ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 51

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?
What is one of the reasons a baseline might be changed?

Question 501

Report
Export
Collapse

Which of the following is the primary purpose of an SOC 3 report?

A.
HIPAA compliance
A.
HIPAA compliance
Answers
B.
Absolute assurances
B.
Absolute assurances
Answers
C.
Seal of approval
C.
Seal of approval
Answers
D.
Compliance with PCI/DSS
D.
Compliance with PCI/DSS
Answers
Suggested answer: C

Explanation:

The SOC 3 report is more of an attestation than a full evaluation of controls associated with a service provider.

Question 502

Report
Export
Collapse

Which of the following is not an example of a highly regulated environment?

A.
Financial services
A.
Financial services
Answers
B.
Healthcare
B.
Healthcare
Answers
C.
Public companies
C.
Public companies
Answers
D.
Wholesale or distribution
D.
Wholesale or distribution
Answers
Suggested answer: D

Explanation:

Wholesalers or distributors are generally not regulated, although the products they sell may be.

Question 503

Report
Export
Collapse

Which of the following methods of addressing risk is most associated with insurance?

A.
Mitigation
A.
Mitigation
Answers
B.
Transference
B.
Transference
Answers
C.
Avoidance
C.
Avoidance
Answers
D.
Acceptance
D.
Acceptance
Answers
Suggested answer: B

Explanation:

Avoidance halts the business process, mitigation entails using controls to reduce risk, acceptance involves taking on the risk, and transference usually involves insurance.

Question 504

Report
Export
Collapse

Legal controls refer to which of the following?

A.
ISO 27001
A.
ISO 27001
Answers
B.
PCI DSS
B.
PCI DSS
Answers
C.
NIST 800-53r4
C.
NIST 800-53r4
Answers
D.
Controls designed to comply with laws and regulations related to the cloud environment
D.
Controls designed to comply with laws and regulations related to the cloud environment
Answers
Suggested answer: D

Explanation:

Legal controls are those controls that are designed to comply with laws and regulations whether they be local or international.

Question 505

Report
Export
Collapse

Which of the following best describes a cloud carrier?

A.
The intermediary who provides connectivity and transport of cloud providers and cloud consumers
A.
The intermediary who provides connectivity and transport of cloud providers and cloud consumers
Answers
B.
A person or entity responsible for making a cloud service available to consumers
B.
A person or entity responsible for making a cloud service available to consumers
Answers
C.
The person or entity responsible for transporting data across the Internet
C.
The person or entity responsible for transporting data across the Internet
Answers
D.
The person or entity responsible for keeping cloud services running for customers
D.
The person or entity responsible for keeping cloud services running for customers
Answers
Suggested answer: A

Explanation:

A cloud carrier is the intermediary who provides connectivity and transport of cloud services between cloud providers and cloud customers.

Question 506

Report
Export
Collapse

Gap analysis is performed for what reason?

A.
To begin the benchmarking process
A.
To begin the benchmarking process
Answers
B.
To assure proper accounting practices are being used
B.
To assure proper accounting practices are being used
Answers
C.
To provide assurances to cloud customers
C.
To provide assurances to cloud customers
Answers
D.
To ensure all controls are in place and working properly
D.
To ensure all controls are in place and working properly
Answers
Suggested answer: A

Explanation:

The primary purpose of the gap analysis is to begin the benchmarking process against risk and security standards and frameworks.

Question 507

Report
Export
Collapse

Which of the following frameworks focuses specifically on design implementation and management?

A.
ISO 31000:2009
A.
ISO 31000:2009
Answers
B.
ISO 27017
B.
ISO 27017
Answers
C.
NIST 800-92
C.
NIST 800-92
Answers
D.
HIPAA
D.
HIPAA
Answers
Suggested answer: A

Explanation:

ISO 31000:2009 specifically focuses on design implementation and management. HIPAA refers to health care regulations, NIST 800-92 is about log management, and ISO 27017 is about cloud specific security controls.

Question 508

Report
Export
Collapse

Which of the following report is most aligned with financial control audits?

A.
SSAE 16
A.
SSAE 16
Answers
B.
SOC 2
B.
SOC 2
Answers
C.
SOC 1
C.
SOC 1
Answers
D.
SOC 3
D.
SOC 3
Answers
Suggested answer: C

Explanation:

The SOC 1 report focuses primarily on controls associated with financial services. While IT controls are certainly part of most accounting systems today, the focus is on the controls around those financial systems.

Question 509

Report
Export
Collapse

Which of the following is not a risk management framework?

A.
COBIT
A.
COBIT
Answers
B.
Hex GBL
B.
Hex GBL
Answers
C.
ISO 31000:2009
C.
ISO 31000:2009
Answers
D.
NIST SP 800-37
D.
NIST SP 800-37
Answers
Suggested answer: B

Explanation:

Hex GBL is a reference to a computer part in Terry Pratchett's fictional Discworld universe. The rest are not.

Question 510

Report
Export
Collapse

Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cloud customers.

Which of the following is NOT a unit covered by limits?

A.
Hypervisor
A.
Hypervisor
Answers
B.
Cloud customer
B.
Cloud customer
Answers
C.
Virtual machine
C.
Virtual machine
Answers
D.
Service
D.
Service
Answers
Suggested answer: A

Explanation:

The hypervisor level, as a backend cloud infrastructure component, is not a unit where limits may be applied to control resource utilization. Limits can be placed at the service, virtual machine, and cloud customer levels within a cloud environment.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms