ISC CCSP Practice Test - Questions Answers, Page 39

Different security testing methodologies offer different strategies and approaches to testing systems, requiring security personnel to determine the best type to use for their specific circumstances.

What does dynamic application security testing (DAST) NOT entail that SAST does?

You need to gain approval to begin moving your company's data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from the cloud provider as a precondition.

Which of the following cloud concepts would this pertain to?

What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?

A main objective for an organization when utilizing cloud services is to avoid vendor lock-in so as to ensure flexibility and maintain independence.

Which core concept of cloud computing is most related to vendor lock-in?

Which of the following areas of responsibility always falls completely under the purview of the cloud provider, regardless of which cloud service category is used?

What type of masking would you employ to produce a separate data set for testing purposes based on production data without any sensitive information?

Which aspect of data poses the biggest challenge to using automated tools for data discovery and programmatic data classification?

When an organization is considering a cloud environment for hosting BCDR solutions, which of the following would be the greatest concern?

Just like the risk management process, the BCDR planning process has a defined sequence of steps and processes to follow to ensure the production of a comprehensive and successful plan.

Which of the following is the correct sequence of steps for a BCDR plan?