ISC CCSP Practice Test - Questions Answers, Page 20
List of questions
Question 191
What concept does the "A" represent in the DREAD model?
Explanation:
Affected users refers to the percentage of users who would be impacted by a successful exploit. Scoring ranges from 0, which means no users are impacted, to 10, which means all users are impacted.
Question 192
Which attribute of data poses the biggest challenge for data discovery?
Explanation:
The main problem when it comes to data discovery is the quality of the data that analysis is being performed against. Data that is malformed, incorrectly stored or labeled, or incomplete makes it very difficult to use analytical tools against.
Question 193
What does static application security testing (SAST) offer as a tool to the testers?
Explanation:
Static application security testing (SAST) is conducted with knowledge of the system, including source code, and is done against offline systems.
Question 194
Which of the following service capabilities gives the cloud customer an established and maintained framework to deploy code and applications?
Explanation:
The platform service capability provides programming languages and libraries from the cloud provider, where the customer can deploy their own code and applications into a managed and controlled framework.
Question 195
What process is used within a cloud environment to maintain resource balancing and ensure that resources are available where and when needed?
Explanation:
Dynamic optimization is the process through which the cloud environment is constantly maintained to ensure resources are available when and where needed, and that physical nodes do not become overloaded or near capacity, while others are underutilized.
Question 196
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
Explanation:
The recovery service level (RSL) is a percentage measure of the total typical production service level that needs to be restored to meet BCDR objectives in the case of a failure.
Question 197
Over time, what is a primary concern for data archiving?
Explanation:
Over time, maintaining the ability to restore and read archives is a primary concern for data archiving. As technologies change and new systems are brought in, it is imperative for an organization to ensure they are still able to restore and access archives for the duration of the required retention period.
Question 198
What is an often overlooked concept that is essential to protecting the confidentiality of data?
Explanation:
While the main focus of confidentiality revolves around technological requirements or particular security methods, an important and often overlooked aspect of safeguarding data confidentiality is appropriate and comprehensive training for those with access to it. Training should be focused on the safe handling of sensitive information overall, including best practices for network activities as well as physical security of the devices or workstations used to access the application.
Question 199
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Explanation:
A private cloud model, and the specific contractual relationships involved, will give a cloud customer the most level of input and control over how the overall cloud environment is designed and implemented. This would be even more so in cases where the private cloud is owned and operated by the same organization that is hosting services within it.
Question 200
What concept does the "D" represent with the STRIDE threat model?
Explanation:
Any application can be a possible target of denial-of-service (DoS) attacks. From the application side, the developers should minimize how many operations are performed for non-authenticated users. This will keep the application running as quickly as possible and using the least amount of system resources to help minimize the impact of any such attacks.
Question