ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Over time, what is a primary concern for data archiving?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
What concept does the "D" represent with the STRIDE threat model?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What is the biggest benefit to leasing space in a data center versus building or maintain your own?
The baseline should cover which of the following?
What is one of the reasons a baseline might be changed?

Question 311

Report
Export
Collapse

Which of the following statements about Type 1 hypervisors is true?

A.
The hardware vendor and software vendor are different.
A.
The hardware vendor and software vendor are different.
Answers
B.
The hardware vendor and software vendor are the same
B.
The hardware vendor and software vendor are the same
Answers
C.
The hardware vendor provides an open platform for software vendors.
C.
The hardware vendor provides an open platform for software vendors.
Answers
D.
The hardware vendor and software vendor should always be different for the sake of security.
D.
The hardware vendor and software vendor should always be different for the sake of security.
Answers
Suggested answer: B

Explanation:

With a Type 1 hypervisor, the management software and hardware are tightly tied together and provided by the same vendor on a closed platform. This allows for optimal security, performance, and support. The other answers are all incorrect descriptions of a Type 1 hypervisor.

Question 312

Report
Export
Collapse

Which format is the most commonly used standard for exchanging information within a federated identity system?

A.
XML
A.
XML
Answers
B.
HTML
B.
HTML
Answers
C.
SAML
C.
SAML
Answers
D.
JSON
D.
JSON
Answers
Suggested answer: C

Explanation:

Security Assertion Markup Language (SAML) is the most common data format for information exchange within a federated identity system. It is used to transmit and exchange authentication and authorization data.XML is similar to SAML, but it's used for general-purpose data encoding and labeling and is not used for the exchange of authentication and authorization data in the way that SAML is for federated systems. JSON is used similarly to XML, as a text-based data exchange format that typically uses attribute-value pairings, but it's not used for authentication and authorization exchange. HTML is used only for encoding web pages for web browsers and is not used for data exchange--and certainly not in a federated system.

Question 313

Report
Export
Collapse

Which ITIL component is focused on anticipating predictable problems and ensuring that configurations and operations are in place to prevent these problems from ever occurring?

A.
Availability management
A.
Availability management
Answers
B.
Continuity management
B.
Continuity management
Answers
C.
Configuration management
C.
Configuration management
Answers
D.
Problem management
D.
Problem management
Answers
Suggested answer: D

Explanation:

Problem management is focused on identifying and mitigating known problems and deficiencies before they are able to occur, as well as on minimizing the impact of incidents that cannot be prevented. Continuity management (or business continuity management) is focused on planning for the successful restoration of systems or services after an unexpected outage, incident, or disaster. Availability management is focused on making sure system resources, processes, personnel, and toolsets are properly allocated and secured to meet SLA requirements. Configuration management tracks and maintains detailed information about all IT components within an organization.

Question 314

Report
Export
Collapse

Which of the following areas of responsibility would be shared between the cloud customer and cloud provider within the Software as a Service (SaaS) category?

A.
Data
A.
Data
Answers
B.
Governance
B.
Governance
Answers
C.
Application
C.
Application
Answers
D.
Physical
D.
Physical
Answers
Suggested answer: C

Explanation:

With SaaS, the application is a shared responsibility between the cloud provider and cloud customer. Although the cloud provider is responsible for deploying, maintaining, and securing the application, the cloud customer does carry some responsibility for the configuration of users and options. Regardless of the cloud service category used, the physical environment is always the sole responsibility of the cloud provider. With all cloud service categories, the data and governance are always the sole responsibility of the cloud customer.

Question 315

Report
Export
Collapse

When a system needs to be exposed to the public Internet, what type of secure system would be used to perform only the desired operations?

A.
Firewall
A.
Firewall
Answers
B.
Proxy
B.
Proxy
Answers
C.
Honeypot
C.
Honeypot
Answers
D.
Bastion
D.
Bastion
Answers
Suggested answer: D

Explanation:

A bastion is a system that is exposed to the public Internet to perform a specific function, but it is highly restricted and secured to just that function. Any nonessential services and access are removed from the bastion so that security countermeasures and monitoring can be focused just on the bastion's specific duties. A honeypot is a system designed to look like a production system to entice attackers, but it does not contain any real data. It is used for learning about types of attacks and enabling countermeasures for them. A firewall is used within a network to limit access between IP addresses and ports. A proxy server provides additional security to and rulesets for network traffic that is allowed to pass through it to a service destination.

Question 316

Report
Export
Collapse

With the rapid emergence of cloud computing, very few regulations were in place that pertained to it specifically, and organizations often had to resort to using a collection of regulations that were not specific to cloud in order to drive audits and policies.

Which standard from the ISO/IEC was designed specifically for cloud computing?

A.
ISO/IEC 27001
A.
ISO/IEC 27001
Answers
B.
ISO/IEC 19889
B.
ISO/IEC 19889
Answers
C.
ISO/IEC 27001:2015
C.
ISO/IEC 27001:2015
Answers
D.
ISO/IEC 27018
D.
ISO/IEC 27018
Answers
Suggested answer: D

Explanation:

ISO/IEC 27018 was implemented to address the protection of personal and sensitive information within a cloud environment. ISO/IEC 27001 and its later 27001:2015 revision are both general-purpose data security standards. ISO/IEC 19889 is an erroneous answer.

Question 317

Report
Export
Collapse

Which of the following is NOT considered a type of data loss?

A.
Data corruption
A.
Data corruption
Answers
B.
Stolen by hackers
B.
Stolen by hackers
Answers
C.
Accidental deletion
C.
Accidental deletion
Answers
D.
Lost or destroyed encryption keys
D.
Lost or destroyed encryption keys
Answers
Suggested answer: B

Explanation:

The exposure of data by hackers is considered a data breach. Data loss focuses on the data availability rather than security. Data loss occurs when data becomes lost, unavailable, or destroyed, when it should not have been.

Question 318

Report
Export
Collapse

Which of the following jurisdictions lacks a comprehensive national policy on data privacy and the protection of personally identifiable information (PII)?

A.
European Union
A.
European Union
Answers
B.
Asian-Pacific Economic Cooperation
B.
Asian-Pacific Economic Cooperation
Answers
C.
United States
C.
United States
Answers
D.
Russia
D.
Russia
Answers
Suggested answer: C

Explanation:

The United States has a myriad of regulations focused on specific types of data, such as healthcare and financial, but lacks an overall comprehensive privacy law on the national level. The European Union, the Asian-Pacific Economic Cooperation, and Russia all have national privacy protections and regulations for the handling the PII data of their citizens.

Question 319

Report
Export
Collapse

Which component of ITIL involves planning for the restoration of services after an unexpected outage or incident?

A.
Continuity management
A.
Continuity management
Answers
B.
Problem management
B.
Problem management
Answers
C.
Configuration management
C.
Configuration management
Answers
D.
Availability management
D.
Availability management
Answers
Suggested answer: A

Explanation:

Continuity management (or business continuity management) is focused on planning for the successful restoration of systems or services after an unexpected outage, incident, or disaster. Problem management is focused on identifying and mitigating known problems and deficiencies before they occur. Availability management is focused on making sure system resources, processes, personnel, and toolsets are properly allocated and secured to meet SLA requirements. Configuration management tracks and maintains detailed information about all IT components within an organization.

Question 320

Report
Export
Collapse

Which component of ITIL pertains to planning, coordinating, executing, and validating changes and rollouts to production environments?

A.
Release management
A.
Release management
Answers
B.
Availability management
B.
Availability management
Answers
C.
Problem management
C.
Problem management
Answers
D.
Change management
D.
Change management
Answers
Suggested answer: A

Explanation:

Release management involves planning, coordinating, executing, and validating changes and rollouts to the production environment. Change management is a higher-level component than release management and also involves stakeholder and management approval, rather than specifically focusing the actual release itself. Availability management is focused on making sure system resources, processes, personnel, and toolsets are properly allocated and secured to meet SLA requirements. Problem management is focused on identifying and mitigating known problems and deficiencies before they occur.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms