ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 5

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?
What is one of the reasons a baseline might be changed?

Question 41

Report
Export
Collapse

Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, and OneDrive?

A.
Hybrid
A.
Hybrid
Answers
B.
Public
B.
Public
Answers
C.
Private
C.
Private
Answers
D.
Community
D.
Community
Answers
Suggested answer: B

Explanation:

Popular services such as iCloud, Dropbox, and OneDrive are all publicly available and are open to any user for free, with possible add-on services offered for a cost.

Question 42

Report
Export
Collapse

Why does a Type 2 hypervisor typically offer less security control than a Type 1 hypervisor?

A.
A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.
A.
A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.
Answers
B.
A Type 2 hypervisor allows users to directly perform some functions with their own access.
B.
A Type 2 hypervisor allows users to directly perform some functions with their own access.
Answers
C.
A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities with that access.
C.
A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities with that access.
Answers
D.
A Type 2 hypervisor is always exposed to the public Internet for federated identity access.
D.
A Type 2 hypervisor is always exposed to the public Internet for federated identity access.
Answers
Suggested answer: A

Explanation:

A Type 2 hypervisor differs from a Type 1 hypervisor in that it runs on top of another operating system rather than directly tied into the underlying hardware of the virtual host servers. With this type of implementation, additional security and architecture concerns come into play because the interaction between the operating system and the hypervisor becomes a critical link. The hypervisor no longer has direct interaction and control over the underlying hardware, which means that some performance will be lost due to the operating system in the middle needing its own resources, patching requirements, and operational oversight.

Question 43

Report
Export
Collapse

Which is the appropriate phase of the cloud data lifecycle for determining the data's classification?

A.
Create
A.
Create
Answers
B.
Use
B.
Use
Answers
C.
Share
C.
Share
Answers
D.
Store
D.
Store
Answers
Suggested answer: A

Explanation:

Any time data is created, modified, or imported, the classification needs to be evaluated and set from the earliest phase to ensure security is always properly maintained for the duration of its lifecycle.

Question 44

Report
Export
Collapse

Which of the following is the optimal temperature for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air

Conditioning Engineers (ASHRAE)?

A.
69.8-86.0degF (21-30degC)
A.
69.8-86.0degF (21-30degC)
Answers
B.
64.4-80.6degF(18-27degC)
B.
64.4-80.6degF(18-27degC)
Answers
C.
51.8-66.2degF(11-19degC)
C.
51.8-66.2degF(11-19degC)
Answers
D.
44.6-60-8degF(7-16degC)
D.
44.6-60-8degF(7-16degC)
Answers
Suggested answer: B

Explanation:

The guidelines from ASHRAE establish 64.4-80.6degF (18-27degC) as the optimal temperature for a data center.

Question 45

Report
Export
Collapse

Which of the following is not a risk management framework?

A.
COBIT
A.
COBIT
Answers
B.
Hex GBL
B.
Hex GBL
Answers
C.
ISO 31000:2009
C.
ISO 31000:2009
Answers
D.
NIST SP 800-37
D.
NIST SP 800-37
Answers
Suggested answer: B

Explanation:

Hex GBL is a reference to a computer part in Terry Pratchett's fictional Discworld universe. The rest are not.

Question 46

Report
Export
Collapse

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?

A.
Missing function level access control
A.
Missing function level access control
Answers
B.
Cross-site scripting
B.
Cross-site scripting
Answers
C.
Cross-site request forgery
C.
Cross-site request forgery
Answers
D.
Injection
D.
Injection
Answers
Suggested answer: B

Explanation:

Cross-site scripting (XSS) is an attack where a malicious actor is able to send untrusted data to a user's browser without going through any validation or sanitization processes, or where the code is not properly escaped from processing by the browser. The code is then executed on the user's browser with the user's own access and permissions, allowing an attacker to redirect their web traffic, steal data from their session, or potentially access information on the user's own computer that their browser has the ability to access.

Question 47

Report
Export
Collapse

How is an object stored within an object storage system?

A.
Key value
A.
Key value
Answers
B.
Database
B.
Database
Answers
C.
LDAP
C.
LDAP
Answers
D.
Tree structure
D.
Tree structure
Answers
Suggested answer: A

Explanation:

Object storage uses a flat structure with key values to store and access objects.

Question 48

Report
Export
Collapse

Which of the following is NOT a regulatory system from the United States federal government?

A.
PCI DSS
A.
PCI DSS
Answers
B.
FISMA
B.
FISMA
Answers
C.
SOX
C.
SOX
Answers
D.
HIPAA
D.
HIPAA
Answers
Suggested answer: A

Explanation:

The payment card industry data security standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry regulatory standard, not a governmental one.

Question 49

Report
Export
Collapse

Which jurisdiction lacks specific and comprehensive privacy laws at a national or top level of legal authority?

A.
European Union
A.
European Union
Answers
B.
Germany
B.
Germany
Answers
C.
Russia
C.
Russia
Answers
D.
United States
D.
United States
Answers
Suggested answer: D

Explanation:

The United States lacks a single comprehensive law at the federal level addressing data security and privacy, but there are multiple federal laws that deal with different industries.

Question 50

Report
Export
Collapse

Which United States law is focused on PII as it relates to the financial industry?

A.
HIPAA
A.
HIPAA
Answers
B.
SOX
B.
SOX
Answers
C.
Safe Harbor
C.
Safe Harbor
Answers
D.
GLBA
D.
GLBA
Answers
Suggested answer: D

Explanation:

The GLBA, as it is commonly called based on the lead sponsors and authors of the act, is officially known as "The Financial Modernization Act of 1999." It is specifically focused on PII as it relates to financial institutions. There are three specific components of it, covering various areas and use, on top of a general requirement that all financial institutions must provide all users and customers with a written copy of their privacy policies and practices, including with whom and for what reasons their information may be shared with other entities.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms