• Home
  • Articles
  • Get Ready to Boost your Prepare for your CCSP Exam with 830 Questions [Q194-Q212]

Get Ready to Boost your Prepare for your CCSP Exam with 830 Questions [Q194-Q212]

Share

Get Ready to Boost your Prepare for your CCSP Exam with 830 Questions

Use Free CCSP Exam Questions that Stimulates Actual EXAM

NEW QUESTION 194
Which type of cloud service category would having a vendor-neutral encryption scheme for data at rest (DAR) be the MOST important?

  • A. Public
  • B. Hybrid
  • C. Community
  • D. Private

Answer: B

 

NEW QUESTION 195
Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?

  • A. RPO
  • B. SRE
  • C. RSL
  • D. RTO

Answer: A

Explanation:
The recovery point objective (RPO) is defined as the amount of data a company would need to maintain and recover in order to function at a level acceptable to management. This may or may not be a restoration to full operating capacity, depending on what management deems as crucial and essential.

 

NEW QUESTION 196
The different cloud service models have varying levels of responsibilities for functions and operations depending with the model's level of service.
In which of the following models would the responsibility for patching lie predominantly with the cloud customer?

  • A. SaaS
  • B. DaaS
  • C. IaaS
  • D. PaaS

Answer: C

Explanation:
Explanation
With Infrastructure as a Service (IaaS), the cloud customer is responsible for deploying and maintaining its own systems and virtual machines. Therefore, the customer is solely responsible for patching and any other security updates it finds necessary. With Software as a Service (SaaS), Platform as a Service (PaaS), and Desktop as a Service (DaaS), the cloud provider maintains the infrastructure components and is responsible for maintaining and patching them.

 

NEW QUESTION 197
Which component of ITIL pertains to planning, coordinating, executing, and validating changes and rollouts to production environments?

  • A. Change management
  • B. Problem management
  • C. Availability management
  • D. Release management

Answer: D

Explanation:
Explanation
Release management involves planning, coordinating, executing, and validating changes and rollouts to the production environment. Change management is a higher-level component than release management and also involves stakeholder and management approval, rather than specifically focusing the actual release itself.
Availability management is focused on making sure system resources, processes, personnel, and toolsets are properly allocated and secured to meet SLA requirements. Problem management is focused on identifying and mitigating known problems and deficiencies before they occur.

 

NEW QUESTION 198
Which component of ITIL involves handling anything that can impact services for either internal or public users?

  • A. Change management
  • B. Deployment management
  • C. Problem management
  • D. Incident management

Answer: D

Explanation:
Explanation
Incident management is focused on limiting the impact of disruptions to an organization's services or operations, as well as returning their state to full operational status as soon as possible. Problem management is focused on identifying and mitigating known problems and deficiencies before they occur. Deployment management is a subcomponent of change management and is where the actual code or configuration change is put into place. Change management involves the processes and procedures that allow an organization to make changes to its IT systems and services in a controlled manner.

 

NEW QUESTION 199
The cloud deployment model that features organizational ownership of the hardware and infrastructure, and usage only by members of that organization, is known as:
Response:

  • A. Public
  • B. Private
  • C. Hybrid
  • D. Motive

Answer: B

 

NEW QUESTION 200
Which of the following threat types involves the sending of commands or arbitrary data through input fields in an application in an attempt to get that code executed as part of normal processing?

  • A. Cross-site forgery
  • B. Missing function-level access control
  • C. Injection
  • D. Cross-site scripting

Answer: C

Explanation:
Explanation
An injection attack is where a malicious actor will send commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries. This can trick an application into exposing data that is not intended or authorized to be exposed, or it could potentially allow an attacker to gain insight into configurations or security controls. Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. Cross-site request forgery occurs when an attack forces an authenticated user to send forged requests to an application running under their own access and credentials. Cross-site scripting occurs when an attacker is able to send untrusted data to a user's browser without going through validation processes.

 

NEW QUESTION 201
Which of the following is NOT a function performed by the handshake protocol of TLS?

  • A. Establish session ID
  • B. Key exchange
  • C. Negotiation of connection
  • D. Encryption

Answer: D

Explanation:
The handshake protocol negotiates and establishes the connection as well as handles the key exchange and establishes the session ID. It does not perform the actual encryption of data packets.

 

NEW QUESTION 202
Modern web service systems are designed for high availability and resiliency. Which concept pertains to the ability to detect problems within a system, environment, or application and programmatically invoke redundant systems or processes for mitigation?

  • A. Redundancy
  • B. Fault tolerance
  • C. Automation
  • D. Elasticity

Answer: B

Explanation:
Explanation
Fault tolerance allows a system to continue functioning, even with degraded performance, if portions of it fail or degrade, without the entire system or service being taken down. It can detect problems within a service and invoke compensating systems or functions to keep functionality going. Although redundancy is similar to fault tolerance, it is more focused on having additional copies of systems available, either active or passive, that can take up services if one system goes down. Elasticity pertains to the ability of a system to resize to meet demands, but it is not focused on system failures. Automation, and its role in maintaining large systems with minimal intervention, is not directly related to fault tolerance.

 

NEW QUESTION 203
Who would be responsible for implementing IPsec to secure communications for an application?

  • A. Developers
  • B. Systems staff
  • C. Cloud customer
  • D. Auditors

Answer: B

Explanation:
Because IPsec is implemented at the system or network level, it is the responsibility of the systems staff.
IPsec removes the responsibility from developers, whereas other technologies such as TLS would be implemented by developers.

 

NEW QUESTION 204
Which of the following systems is used to employ a variety of different techniques to discover and alert on threats and potential threats to systems and networks?

  • A. IPS
  • B. Firewall
  • C. IDS
  • D. WAF

Answer: C

Explanation:
Explanation
Explanation:
An intrusion detection system (IDS) is implemented to watch network traffic and operations, using predefined criteria or signatures, and alert administrators if anything suspect is found. An intrusion prevention system (IPS) is similar to an IDS but actually takes action against suspect traffic, whereas an IDS just alerts when it finds anything suspect. A firewall works at the network level and only takes into account IP addresses, ports, and protocols; it does not inspect the traffic for patterns or content. A web application firewall (WAF) works at the application layer and provides additional security via proxying, filtering service requests, or blocking based on additional factors such as the client and requests.

 

NEW QUESTION 205
Which of the following is the biggest concern or challenge with using encryption?

  • A. Protocol standards
  • B. Efficiency
  • C. Cipher strength
  • D. Dependence on keys

Answer: D

Explanation:
Explanation/Reference:
Explanation:
No matter what kind of application, system, or hosting model used, encryption is 100 percent dependent on encryption keys. Properly securing the keys and the exchange of them is the biggest and most important challenge of encryption systems.

 

NEW QUESTION 206
Which of the following involves assigning an opaque value to sensitive data fields to protect confidentiality?

  • A. Tokenization
  • B. Obfuscation
  • C. Masking
  • D. Anonymization

Answer: A

 

NEW QUESTION 207
Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?

  • A. Human resources
  • B. Budgetary and cost controls
  • C. Mobile security
  • D. Data center security

Answer: B

Explanation:
Explanation
Budgetary and cost controls is not one of the domains outlined in the CCM.

 

NEW QUESTION 208
Digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM) often protect unauthorized distribution of what type of intellectual property?
Response:

  • A. Personally identifiable information (PII)
  • B. Trademarks
  • C. Copyright
  • D. Patents

Answer: C

 

NEW QUESTION 209
What is the first stage of the cloud data lifecycle where security controls can be implemented?

  • A. Store
  • B. Use
  • C. Create
  • D. Share

Answer: A

Explanation:
The "store" phase of the cloud data lifecycle, which typically occurs simultaneously with the
"create" phase, or immediately thereafter, is the first phase where security controls can be implemented. In most case, the manner in which the data is stored will be based on its classification.

 

NEW QUESTION 210
Although host-based and network-based IDSs perform similar functions and have similar capabilities, which of the following is an advantage of a network-based IDS over a host-based IDS, assuming all capabilities are equal?

  • A. Network access
  • B. Segregated from host systems
  • C. Scalability
  • D. External to system patching

Answer: B

Explanation:
A network-based IDS has the advantage of being segregated from host systems, and as such, it would not be open to compromise in the same manner a host-based system would be. Although a network-based IDS would be external to system patching, this is not the best answer here because it is a minor concern compared to segregation due to possible host compromise. Scalability is also not the best answer because, although a network-based IDS does remove processing from the host system, it is not a primary security concern.
Network access is not a consideration because both a host-based IDS and a network-based IDS would have access to network resources.

 

NEW QUESTION 211
The cloud customer will have the most control of their data and systems, and the cloud provider will have the least amount of responsibility, in which cloud computing arrangement?

  • A. SaaS
  • B. Community cloud
  • C. IaaS
  • D. PaaS

Answer: C

Explanation:
Explanation
IaaS entails the cloud customer installing and maintaining the OS, programs, and data; PaaS has the customer installing programs and data; in SaaS, the customer only uploads data. In a community cloud, data and device owners are distributed.

 

NEW QUESTION 212
......

BEST Verified ISC CCSP Exam Questions (2022) : https://www.getvalidtest.com/CCSP-exam.html

Get 100% Real CCSP Free Online Practice Test: https://drive.google.com/open?id=1z_mny6YgrBmFdCGV81ZoHnh68_G7LUdd

Related Articles

more
ISC CCSP Certification Practice Exam