ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 47

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?
What is one of the reasons a baseline might be changed?

Question 461

Report
Export
Collapse

Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except:

A.
The cloud provider's utilities
A.
The cloud provider's utilities
Answers
B.
The cloud provider's suppliers
B.
The cloud provider's suppliers
Answers
C.
The cloud provider's resellers
C.
The cloud provider's resellers
Answers
D.
The cloud provider's vendors
D.
The cloud provider's vendors
Answers
Suggested answer: C

Explanation:

The cloud provider's resellers are a marketing and sales mechanism, not an operational dependency that could affect the security of a cloud customer.

Question 462

Report
Export
Collapse

Because of multitenancy, specific risks in the public cloud that don't exist in the other cloud service models include all the following except:

A.
DoS/DDoS
A.
DoS/DDoS
Answers
B.
Information bleed
B.
Information bleed
Answers
C.
Risk of loss/disclosure due to legal seizures
C.
Risk of loss/disclosure due to legal seizures
Answers
D.
Escalation of privilege
D.
Escalation of privilege
Answers
Suggested answer: A

Explanation:

DoS/DDoS threats and risks are not unique to the public cloud model.

Question 463

Report
Export
Collapse

What is the cloud service model in which the customer is responsible for administration of the OS?

A.
QaaS
A.
QaaS
Answers
B.
SaaS
B.
SaaS
Answers
C.
PaaS
C.
PaaS
Answers
D.
IaaS
D.
IaaS
Answers
Suggested answer: D

Explanation:

In IaaS, the cloud provider only owns the hardware and supplies the utilities. The customer is responsible for the OS, programs, and data. In PaaS and SaaS, the provider also owns the OS. There is no QaaS. That is a red herring.

Question 464

Report
Export
Collapse

All of the following are techniques to enhance the portability of cloud data, in order to minimize the potential of vendor lock-in except:

A.
Ensure there are no physical limitations to moving
A.
Ensure there are no physical limitations to moving
Answers
B.
Use DRM and DLP solutions widely throughout the cloud operation
B.
Use DRM and DLP solutions widely throughout the cloud operation
Answers
C.
Ensure favorable contract terms to support portability
C.
Ensure favorable contract terms to support portability
Answers
D.
Avoid proprietary data formats
D.
Avoid proprietary data formats
Answers
Suggested answer: B

Explanation:

DRM and DLP are used for increased authentication/access control and egress monitoring, respectively, and would actually decrease portability instead of enhancing it.

Question 465

Report
Export
Collapse

Hardening the operating system refers to all of the following except:

A.
Limiting administrator access
A.
Limiting administrator access
Answers
B.
Closing unused ports
B.
Closing unused ports
Answers
C.
Removing antimalware agents
C.
Removing antimalware agents
Answers
D.
Removing unnecessary services and libraries
D.
Removing unnecessary services and libraries
Answers
Suggested answer: C

Explanation:

Removing antimalware agents. Hardening the operating system means making it more secure. Limiting administrator access, closing unused ports, and removing unnecessary services and libraries all have the potential to make an OS more secure. But removing antimalware agents would actually make the system less secure. If anything, antimalware agents should be added, not removed.

Question 466

Report
Export
Collapse

Which kind of SSAE audit report is a cloud customer most likely to receive from a cloud provider?

A.
SOC 1 Type 1
A.
SOC 1 Type 1
Answers
B.
SOC 2 Type 2
B.
SOC 2 Type 2
Answers
C.
SOC 3
C.
SOC 3
Answers
D.
SOC 1 Type 2
D.
SOC 1 Type 2
Answers
Suggested answer: C

Explanation:

The SOC 3 is the least detailed, so the provider is not concerned about revealing it. The SOC 1 Types 1 and 2 are about financial reporting, and not relevant.

The SOC 2 Type 2 is much more detailed and will most likely be kept closely held by the provider.

Question 467

Report
Export
Collapse

The cloud customer's trust in the cloud provider can be enhanced by all of the following except:

A.
SLAs
A.
SLAs
Answers
B.
Shared administration
B.
Shared administration
Answers
C.
Audits
C.
Audits
Answers
D.
real-time video surveillance
D.
real-time video surveillance
Answers
Suggested answer: D

Explanation:

Video surveillance will not provide meaningful information and will not enhance trust. All the others will do it.

Question 468

Report
Export
Collapse

As a result of scandals involving publicly traded corporations such as Enron, WorldCom, and Adelphi, Congress passed legislation known as:

A.
SOX
A.
SOX
Answers
B.
HIPAA
B.
HIPAA
Answers
C.
FERPA
C.
FERPA
Answers
D.
GLBA
D.
GLBA
Answers
Suggested answer: A

Explanation:

Sarbanes-Oxley was a direct response to corporate scandals. FERPA is related to education. GLBA is about the financial industry. HIPAA is about health care.

Question 469

Report
Export
Collapse

In addition to whatever audit results the provider shares with the customer, what other mechanism does the customer have to ensure trust in the provider's performance and duties?

A.
HIPAA
A.
HIPAA
Answers
B.
The contract
B.
The contract
Answers
C.
Statutes
C.
Statutes
Answers
D.
Security control matrix
D.
Security control matrix
Answers
Suggested answer: B

Explanation:

The contract between the provider and customer enhances the customer's trust by holding the provider financially liable for negligence or inadequate service (although the customer remains legally liable for all inadvertent disclosures). Statutes, however, largely leave customers liable. The security control matrix is a tool for ensuring compliance with regulations. HIPAA is a statute.

Question 470

Report
Export
Collapse

The application normative framework is best described as which of the following?

A.
A superset of the ONF
A.
A superset of the ONF
Answers
B.
A stand-alone framework for storing security practices for the ONF
B.
A stand-alone framework for storing security practices for the ONF
Answers
C.
The complete ONF
C.
The complete ONF
Answers
D.
A subnet of the ONF
D.
A subnet of the ONF
Answers
Suggested answer: D

Explanation:

Remember, there is a one-to-many ratio of ONF to ANF; each organization has one ONF and many ANFs (one for each application in the organization).

Therefore, the ANF is a subset of the ONF.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms