collapse

What does the REST API use to protect data transmissions?

A.
NetBIOS
A.
NetBIOS
Answers
B.
VPN
B.
VPN
Answers
C.
Encapsulation
C.
Encapsulation
Answers
D.
TLS
D.
TLS
Answers
Suggested answer: D

Explanation:

Representational State Transfer (REST) uses TLS for communication over secured channels. Although REST also supports SSL, at this point SSL has been phased out due to vulnerabilities and has been replaced by TLS.

Question 174

Report
Export
Collapse

What strategy involves replacing sensitive data with opaque values, usually with a means of mapping it back to the original value?

A.
Masking
A.
Masking
Answers
B.
Anonymization
B.
Anonymization
Answers
C.
Tokenization
C.
Tokenization
Answers
D.
Obfuscation
D.
Obfuscation
Answers
Suggested answer: C

Explanation:

Tokenization is the practice of utilizing a random and opaque "token" value in data to replace what otherwise would be a sensitive or protected data object. The token value is usually generated by the application with a means to map it back to the actual real value, and then the token value is placed in the data set with the same formatting and requirements of the actual real value so that the application can continue to function without different modifications or code changes.

Question 175

Report
Export
Collapse

With software-defined networking, what aspect of networking is abstracted from the forwarding of traffic?

A.
Routing
A.
Routing
Answers
B.
Session
B.
Session
Answers
C.
Filtering
C.
Filtering
Answers
D.
Firewalling
D.
Firewalling
Answers
Suggested answer: C

Explanation:

With software-defined networking (SDN), the filtering of network traffic is separated from the forwarding of network traffic so that it can be independently administered.

Question 176

Report
Export
Collapse

Which of the following does NOT fall under the "IT" aspect of quality of service (QoS)?

A.
Applications
A.
Applications
Answers
B.
Key performance indicators (KPIs)
B.
Key performance indicators (KPIs)
Answers
C.
Services
C.
Services
Answers
D.
Security
D.
Security
Answers
Suggested answer: B

Explanation:

KPIs fall under the "business" aspect of QoS, along with monitoring and measuring of events and business processes. Services, security, and applications are all core components and concepts of the "IT" aspect of QoS.

Question 177

Report
Export
Collapse

What does dynamic application security testing (DAST) NOT entail?

A.
Scanning
A.
Scanning
Answers
B.
Probing
B.
Probing
Answers
C.
Discovery
C.
Discovery
Answers
D.
Knowledge of the system
D.
Knowledge of the system
Answers
Suggested answer: D

Explanation:

Dynamic application security testing (DAST) is considered "black box" testing and begins with no inside knowledge of the application or its configurations.

Everything about the application must be discovered during the testing.

Question 178

Report
Export
Collapse

Where is an XML firewall most commonly deployed in the environment?

A.
Between the application and data layers
A.
Between the application and data layers
Answers
B.
Between the IPS and firewall
B.
Between the IPS and firewall
Answers
C.
Between the presentation and application layers
C.
Between the presentation and application layers
Answers
D.
Between the firewall and application server
D.
Between the firewall and application server
Answers
Suggested answer: D

Explanation:

XML firewalls are most commonly deployed in line between the firewall and application server to validate XML code before it reaches the application.

Question 179

Report
Export
Collapse

What type of masking strategy involves replacing data on a system while it passes between the data and application layers?

A.
Dynamic
A.
Dynamic
Answers
B.
Static
B.
Static
Answers
C.
Replication
C.
Replication
Answers
D.
Duplication
D.
Duplication
Answers
Suggested answer: A

Explanation:

With dynamic masking, production environments are protected with the masking process being implemented between the application and data layers of the application. This allows for a masking translation to take place live in the system and during normal application processing of data.

Question 180

Report
Export
Collapse

Which of the following is a widely used tool for code development, branching, and collaboration?

A.
GitHub
A.
GitHub
Answers
B.
Maestro
B.
Maestro
Answers
C.
Orchestrator
C.
Orchestrator
Answers
D.
Conductor
D.
Conductor
Answers
Suggested answer: A

Explanation:

GitHub is an open source tool that developers leverage for code collaboration, branching, and versioning.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms