• Home
  • Articles
  • Real ISC CCSP Exam Questions Study Guide [Q260-Q283]

Real ISC CCSP Exam Questions Study Guide [Q260-Q283]

Share

Real ISC CCSP Exam Questions Study Guide

Updated and Accurate CCSP Questions for passing the exam Quickly


The CCSP certification is ideal for professionals who are involved in designing, implementing, and managing cloud-based security systems. CCSP exam is designed to test the candidate's knowledge and skills in cloud security and is based on the latest cloud security best practices. Certified Cloud Security Professional certification is also a requirement for many organizations that are looking to hire cloud security professionals.


ISC CCSP (Certified Cloud Security Professional) Certification Exam is a globally-recognized certification designed for professionals who are responsible for managing and securing cloud environments. The CCSP Certification Exam is offered by the International Information System Security Certification Consortium (ISC)², which is a non-profit organization that specializes in information security education and certifications.

 

NEW QUESTION # 260
Many different common threats exist against web-exposed services and applications. One attack involves attempting to leverage input fields to execute queries in a nested fashion that is unintended by the developers.
What type of attack is this?

  • A. Injection
  • B. Cross-site request forgery
  • C. Cross-site scripting
  • D. Missing function-level access control

Answer: A

Explanation:
An injection attack is where a malicious actor sends commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries. This can trick an application into exposing data that is not intended or authorized to be exposed, or it can potentially allow an attacker to gain insight into configurations or security controls.
Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. Cross-site request forgery occurs when an attack forces an authenticated user to send forged requests to an application running under their own access and credentials. Cross-site scripting occurs when an attacker is able to send untrusted data to a user's browser without going through validation processes.


NEW QUESTION # 261
What must be secured on physical hardware to prevent unauthorized access to systems?

  • A. ALOM
  • B. BIOS
  • C. SSH
  • D. RDP

Answer: B

Explanation:
BIOS is the firmware that governs the physical initiation and boot up of a piece of hardware. If it is compromised, an attacker could have access to hosted systems and make configurations changes to expose or disable some security elements on the system.


NEW QUESTION # 262
Which of the following is NOT one of the components of multifactor authentication?

  • A. Something the user is
  • B. Something the user knows
  • C. Something the user has
  • D. Something the user sends

Answer: D

Explanation:
Explanation
Multifactor authentication systems are composed of something the user knows, has, and/or is, not something the user sends. Multifactor authentication commonly uses something that a user knows, has, and/or is (such as biometrics or features).


NEW QUESTION # 263
Which SSAE 16 audit report is simply an attestation of audit results?
Response:

  • A. SOC 3
  • B. SOC 2, Type 1
  • C. SOC 2, Type 2
  • D. SOC 1

Answer: A


NEW QUESTION # 264
With software-defined networking (SDN), which two types of network operations are segregated to allow for granularity and delegation of administrative access and functions?

  • A. Forwarding and protocol
  • B. Firewalling and forwarding
  • C. Filtering and forwarding
  • D. Filtering and firewalling

Answer: C

Explanation:
With SDN, the filtering and forwarding capabilities and administration are separated. This allows the cloud provider to build interfaces and management tools for administrative delegation of filtering configuration, without having to allow direct access to underlying network equipment. Firewalling and protocols are both terms related to networks, but they are not components SDN is concerned with.


NEW QUESTION # 265
All of the following are techniques to enhance the portability of cloud data, in order to minimize the potential of vendor lock-in except:

  • A. Ensure favorable contract terms to support portability
  • B. Use DRM and DLP solutions widely throughout the cloud operation
  • C. Ensure there are no physical limitations to moving
  • D. Avoid proprietary data formats

Answer: B

Explanation:
Explanation/Reference:
Explanation:
DRM and DLP are used for increased authentication/access control and egress monitoring, respectively, and would actually decrease portability instead of enhancing it.


NEW QUESTION # 266
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?

  • A. Hybrid
  • B. Public
  • C. Community
  • D. Private

Answer: D

Explanation:
Explanation
A private cloud model, and the specific contractual relationships involved, will give a cloud customer the most level of input and control over how the overall cloud environment is designed and implemented. This would be even more so in cases where the private cloud is owned and operated by the same organization that is hosting services within it.


NEW QUESTION # 267
What does the REST API use to protect data transmissions?

  • A. VPN
  • B. Encapsulation
  • C. TLS
  • D. NetBIOS

Answer: C

Explanation:
Explanation
Representational State Transfer (REST) uses TLS for communication over secured channels. Although REST also supports SSL, at this point SSL has been phased out due to vulnerabilities and has been replaced by TLS.


NEW QUESTION # 268
Which cloud storage type is typically used to house virtual machine images that are used throughout the environment?

  • A. Object
  • B. Unstructured
  • C. Structured
  • D. Volume

Answer: A

Explanation:
Object storage is typically used to house virtual machine images because it is independent from other systems and is focused solely on storage. It is also the most appropriate for handling large individual files.
Volume storage, because it is allocated to a specific host, would not be appropriate for the storing of virtual images. Structured and unstructured are storage types specific to PaaS and would not be used for storing items used throughout a cloud environment.


NEW QUESTION # 269
The European Union is often considered the world leader in regard to the privacy of personal data and has declared privacy to be a "human right." In what year did the EU first assert this principle?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

Explanation:
Explanation
The EU passed Directive 95/46 EC in 1995, which established data privacy as a human right. The other years listed are incorrect.


NEW QUESTION # 270
Which of the following features is a main benefit of PaaS over IaaS?

  • A. Physical security requirements
  • B. Auto-scaling
  • C. Location independence
  • D. High-availability

Answer: B

Explanation:
With PaaS providing a fully configured and managed framework, auto-scaling can be implemented to programmatically adjust resources based on the current demands of the environment.


NEW QUESTION # 271
Many aspects of cloud computing bring enormous benefits over a traditional data center, but also introduce new challenges unique to cloud computing.
Which of the following aspects of cloud computing makes appropriate data classification of high importance?

  • A. Portability
  • B. Multitenancy
  • C. Reversibility
  • D. Interoperability

Answer: B

Explanation:
Explanation/Reference:
Explanation:
With multitenancy, where different cloud customers all share the same physical systems and networks, data classification becomes even more important to ensure that the appropriate security controls are applied immediately to prevent any potential leakage or exposure to other customers. Portability refers to the ability to move easily from one cloud provider to another. Interoperability refers to the ability to reuse components and services for different uses. Reversibility refers to the ability of the cloud customer to quickly and completely remove all data and services from a cloud provider and to verify the removal.


NEW QUESTION # 272
What concept does the "D" represent with the STRIDE threat model?

  • A. Data loss
  • B. Denial of service
  • C. Distributed
  • D. Data breach

Answer: B

Explanation:
Explanation
Any application can be a possible target of denial-of-service (DoS) attacks. From the application side, the developers should minimize how many operations are performed for non-authenticated users. This will keep the application running as quickly as possible and using the least amount of system resources to help minimize the impact of any such attacks.


NEW QUESTION # 273
Which data sanitation method is also commonly referred to as "zeroing"?

  • A. Deleting
  • B. Blanking
  • C. Overwriting
  • D. Nullification

Answer: C

Explanation:
Explanation
The zeroing of data--or the writing of null values or arbitrary data to ensure deletion has been fully completed--is officially referred to as overwriting. Nullification, deleting, and blanking are provided as distractor terms.


NEW QUESTION # 274
Which of the following practices can enhance both operational capabilities and configuration management efforts?
Response:

  • A. Multifactor authentication
  • B. Constant uptime
  • C. Regular backups
  • D. File hashes

Answer: D


NEW QUESTION # 275
Which of the following is a widely used tool for code development, branching, and collaboration?

  • A. GitHub
  • B. Conductor
  • C. Maestro
  • D. Orchestrator

Answer: A

Explanation:
GitHub is an open source tool that developers leverage for code collaboration, branching, and versioning.


NEW QUESTION # 276
Which type of testing tends to produce the best and most comprehensive results for discovering system vulnerabilities?

  • A. Dynamic
  • B. Vulnerability
  • C. Static
  • D. Pen

Answer: C


NEW QUESTION # 277
As part of the auditing process, getting a report on the deviations between intended configurations and actual policy is often crucial for an organization.
What term pertains to the process of generating such a report?

  • A. Gap analysis
  • B. Deficiencies
  • C. Errors
  • D. Findings

Answer: A

Explanation:
Explanation
The gap analysis determines if there are any differences between the actual configurations in use on systems and the policies that govern what the configurations are expected or mandated to be. The other terms provided are all similar to the correct answer ("findings" in particular is often used to articulate deviations in configurations), but gap analysis is the official term used.


NEW QUESTION # 278
Which of the following can be useful for protecting cloud customers from a denial-of-service (DoS) attack against another customer hosted in the same cloud?

  • A. Shares
  • B. Limits
  • C. Reservations
  • D. Measured service

Answer: C

Explanation:
Reservations ensure that a minimum level of resources will always be available to a cloud customer for them to start and operate their services. In the event of a DoS attack against one customer, they can guarantee that the other customers will still be able to operate.


NEW QUESTION # 279
What could be the result of failure of the cloud provider to secure the hypervisor in such a way that one user on a virtual machine can see the resource calls of another user's virtual machine?

  • A. Physical intrusion
  • B. Inference attacks
  • C. Social engineering
  • D. Unauthorized data disclosure

Answer: B


NEW QUESTION # 280
Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?

  • A. Nonrepudiation
  • B. Availability
  • C. Integrity
  • D. Confidentiality

Answer: D

Explanation:
Explanation
The main goal of confidentiality is to ensure that sensitive information is not made available or leaked to parties that should not have access to it, while at the same time ensuring that those with appropriate need and authorization to access it can do so in a manner commensurate with their needs and confidentiality requirements.


NEW QUESTION # 281
Humidity levels for a data center are a prime concern for maintaining electrical and computing resources properly as well as ensuring that conditions are optimal for top performance.
Which of the following is the optimal humidity level, as established by ASHRAE?

  • A. 40 to 60 percent relative humidity
  • B. 30 to 50 percent relative humidity
  • C. 20 to 40 percent relative humidity
  • D. 50 to 75 percent relative humidity

Answer: A

Explanation:
Explanation
The American Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE) recommends 40 to 60 percent relatively humidity for data centers. None of these options is the recommendation from ASHRAE.


NEW QUESTION # 282
The goals of DLP solution implementation include all of the following, except:

  • A. Policy enforcement
  • B. Elasticity
  • C. Data discovery
  • D. Loss of mitigation

Answer: B

Explanation:
DLP does not have anything to do with elasticity, which is the capability of the environment to scale up or down according to demand. All the rest are goals of DLP implementations.


NEW QUESTION # 283
......

Prepare Important Exam with CCSP Exam Dumps: https://ensurepass.testkingfree.com/ISC/CCSP-practice-exam-dumps.html

Related Articles

more
ISC CCSP Certification Practice Exam