ExamGecko

ISC CCSP Practice Test - Questions Answers, Page 35

Question list
Search
Search

List of questions

Search

Question 341

Report
Export
Collapse

Which of the following is a management role, versus a technical role, as it pertains to data management and oversight?

A.
Data owner
A.
Data owner
Answers
B.
Data processor
B.
Data processor
Answers
C.
Database administrator
C.
Database administrator
Answers
D.
Data custodian
D.
Data custodian
Answers
Suggested answer: A

Explanation:

Data owner is a management role that's responsible for all aspects of how data is used and protected. The database administrator, data custodian, and data processor are all technical roles that involve the actual use and consumption of data, or the implementation of security controls and policies with the data.

asked 18/09/2024
Monterio Weaver
33 questions

Question 342

Report
Export
Collapse

IRM solutions allow an organization to place different restrictions on data usage than would otherwise be possible through traditional security controls.

Which of the following controls would be possible with IRM that would not with traditional security controls?

A.
Copy
A.
Copy
Answers
B.
Read
B.
Read
Answers
C.
Delete
C.
Delete
Answers
D.
Print
D.
Print
Answers
Suggested answer: D

Explanation:

Traditional security controls would not be able to restrict a user from printing something that they have the ability to access and read, but IRM solutions would allow for such a restriction. If a user has permissions to read a file, he can also copy the file or print it under traditional controls, and the ability to modify or write will give the user the ability to delete.

asked 18/09/2024
NEXAR DONADIO
33 questions

Question 343

Report
Export
Collapse

Which data protection strategy would be useful for a situation where the ability to remove sensitive data from a set is needed, but a requirement to retain the ability to map back to the original values is also present?

A.
Masking
A.
Masking
Answers
B.
Tokenization
B.
Tokenization
Answers
C.
Encryption
C.
Encryption
Answers
D.
Anonymization
D.
Anonymization
Answers
Suggested answer: B

Explanation:

Tokenization involves the replacement of sensitive data fields with key or token values, which can ultimately be mapped back to the original, sensitive data values. Masking refers to the overall approach to covering sensitive data, and anonymization is a type of masking, where indirect identifiers are removed from a data set to prevent the mapping back of data to an individual. Encryption refers to the overall process of protecting data via key pairs and protecting confidentiality.

asked 18/09/2024
Trevore Agee
25 questions

Question 344

Report
Export
Collapse

A comprehensive BCDR plan will encapsulate many or most of the traditional concerns of operating a system in any data center.

However, what is one consideration that is often overlooked with the formulation of a BCDR plan?

A.
Availability of staff
A.
Availability of staff
Answers
B.
Capacity at the BCDR site
B.
Capacity at the BCDR site
Answers
C.
Restoration of services
C.
Restoration of services
Answers
D.
Change management processes
D.
Change management processes
Answers
Suggested answer: C

Explanation:

BCDR planning tends to focus so much on the failing over of services in the case of a disaster that recovery back to primary hosting after the disaster is often overlooked. In many instances, this can be just as complex a process as failing over, if not more so. Availability of staff, capacity at the BCDR site, and change management processes are typically integral to BCDR plans and are common components of them.

asked 18/09/2024
Jeff Silverman
34 questions

Question 345

Report
Export
Collapse

Which of the following is NOT one of the components of multifactor authentication?

A.
Something the user knows
A.
Something the user knows
Answers
B.
Something the user has
B.
Something the user has
Answers
C.
Something the user sends
C.
Something the user sends
Answers
D.
Something the user is
D.
Something the user is
Answers
Suggested answer: C

Explanation:

Multifactor authentication systems are composed of something the user knows, has, and/or is, not something the user sends. Multifactor authentication commonly uses something that a user knows, has, and/or is (such as biometrics or features).

asked 18/09/2024
ayodele fakayode
35 questions

Question 346

Report
Export
Collapse

Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight.

Which of the following is not a regulatory framework for more sensitive or specialized data?

A.
FIPS 140-2
A.
FIPS 140-2
Answers
B.
FedRAMP
B.
FedRAMP
Answers
C.
PCI DSS
C.
PCI DSS
Answers
D.
HIPAA
D.
HIPAA
Answers
Suggested answer: A

Explanation:

The FIPS 140-2 standard pertains to the certification of cryptographic modules and is not a regulatory framework. The Payment Card Industry Data Security Standard (PCI DSS), the Federal Risk and Authorization Management Program (FedRAMP), and the Health Insurance Portability and Accountability Act (HIPAA) are all regulatory frameworks for sensitive or specialized data.

asked 18/09/2024
Mary Andreou
46 questions

Question 347

Report
Export
Collapse

Which data sanitation method is also commonly referred to as "zeroing"?

A.
Overwriting
A.
Overwriting
Answers
B.
Nullification
B.
Nullification
Answers
C.
Blanking
C.
Blanking
Answers
D.
Deleting
D.
Deleting
Answers
Suggested answer: A

Explanation:

The zeroing of data--or the writing of null values or arbitrary data to ensure deletion has been fully completed--is officially referred to as overwriting. Nullification, deleting, and blanking are provided as distractor terms.

asked 18/09/2024
Clive Roberts
47 questions

Question 348

Report
Export
Collapse

What is the concept of isolating an application from the underlying operating system for testing purposes?

A.
Abstracting
A.
Abstracting
Answers
B.
Application virtualization
B.
Application virtualization
Answers
C.
Hosting
C.
Hosting
Answers
D.
Sandboxing
D.
Sandboxing
Answers
Suggested answer: B

Explanation:

Application virtualization is a software implementation that allows applications and programs to run in an isolated environment rather than directly interacting with the operating system. Sandboxing refers to segregating information or processes for security or testing purposes, but it's not directly related to isolation from the underlying operating system. Abstracting sounds similar to the correct term but is not pertinent to the question, and hosting is provided as an erroneous answer.

asked 18/09/2024
Ramon Vieira da Rocha
37 questions

Question 349

Report
Export
Collapse

Which of the following could be used as a second component of multifactor authentication if a user has an RSA token?

A.
Access card
A.
Access card
Answers
B.
USB thumb drive
B.
USB thumb drive
Answers
C.
Retina scan
C.
Retina scan
Answers
D.
RFID
D.
RFID
Answers
Suggested answer: C

Explanation:

A retina scan could be used in conjunction with an RSA token because it is a biometric factor, and thus a different type of factor. An access card, RFID, and USB thumb drive are all items in possession of a user, the same as an RSA token, and as such would not be appropriate.

asked 18/09/2024
Harri Jaakkonen
46 questions

Question 350

Report
Export
Collapse

Which of the following is NOT one of the official risk rating categories?

A.
Critical
A.
Critical
Answers
B.
Low
B.
Low
Answers
C.
Catastrophic
C.
Catastrophic
Answers
D.
Minimal
D.
Minimal
Answers
Suggested answer: C

Explanation:

The official categories of cloud risk ratings are Minimal, Low, Moderate, High, and Critical.

asked 18/09/2024
Eric Swisher
38 questions
Total 512 questions
Go to page: of 52