ISC CCSP Practice Test - Questions Answers, Page 19
List of questions
Question 181
Which aspect of security is DNSSEC designed to ensure?
Explanation:
DNSSEC is a security extension to the regular DNS protocol and services that allows for the validation of the integrity of DNS lookups. It does not address confidentiality or availability at all. It allows for a DNS client to perform DNS lookups and validate both their origin and authority via the cryptographic signature that accompanies the DNS response.
Question 182
Which process serves to prove the identity and credentials of a user requesting access to an application or data?
Explanation:
Authentication is the process of proving whether the identity presented by a user is true and valid. This can be done through common mechanisms such as user ID and password combinations or with more secure methods such as multifactor authentication.
Question 183
Who would be responsible for implementing IPsec to secure communications for an application?
Explanation:
Because IPsec is implemented at the system or network level, it is the responsibility of the systems staff. IPsec removes the responsibility from developers, whereas other technologies such as TLS would be implemented by developers.
Question 184
What is the minimum regularity for testing a BCDR plan to meet best practices?
Explanation:
Best practices and industry standards dictate that a BCDR solution should be tested at least once a year, though specific regulatory requirements may dictate more regular testing. The BCDR plan should also be tested whenever a major modification to a system occurs.
Question 185
Other than cost savings realized due to measured service, what is another facet of cloud computing that will typically save substantial costs in time and money for an organization in the event of a disaster?
Explanation:
With a typical BCDR solution, an organization would need some number of staff to quickly travel to the location of the BCDR site to configure systems and applications for recovery. With a cloud environment, everything is done over broad network access, with no need (or even possibility) to travel to a remote site at any time.
Question 186
Which of the following is NOT part of a retention policy?
Explanation:
The data retention policy covers the duration, format, technologies, protection, and accessibility of archives, but does not address the specific costs of its implementation and maintenance.
Question 187
Which aspect of cloud computing would make the use of a cloud the most attractive as a BCDR solution?
Explanation:
Measured service means that costs are only incurred when a cloud customer is actually using cloud services. This is ideal for a business continuity and disaster recovery (BCDR) solution because it negates the need to keep hardware or resources on standby in case of a disaster. Services can be initiated when needed and without costs unless needed.
Question 188
Which of the cloud deployment models offers the easiest initial setup and access for the cloud customer?
Explanation:
Because the public cloud model is available to everyone, in most instances all a customer will need to do to gain access is set up an account and provide a credit card number through the service's web portal. No additional contract negotiations, agreements, or specific group memberships are typically needed to get started.
Question 189
Which of the following is NOT something that an HIDS will monitor?
Explanation:
A host intrusion detection system (HIDS) monitors network traffic as well as critical system files and configurations.
Question 190
Which of the following technologies is used to monitor network traffic and notify if any potential threats or attacks are noticed?
Explanation:
An intrusion detection system (IDS) is designed to analyze network packets, compare their contents or characteristics against a set of configurations or signatures, and alert personnel if anything is detected that could constitute a threat or is otherwise designated for alerting.
Question