ExamGecko
Search Search Login
Home Home / ISC / CCSP

ISC CCSP Practice Test - Questions Answers, Page 9

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Over time, what is a primary concern for data archiving?
Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?
Which United States law is focused on accounting and financial practices of organizations?
Which type of testing uses the same strategies and toolsets that hackers would use?
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
What concept does the "D" represent with the STRIDE threat model?
What is the data encapsulation used with the SOAP protocol referred to?
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?
Which protocol does the REST API depend on?

Question 81

Report
Export
Collapse

Which aspect of archiving must be tested regularly for the duration of retention requirements?

A.
Availability
A.
Availability
Answers
B.
Recoverability
B.
Recoverability
Answers
C.
Auditability
C.
Auditability
Answers
D.
Portability
D.
Portability
Answers
Suggested answer: B

Explanation:

In order for any archiving system to be deemed useful and compliant, regular tests must be performed to ensure the data can still be recovered and accessible, should it ever be needed, for the duration of the retention requirements.

Question 82

Report
Export
Collapse

Which of the following represents a minimum guaranteed resource within a cloud environment for the cloud customer?

A.
Reservation
A.
Reservation
Answers
B.
Share
B.
Share
Answers
C.
Limit
C.
Limit
Answers
D.
Provision
D.
Provision
Answers
Suggested answer: A

Explanation:

A reservation is a minimum resource that is guaranteed to a customer within a cloud environment. Within a cloud, a reservation can pertain to the two main aspects of computing: memory and processor. With a reservation in place, the cloud provider guarantees that a cloud customer will always have at minimum the necessary resources available to power on and operate any of their services.

Question 83

Report
Export
Collapse

When is a virtual machine susceptible to attacks while a physical server in the same state would not be?

A.
When it is behind a WAF
A.
When it is behind a WAF
Answers
B.
When it is behind an IPS
B.
When it is behind an IPS
Answers
C.
When it is not patched
C.
When it is not patched
Answers
D.
When it is powered off
D.
When it is powered off
Answers
Suggested answer: D

Explanation:

A virtual machine is ultimately an image file residing a file system. Because of this, even when a virtual machine is "powered off," it is still susceptible to attacks and modification. A physical server that is powered off would not be susceptible to attacks.

Question 84

Report
Export
Collapse

Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?

A.
Sensitive data exposure
A.
Sensitive data exposure
Answers
B.
Security misconfiguration
B.
Security misconfiguration
Answers
C.
Insecure direct object references
C.
Insecure direct object references
Answers
D.
Unvalidated redirect and forwards
D.
Unvalidated redirect and forwards
Answers
Suggested answer: C

Explanation:

An insecure direct object reference occurs when a developer has in their code a reference to something on the application side, such as a database key, the directory structure of the application, configuration information about the hosting system, or any other information that pertains to the workings of the application that should not be exposed to users or the network. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, allowing spoofing for malware of phishing attacks. Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data. Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner.

Question 85

Report
Export
Collapse

Which of the following is the biggest concern or challenge with using encryption?

A.
Dependence on keys
A.
Dependence on keys
Answers
B.
Cipher strength
B.
Cipher strength
Answers
C.
Efficiency
C.
Efficiency
Answers
D.
Protocol standards
D.
Protocol standards
Answers
Suggested answer: A

Explanation:

No matter what kind of application, system, or hosting model used, encryption is 100 percent dependent on encryption keys. Properly securing the keys and the exchange of them is the biggest and most important challenge of encryption systems.

Question 86

Report
Export
Collapse

Which of the following would NOT be considered part of resource pooling with an Infrastructure as a Service implementation?

A.
Storage
A.
Storage
Answers
B.
Application
B.
Application
Answers
C.
Mamory
C.
Mamory
Answers
D.
CPU
D.
CPU
Answers
Suggested answer: B

Explanation:

Infrastructure as a Service pools the compute resources for platforms and applications to build upon, including CPU, memory, and storage. Applications are not part of an IaaS offering from the cloud provider.

Question 87

Report
Export
Collapse

Which technology is NOT commonly used for security with data in transit?

A.
DNSSEC
A.
DNSSEC
Answers
B.
IPsec
B.
IPsec
Answers
C.
VPN
C.
VPN
Answers
D.
HTTPS
D.
HTTPS
Answers
Suggested answer: A

Explanation:

DNSSEC relates to the integrity of DNS resolutions and the prevention of spoofing or redirection, and does not pertain to the actual security of transmissions or the protection of data.

Question 88

Report
Export
Collapse

Which of the following roles is responsible for gathering metrics on cloud services and managing cloud deployments and the deployment processes?

A.
Cloud service business manager
A.
Cloud service business manager
Answers
B.
Cloud service operations manager
B.
Cloud service operations manager
Answers
C.
Cloud service manager
C.
Cloud service manager
Answers
D.
Cloud service deployment manager
D.
Cloud service deployment manager
Answers
Suggested answer: D

Explanation:

The cloud service deployment manager is responsible for gathering metrics on cloud services, managing cloud deployments and the deployment process, and defining the environments and processes.

Question 89

Report
Export
Collapse

Which of the following is considered an external redundancy for a data center?

A.
Power feeds to rack
A.
Power feeds to rack
Answers
B.
Generators
B.
Generators
Answers
C.
Power distribution units
C.
Power distribution units
Answers
D.
Storage systems
D.
Storage systems
Answers
Suggested answer: B

Explanation:

Generators are considered an external redundancy to a data center. Power distribution units (PDUs), storage systems, and power feeds to racks are all internal to a data center, and as such they are considered internal redundancies.

Question 90

Report
Export
Collapse

Which of the following is the optimal humidity level for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air

Conditioning Engineers (ASHRAE)?

A.
30-50 percent relative humidity
A.
30-50 percent relative humidity
Answers
B.
50-75 percent relative humidity
B.
50-75 percent relative humidity
Answers
C.
20-40 percent relative humidity
C.
20-40 percent relative humidity
Answers
D.
40-60 percent relative humidity
D.
40-60 percent relative humidity
Answers
Suggested answer: D

Explanation:

The guidelines from ASHRAE establish 40-60 percent relative humidity as optimal for a data center.

Total 512 questions
Go to page: of 52
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms