Latest Dec-2021 ISC CCSP Dumps Updated 830 Questions [Q422-Q441]

Share

Latest Dec-2021 ISC CCSP Dumps Updated 830 Questions

PDF Download Free of CCSP Valid Practice Test Questions

NEW QUESTION 422
Resolving resource contentions in the cloud will most likely be the job of the ____________.

  • A. Regulator
  • B. Emulator
  • C. Hypervisor
  • D. Router

Answer: C

 

NEW QUESTION 423
Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met?

  • A. Auditability
  • B. SLAs
  • C. Governance
  • D. Regulatory requirements

Answer: B

Explanation:
Explanation
Whereas a contract spells out general terms and costs for services, the SLA is where the real meat of the business relationship and concrete requirements come into play. The SLA spells out in clear terms the minimum requirements for uptime, availability, processes, customer service and support, security controls and requirements, auditing and reporting, and potentially many other areas that define the business relationship and the success of it.

 

NEW QUESTION 424
What is the intellectual property protection for the tangible expression of a creative idea?

  • A. Copyright
  • B. Trademark
  • C. Patent
  • D. Trade secret

Answer: A

Explanation:
Explanation
Copyrights are protected tangible expressions of creative works. The other answers listed are answers to subsequent questions.

 

NEW QUESTION 425
Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?

  • A. Unvalidated redirect and forwards
  • B. Security misconfiguration
  • C. Insecure direct object references
  • D. Sensitive data exposure

Answer: C

Explanation:
Explanation
An insecure direct object reference occurs when a developer has in their code a reference to something on the application side, such as a database key, the directory structure of the application, configuration information about the hosting system, or any other information that pertains to the workings of the application that should not be exposed to users or the network. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, allowing spoofing for malware of phishing attacks. Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data.
Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner.

 

NEW QUESTION 426
Which of the following threat types can occur when baselines are not appropriately applied or when unauthorized changes are made?

  • A. Unvalidated redirects and forwards
  • B. Security misconfiguration
  • C. Insecure direct object references
  • D. Sensitive data exposure

Answer: B

Explanation:
Explanation
Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner. This can be due to a shortcoming in security baselines or configurations, unauthorized changes to system configurations, or a failure to patch and upgrade systems as the vendor releases security patches. Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, allowing spoofing for malware or phishing attacks. Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data.

 

NEW QUESTION 427
Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to easily remove their applications and data from a cloud environment?

  • A. Portability
  • B. Reversibility
  • C. Availability
  • D. Interoperability

Answer: B

Explanation:
Explanation
Reversibility is the ability for a cloud customer to easily remove their applications or data from a cloud environment, as well as to ensure that all traces of their applications or data have been securely removed per a predefined agreement with the cloud provider.

 

NEW QUESTION 428
Your company operates in a highly competitive market, with extremely high-value data assets. Senior management wants to migrate to a cloud environment but is concerned that providers will not meet the company's security needs.
Which deployment model would probably best suit the company's needs?
Response:

  • A. Private
  • B. Public
  • C. Hybrid
  • D. Community

Answer: A

 

NEW QUESTION 429
A UPS should have enough power to last how long?

  • A. Long enough for graceful shutdown
  • B. 12 hours
  • C. 10 minutes
  • D. One day

Answer: C

Explanation:
Team-building has nothing to do with SAST; all the rest of the answers are characteristics of SAST.

 

NEW QUESTION 430
Which is the appropriate phase of the cloud data lifecycle for determining the data's classification?

  • A. Store
  • B. Share
  • C. Use
  • D. Create

Answer: D

Explanation:
Explanation
Explanation:
Any time data is created, modified, or imported, the classification needs to be evaluated and set from the earliest phase to ensure security is always properly maintained for the duration of its lifecycle.

 

NEW QUESTION 431
What category of PII data can carry potential fines or even criminal charges for its improper use or disclosure?

  • A. Contractual
  • B. Legal
  • C. Protected
  • D. Regulated

Answer: D

Explanation:
Explanation
Regulated PII data carries legal and jurisdictional requirements, along with official penalties for its misuse or disclosure, which can be either civil or criminal in nature. Legal and protected are similar terms, but neither is the correct answer in this case. Contractual requirements can carry financial or contractual impacts for the improper use or disclosure of PII data, but not legal or criminal penalties that are officially enforced.

 

NEW QUESTION 432
What is the concept of segregating information or processes, within the same system or application, for security reasons?

  • A. fencing
  • B. Cellblocking
  • C. Pooling
  • D. Sandboxing

Answer: D

Explanation:
Explanation/Reference:
Explanation:
Sandboxing involves segregating and isolating information or processes from others within the same system or application, typically for security concerns. This is generally used for data isolation (for example, keeping different communities and populations of users isolated from other similar data).

 

NEW QUESTION 433
Upon completing a risk analysis, a company has four different approaches to addressing risk.
Which approach it takes will be based on costs, available options, and adherence to any regulatory requirements from independent audits.
Which of the following groupings correctly represents the four possible approaches?

  • A. Accept, deny, transfer, mitigate
  • B. Accept, deny, mitigate, revise
  • C. Accept, dismiss, transfer, mitigate
  • D. Accept, avoid, transfer, mitigate

Answer: D

Explanation:
The four possible approaches to risk are as follows: accept (do not patch and continue with the risk), avoid (implement solutions to prevent the risk from occurring), transfer (take out insurance), and mitigate (change configurations or patch to resolve the risk). Each of these answers contains at least one incorrect approach name.

 

NEW QUESTION 434
What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?

  • A. Source code access
  • B. Production system scanning
  • C. Injection attempts
  • D. Live testing

Answer: A

Explanation:
Static application security testing (SAST) is conducted against offline systems with previous knowledge of them, including their source code. Live testing is not part of static testing but rather is associated with dynamic testing. Production system scanning is not appropriate because static testing is done against offline systems. Injection attempts are done with many different types of testing and are not unique to one particular type. It is therefore not the best answer to the question.

 

NEW QUESTION 435
Which of the following roles is responsible for gathering metrics on cloud services and managing cloud deployments and the deployment processes?

  • A. Cloud service operations manager
  • B. Cloud service business manager
  • C. Cloud service deployment manager
  • D. Cloud service manager

Answer: C

Explanation:
The cloud service deployment manager is responsible for gathering metrics on cloud services, managing cloud deployments and the deployment process, and defining the environments and processes.

 

NEW QUESTION 436
What is the intellectual property protection for the logo of a new video game?
Response:

  • A. Trademark
  • B. Copyright
  • C. Patent
  • D. Trade secret

Answer: A

 

NEW QUESTION 437
The most pragmatic option for data disposal in the cloud is which of the following?

  • A. Melting
  • B. Cryptoshredding
  • C. Overwriting
  • D. Cold fusion

Answer: B

Explanation:
We don't have physical ownership, control, or even access to the devices holding the data, so physical destruction, including melting, is not an option. Overwriting is a possibility, but it is complicated by the difficulty of locating all the sectors and storage areas that might have contained our data, and by the likelihood that constant backups in the cloud increase the chance we'll miss something as it's being overwritten. Cryptoshredding is the only reasonable alternative.
Cold fusion is a red herring.

 

NEW QUESTION 438
Because of multitenancy, specific risks in the public cloud that don't exist in the other cloud service models include all the following except:

  • A. DoS/DDoS
  • B. Risk of loss/disclosure due to legal seizures
  • C. Escalation of privilege
  • D. Information bleed

Answer: A

Explanation:
DoS/DDoS threats and risks are not unique to the public cloud model.

 

NEW QUESTION 439
What is the main reason virtualization is used in the cloud?
Response:

  • A. With VMs, the cloud provider does not have to deploy an entire hardware device for every new user
  • B. VMs are easier to operate than actual devices
  • C. If a VM is infected with malware, it can be easily replaced
  • D. VMs are easier to administer

Answer: A

 

NEW QUESTION 440
Which of the following is considered an administrative control?

  • A. Door locks
  • B. Access control process
  • C. Biometric authentication
  • D. Keystroke logging

Answer: B

Explanation:
Explanation
A process is an administrative control; sometimes, the process includes elements of other types of controls (in this case, the access control mechanism might be a technical control, or it might be a physical control), but the process itself is administrative. Keystroke logging is a technical control (or an attack, if done for malicious purposes, and not for auditing); door locks are a physical control; and biometric authentication is a technological control.

 

NEW QUESTION 441
......


CCSP Exam topics

Candidates must know the exam topics before they start of preparation. Because it will really help them in hitting the core. Our ISC CCSP dumps will include the following topics:

  • Operations 15% 6. Legal & Compliance 12%
  • Cloud Application Security 15%
  • Cloud Platform & Infrastructure Security 19%
  • Cloud Data Security 20%
  • Architectural Concepts & Design Requirements 19%

 

CCSP Test Engine files, CCSP Dumps PDF : https://www.real4prep.com/CCSP-exam.html

Latest ISC CCSP PDF and Dumps (2021) Free Exam Questions Answers: https://drive.google.com/open?id=18j-Q9SNMVypGOrB1YDFWZorSBKpgdX9P