ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 50

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?
What is one of the reasons a baseline might be changed?

Question 491

Report
Export
Collapse

Which of the following storage types is most closely associated with a database-type storage implementation?

A.
Object
A.
Object
Answers
B.
Unstructured
B.
Unstructured
Answers
C.
Volume
C.
Volume
Answers
D.
Structured
D.
Structured
Answers
Suggested answer: D

Explanation:

Structured storage involves organized and categorized data, which most closely resembles and operates like a database system would.

Question 492

Report
Export
Collapse

A data custodian is responsible for which of the following?

A.
Data context
A.
Data context
Answers
B.
Data content
B.
Data content
Answers
C.
The safe custody, transport, storage of the data, and implementation of business rules
C.
The safe custody, transport, storage of the data, and implementation of business rules
Answers
D.
Logging access and alerts
D.
Logging access and alerts
Answers
Suggested answer: C

Explanation:

A data custodian is responsible for the safe custody, transport, and storage of data, and the implementation of business roles.

Question 493

Report
Export
Collapse

Which of the following is the least challenging with regard to eDiscovery in the cloud?

A.
Identifying roles such as data owner, controller and processor
A.
Identifying roles such as data owner, controller and processor
Answers
B.
Decentralization of data storage
B.
Decentralization of data storage
Answers
C.
Forensic analysis
C.
Forensic analysis
Answers
D.
Complexities of International law
D.
Complexities of International law
Answers
Suggested answer: C

Explanation:

Forensic analysis is the least challenging of the answers provided as it refers to the analysis of data once it is obtained. The challenges revolve around obtaining the data for analysis due to the complexities of international law, the decentralization of data storage or difficulty knowing where to look, and identifying the data owner, controller, and processor.

Question 494

Report
Export
Collapse

What is the Cloud Security Alliance Cloud Controls Matrix (CCM)?

A.
A set of software development life cycle requirements for cloud service providers
A.
A set of software development life cycle requirements for cloud service providers
Answers
B.
An inventory of cloud services security controls that are arranged into a hierarchy of security domains
B.
An inventory of cloud services security controls that are arranged into a hierarchy of security domains
Answers
C.
An inventory of cloud service security controls that are arranged into separate security domains
C.
An inventory of cloud service security controls that are arranged into separate security domains
Answers
D.
A set of regulatory requirements for cloud service providers
D.
A set of regulatory requirements for cloud service providers
Answers
Suggested answer: C

Explanation:

The CSA CCM is an inventory of cloud service security controls that are arranged into separate security domains, not a hierarchy.

Question 495

Report
Export
Collapse

Which of the following is a valid risk management metric?

A.
KPI
A.
KPI
Answers
B.
KRI
B.
KRI
Answers
C.
SOC
C.
SOC
Answers
D.
SLA
D.
SLA
Answers
Suggested answer: B

Explanation:

KRI stands for key risk indicator. KRIs are the red flags if you will in the world of risk management. When these change, they indicate something is amiss and should be looked at quickly to determine if the change is minor or indicative of something important.

Question 496

Report
Export
Collapse

Which of the following is the best example of a key component of regulated PII?

A.
Audit rights of subcontractors
A.
Audit rights of subcontractors
Answers
B.
Items that should be implemented
B.
Items that should be implemented
Answers
C.
PCI DSS
C.
PCI DSS
Answers
D.
Mandatory breach reporting
D.
Mandatory breach reporting
Answers
Suggested answer: D

Explanation:

Mandatory breach reporting is the best example of regulated PII components. The rest are generally considered components of contractual PII.

Question 497

Report
Export
Collapse

Which of the following components are part of what a CCSP should review when looking at contracting with a cloud service provider?

A.
Redundant uplink grafts
A.
Redundant uplink grafts
Answers
B.
Background checks for the provider's personnel
B.
Background checks for the provider's personnel
Answers
C.
The physical layout of the datacenter
C.
The physical layout of the datacenter
Answers
D.
Use of subcontractors
D.
Use of subcontractors
Answers
Suggested answer: D

Explanation:

The use of subcontractors can add risk to the supply chain and should be considered; trusting the provider's management of their vendors and suppliers (including subcontractors) is important to trusting the provider. Conversely, the customer is not likely to be allowed to review the physical design of the datacenter (or, indeed, even know the exact location of the datacenter) or the personnel security specifics for the provider's staff. "Redundant uplink grafts" is a nonsense term used as a distractor.

Question 498

Report
Export
Collapse

Which of the following is not a way to manage risk?

A.
Transferring
A.
Transferring
Answers
B.
Accepting
B.
Accepting
Answers
C.
Mitigating
C.
Mitigating
Answers
D.
Enveloping
D.
Enveloping
Answers
Suggested answer: D

Explanation:

Enveloping is a nonsense term, unrelated to risk management. The rest are not.

Question 499

Report
Export
Collapse

Which of the following terms is not associated with cloud forensics?

A.
eDiscovery
A.
eDiscovery
Answers
B.
Chain of custody
B.
Chain of custody
Answers
C.
Analysis
C.
Analysis
Answers
D.
Plausibility
D.
Plausibility
Answers
Suggested answer: D

Explanation:

Plausibility, here, is a distractor and not specifically relevant to cloud forensics.

Question 500

Report
Export
Collapse

Which is the lowest level of the CSA STAR program?

A.
Attestation
A.
Attestation
Answers
B.
Self-assessment
B.
Self-assessment
Answers
C.
Hybridization
C.
Hybridization
Answers
D.
Continuous monitoring
D.
Continuous monitoring
Answers
Suggested answer: B

Explanation:

The lowest level is Level 1, which is self-assessment, Level 2 is an external third-party attestation, and Level 3 is a continuous-monitoring program. Hybridization does not exist as part of the CSA STAR program.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms