ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 48

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?
What is one of the reasons a baseline might be changed?

Question 471

Report
Export
Collapse

Deviations from the baseline should be investigated and __________________.

A.
Revealed
A.
Revealed
Answers
B.
Documented
B.
Documented
Answers
C.
Encouraged
C.
Encouraged
Answers
D.
Enforced
D.
Enforced
Answers
Suggested answer: B

Explanation:

All deviations from the baseline should be documented, including details of the investigation and outcome. We do not enforce or encourage deviations.

Presumably, we would already be aware of the deviation, so "revealing" is not a reasonable answer.

Question 472

Report
Export
Collapse

Which of the following best describes the Organizational Normative Framework (ONF)?

A.
A set of application security, and best practices, catalogued and leveraged by the organization
A.
A set of application security, and best practices, catalogued and leveraged by the organization
Answers
B.
A container for components of an application's security, best practices catalogued and leveraged by the organization
B.
A container for components of an application's security, best practices catalogued and leveraged by the organization
Answers
C.
A framework of containers for some of the components of application security, best practices, catalogued and leveraged by the organization
C.
A framework of containers for some of the components of application security, best practices, catalogued and leveraged by the organization
Answers
D.
A framework of containers for all components of application security, best practices, catalogued and leveraged by the organization.
D.
A framework of containers for all components of application security, best practices, catalogued and leveraged by the organization.
Answers
Suggested answer: D

Explanation:

Option B is incorrect, because it refers to a specific applications security elements, meaning it is about an ANF, not the ONF. C is true, but not as complete as D, making D the better choice. C suggests that the framework contains only "some" of the components, which is why B (which describes "all" components) is better

Question 473

Report
Export
Collapse

A UPS should have enough power to last how long?

A.
One day
A.
One day
Answers
B.
12 hours
B.
12 hours
Answers
C.
Long enough for graceful shutdown
C.
Long enough for graceful shutdown
Answers
D.
10 minutes
D.
10 minutes
Answers
Suggested answer: D

Explanation:

Team-building has nothing to do with SAST; all the rest of the answers are characteristics of SAST.

Question 474

Report
Export
Collapse

Which of the following best describes the purpose and scope of ISO/IEC 27034-1?

A.
Describes international privacy standards for cloud computing
A.
Describes international privacy standards for cloud computing
Answers
B.
Serves as a newer replacement for NIST 800-52 r4
B.
Serves as a newer replacement for NIST 800-52 r4
Answers
C.
Provides on overview of network and infrastructure security designed to secure cloud applications.
C.
Provides on overview of network and infrastructure security designed to secure cloud applications.
Answers
D.
Provides an overview of application security that introduces definitive concepts, principles, and processes involved in application security.
D.
Provides an overview of application security that introduces definitive concepts, principles, and processes involved in application security.
Answers
Suggested answer: D

Question 475

Report
Export
Collapse

Which of the following best describes SAML?

A.
A standard used for directory synchronization
A.
A standard used for directory synchronization
Answers
B.
A standard for developing secure application management logistics
B.
A standard for developing secure application management logistics
Answers
C.
A standard for exchanging usernames and passwords across devices.
C.
A standard for exchanging usernames and passwords across devices.
Answers
D.
A standards for exchanging authentication and authorization data between security domains.
D.
A standards for exchanging authentication and authorization data between security domains.
Answers
Suggested answer: D

Question 476

Report
Export
Collapse

Web application firewalls (WAFs) are designed primarily to protect applications from common attacks like:

A.
Ransomware
A.
Ransomware
Answers
B.
Syn floods
B.
Syn floods
Answers
C.
XSS and SQL injection
C.
XSS and SQL injection
Answers
D.
Password cracking
D.
Password cracking
Answers
Suggested answer: C

Explanation:

WAFs detect how the application interacts with the environment, so they are optimal for detecting and refuting things like SQL injection and XSS. Password cracking, syn floods, and ransomware usually aren't taking place in the same way as injection and XSS, and they are better addressed with controls at the router and through the use of HIDS, NIDS, and antimalware tools.

Question 477

Report
Export
Collapse

APIs are defined as which of the following?

A.
A set of protocols, and tools for building software applications to access a web-based software application or tool
A.
A set of protocols, and tools for building software applications to access a web-based software application or tool
Answers
B.
A set of routines, standards, protocols, and tools for building software applications to access a web-based software application or tool
B.
A set of routines, standards, protocols, and tools for building software applications to access a web-based software application or tool
Answers
C.
A set of standards for building software applications to access a web-based software application or tool
C.
A set of standards for building software applications to access a web-based software application or tool
Answers
D.
A set of routines and tools for building software applications to access web-based software applications
D.
A set of routines and tools for building software applications to access web-based software applications
Answers
Suggested answer: B

Explanation:

All the answers are true, but B is the most complete.

Question 478

Report
Export
Collapse

Which of the following best describes data masking?

A.
A method for creating similar but inauthentic datasets used for software testing and user training.
A.
A method for creating similar but inauthentic datasets used for software testing and user training.
Answers
B.
A method used to protect prying eyes from data such as social security numbers and credit card data.
B.
A method used to protect prying eyes from data such as social security numbers and credit card data.
Answers
C.
A method where the last few numbers in a dataset are not obscured. These are often used for authentication.
C.
A method where the last few numbers in a dataset are not obscured. These are often used for authentication.
Answers
D.
Data masking involves stripping out all digits in a string of numbers so as to obscure the original number.
D.
Data masking involves stripping out all digits in a string of numbers so as to obscure the original number.
Answers
Suggested answer: A

Explanation:

All of these answers are actually correct, but A is the best answer, because it is the most general, includes the others, and is therefore the optimum choice. This is a good example of the type of question-that can appear on the actual exam.

Question 479

Report
Export
Collapse

Which of the following best describes a sandbox?

A.
An isolated space where untested code and experimentation can safely occur separate from the production environment.
A.
An isolated space where untested code and experimentation can safely occur separate from the production environment.
Answers
B.
A space where you can safely execute malicious code to see what it does.
B.
A space where you can safely execute malicious code to see what it does.
Answers
C.
An isolated space where transactions are protected from malicious software
C.
An isolated space where transactions are protected from malicious software
Answers
D.
An isolated space where untested code and experimentation can safely occur within the production environment.
D.
An isolated space where untested code and experimentation can safely occur within the production environment.
Answers
Suggested answer: A

Explanation:

Options C and B are also correct, but A is more general and incorporates them both. D is incorrect, because sandboxing does not take place in the production environment.

Question 480

Report
Export
Collapse

A localized incident or disaster can be addressed in a cost-effective manner by using which of the following?

A.
UPS
A.
UPS
Answers
B.
Generators
B.
Generators
Answers
C.
Joint operating agreements
C.
Joint operating agreements
Answers
D.
Strict adherence to applicable regulations
D.
Strict adherence to applicable regulations
Answers
Suggested answer: C

Explanation:

Joint operating agreements can provide nearby relocation sites so that a disruption limited to the organization's own facility and campus can be addressed at a different facility and campus. UPS and generators are not limited to serving needs for localized causes. Regulations do not promote cost savings and are not often the immediate concern during BC/DR activities.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms