ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 42

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What is the biggest benefit to leasing space in a data center versus building or maintain your own?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?

Question 411

Report
Export
Collapse

Which of the following are distinguishing characteristics of a managed service provider?

A.
Be able to remotely monitor and manage objects for the customer and proactively maintain these objects under management.
A.
Be able to remotely monitor and manage objects for the customer and proactively maintain these objects under management.
Answers
B.
Have some form of a help desk but no NOC.
B.
Have some form of a help desk but no NOC.
Answers
C.
Be able to remotely monitor and manage objects for the customer and reactively maintain these objects under management.
C.
Be able to remotely monitor and manage objects for the customer and reactively maintain these objects under management.
Answers
D.
Have some form of a NOC but no help desk.
D.
Have some form of a NOC but no help desk.
Answers
Suggested answer: A

Explanation:

According to the MSP Alliance, typically MSPs have the following distinguishing characteristics:

- Have some form of NOC service

- Have some form of help desk service

- Can remotely monitor and manage all or a majority of the objects for the customer

- Can proactively maintain the objects under management for the customer

- Can deliver these solutions with some form of predictable billing model, where the customer knows with great accuracy what her regular IT management expense will be

Question 412

Report
Export
Collapse

To protect data on user devices in a BYOD environment, the organization should consider requiring all the following, except:

A.
Multifactor authentication
A.
Multifactor authentication
Answers
B.
DLP agents
B.
DLP agents
Answers
C.
Two-person integrity
C.
Two-person integrity
Answers
D.
Local encryption
D.
Local encryption
Answers
Suggested answer: C

Explanation:

Although all the other options are ways to harden a mobile device, two-person integrity is a concept that has nothing to do with the topic, and, if implemented, would require everyone in your organization to walk around in pairs while using their mobile devices.

Question 413

Report
Export
Collapse

Tokenization requires two distinct _________________ .

A.
Authentication factors
A.
Authentication factors
Answers
B.
Personnel
B.
Personnel
Answers
C.
Databases
C.
Databases
Answers
D.
Encryption
D.
Encryption
Answers
Suggested answer: C

Explanation:

In order to implement tokenization, there will need to be two databases: the database containing the raw, original data, and the token database containing tokens that map to original data. Having two-factor authentication is nice, but certainly not required. Encryption keys are not necessary for tokenization. Two-person integrity does not have anything to do with tokenization.

Question 414

Report
Export
Collapse

DLP can be combined with what other security technology to enhance data controls?

A.
DRM
A.
DRM
Answers
B.
Hypervisor
B.
Hypervisor
Answers
C.
SIEM
C.
SIEM
Answers
D.
Kerberos
D.
Kerberos
Answers
Suggested answer: A

Explanation:

DLP can be combined with DRM to protect intellectual property; both are designed to deal with data that falls into special categories. SIEMs are used for monitoring event logs, not live data movement. Kerberos is an authentication mechanism. Hypervisors are used for virtualization.

Question 415

Report
Export
Collapse

What is the intellectual property protection for a confidential recipe for muffins?

A.
Patent
A.
Patent
Answers
B.
Trademark
B.
Trademark
Answers
C.
Trade secret
C.
Trade secret
Answers
D.
Copyright
D.
Copyright
Answers
Suggested answer: C

Explanation:

Confidential recipes unique to the organization are trade secrets. The other answers listed are answers to other questions.

Question 416

Report
Export
Collapse

Every security program and process should have which of the following?

A.
Severe penalties
A.
Severe penalties
Answers
B.
Multifactor authentication
B.
Multifactor authentication
Answers
C.
Foundational policy
C.
Foundational policy
Answers
D.
Homomorphic encryption
D.
Homomorphic encryption
Answers
Suggested answer: C

Explanation:

Policy drives all programs and functions in the organization; the organization should not conduct any operations that don't have a policy governing them.

Penalties may or may not be an element of policy, and severity depends on the topic. Multifactor authentication and homomorphic encryption are red herrings here.

Question 417

Report
Export
Collapse

DLP solutions can aid in deterring loss due to which of the following?

A.
Inadvertent disclosure
A.
Inadvertent disclosure
Answers
B.
Natural disaster
B.
Natural disaster
Answers
C.
Randomization
C.
Randomization
Answers
D.
Device failure
D.
Device failure
Answers
Suggested answer: A

Explanation:

DLP solutions may protect against inadvertent disclosure. Randomization is a technique for obscuring data, not a risk to data. DLP tools will not protect against risks from natural disasters, or against impacts due to device failure.

Question 418

Report
Export
Collapse

All policies within the organization should include a section that includes all of the following, except:

A.
Policy adjudication
A.
Policy adjudication
Answers
B.
Policy maintenance
B.
Policy maintenance
Answers
C.
Policy review
C.
Policy review
Answers
D.
Policy enforcement
D.
Policy enforcement
Answers
Suggested answer: A

Explanation:

All the elements except adjudication need to be addressed in each policy. Adjudication is not an element of policy.

Question 419

Report
Export
Collapse

Proper implementation of DLP solutions for successful function requires which of the following?

A.
Physical access limitations
A.
Physical access limitations
Answers
B.
USB connectivity
B.
USB connectivity
Answers
C.
Accurate data categorization
C.
Accurate data categorization
Answers
D.
Physical presence
D.
Physical presence
Answers
Suggested answer: C

Explanation:

DLP tools need to be aware of which information to monitor and which requires categorization (usually done upon data creation, by the data owners). DLPs can be implemented with or without physical access or presence. USB connectivity has nothing to do with DLP solutions.

Question 420

Report
Export
Collapse

What is the experimental technology that might lead to the possibility of processing encrypted data without having to decrypt it first?

A.
AES
A.
AES
Answers
B.
Link encryption
B.
Link encryption
Answers
C.
One-time pads
C.
One-time pads
Answers
D.
Homomorphic encryption
D.
Homomorphic encryption
Answers
Suggested answer: D

Explanation:

AES is an encryption standard. Link encryption is a method for protecting communications traffic. One-time pads are an encryption method.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms