ISC2 CCSP Practice 2021

NEW QUESTION 1

Which of the following is NOT a common component of a DLP implementation process? Response:

• A. Discovery
• B. Monitoring
• C. Revision
• D. Enforcement

Answer: C

NEW QUESTION 2

Vulnerability scans are dependent on ______ in order to function. Response:

• A. Privileged access
• B. Vulnerability signatures
• C. Malware libraries
• D. Forensic analysis

Answer: B

NEW QUESTION 3

Which of the following are contractual components that the CSP should review and understand fully when contracting with a cloud service provider?
(Choose two.)

• A. Concurrently maintainable site infrastructure
• B. Use of subcontractors
• C. Redundant site infrastructure capacity components
• D. Scope of processing

Answer: BD

NEW QUESTION 4

Firewalls can detect attack traffic by using all these methods except ______.
Response:

• A. Known past behavior in the environment
• B. Identity of the malicious user
• C. Point of origination
• D. Signature matching

Answer: B

NEW QUESTION 5

Which of the following is considered an administrative control?

• A. Access control process
• B. Keystroke logging
• C. Door locks
• D. Biometric authentication

Answer: A

NEW QUESTION 6

Impact resulting from risk being realized is often measured in terms of ______.

• A. Amount of data lost
• B. Money
• C. Amount of property lost
• D. Number of people affected

Answer: B

NEW QUESTION 7

The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?
Response:

• A. Most of the cloud customer’s interaction with resources will be performed through APIs.
• B. APIs are inherently insecure.
• C. Attackers have already published vulnerabilities for all known APIs.
• D. APIs are known carcinogens.

Answer: A

NEW QUESTION 8

The final phase of the cloud data lifecycle is the destroy phase, where data is ultimately deleted and done so in a secure manner to ensure it cannot be recovered or reconstructed. Which cloud service category poses the most challenges to data destruction or the cloud customer?

• A. Platform
• B. Software
• C. Infrastructure
• D. Desktop

Answer: B

NEW QUESTION 9

Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site Infrastructure Tier Standard Topology?

• A. Concurrently Maintainable Site Infrastructure
• B. Fault-Tolerant Site Infrastructure
• C. Basic Site Infrastructure
• D. Redundant Site Infrastructure Capacity Components

Answer: D

NEW QUESTION 10

What sort of legal enforcement may the Payment Card Industry (PCI) Security Standards Council not bring to bear against organizations that fail to comply with the Payment Card Industry Data Security Standard (PCI DSS)?
Response:

• A. Fines
• B. Jail time
• C. Suspension of credit card processing privileges
• D. Subject to increased audit frequency and scope

Answer: B

NEW QUESTION 11

Which type of report is considered for “general” use and does not contain any sensitive information? Response:

• A. SOC 1
• B. SAS-70
• C. SOC 3
• D. SOC 2

Answer: C

NEW QUESTION 12

Which ISO standard refers to addressing security risks in a supply chain?

• A. ISO 27001
• B. ISO/IEC 28000:2007
• C. ISO 18799
• D. ISO 31000:2009

Answer: B

NEW QUESTION 13

It’s important to maintain a current asset inventory list, including surveying your environment on a regular basis, in order to ______ .
Response:

• A. Prevent unknown, unpatched assets from being used as back doors to the environment
• B. Ensure that any lost devices are automatically entered into the acquisition system for repurchasing and replacement
• C. Maintain user morale by having their devices properly catalogued and annotated
• D. Ensure that billing for all devices is handled by the appropriate departments

Answer: A

NEW QUESTION 14

Who is ultimately responsible for a data breach that includes personally identifiable information (PII), in the event of negligence on the part of the cloud provider?

• A. The user
• B. The subject
• C. The cloud provider
• D. The cloud customer

Answer: D

NEW QUESTION 15

DLP solutions can aid all of the following security-related efforts except ______.
Response:

• A. Access control
• B. Egress monitoring
• C. e-discovery/forensics
• D. Data categorization/classification

Answer: A

NEW QUESTION 16

TLS uses ______ to authenticate a connection and create a shared secret for the duration of the session.

• A. SAML 2.0
• B. X.509 certificates
• C. 802.11X
• D. The Diffie-Hellman process

Answer: B

NEW QUESTION 17

An audit against the ______ will demonstrate that an organization has a holistic, comprehensive security program.
Response:

• A. SAS 70 standard
• B. SSAE 16 standard
• C. SOC 2, Type 2 report matrix
• D. ISO 27001 certification requirements

Answer: D

NEW QUESTION 18

There are two general types of smoke detectors. Which type uses a small portion of radioactive material? Response:

• A. Photoelectric
• B. Ionization
• C. Electron pulse
• D. Integral field

Answer: B

NEW QUESTION 19

Cloud environments are based entirely on virtual machines and virtual devices, and those images are also in need of storage within the environment. What type of storage is typically used for virtual images?
Response:

• A. Volume
• B. Structured
• C. Unstructured
• D. Object

Answer: D

NEW QUESTION 20

Although encryption can help an organization to effectively decrease the possibility of data breaches, which other type of threat can it increase the chances of?
Response:

• A. Insecure interfaces
• B. Data loss
• C. System vulnerabilities
• D. Account hijacking

Answer: B

NEW QUESTION 21

Which of the following best describes a cloud carrier?

• A. A person or entity responsible for making a cloud service available to consumers
• B. The intermediary who provides connectivity and transport of cloud services between cloud providers and cloud consumers
• C. The person or entity responsible for keeping cloud services running for customers
• D. The person or entity responsible for transporting data across the Internet

Answer: B

NEW QUESTION 22

Application virtualization can typically be used for .

• A. Denying access to untrusted users
• B. Detecting and mitigating DDoS attacks
• C. Replacing encryption as a necessary control
• D. Running an application on an endpoint without installing it

Answer: D

NEW QUESTION 23

The destruction of a cloud customer’s data can be required by all of the following except ______.
Response:

• A. Statute
• B. Regulation
• C. The cloud provider’s policy
• D. Contract

Answer: C

NEW QUESTION 24

Which of the following is not typically included as a basic phase of the software development life cycle?

• A. Define
• B. Design
• C. Describe
• D. Develop

Answer: C

NEW QUESTION 25

Which of the following is not a component of the of the STRIDE model? Response:

• A. Spoofing
• B. Repudiation
• C. Information disclosure
• D. External pen testing

Answer: D

NEW QUESTION 26

The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “using components with known vulnerabilities.”
Why would an organization ever use components with known vulnerabilities to create software? Response:

• A. The organization is insured.
• B. The particular vulnerabilities only exist in a context not being used by developers.
• C. Some vulnerabilities only exist in foreign countries.
• D. A component might have a hidden vulnerability.

Answer: B

NEW QUESTION 27

Which document will enforce uptime and availability requirements between the cloud customer and cloud provider?
Response:

• A. Contract
• B. Operational level agreement
• C. Service level agreement
• D. Regulation

Answer: C

NEW QUESTION 28

You work for a government research facility. Your organization often shares data with other government research organizations.
You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations.
Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources.
If you don’t use cross-certification, what other model can you implement for this purpose? Response:

• A. Third-party identity broker
• B. Cloud reseller
• C. Intractable nuanced variance
• D. Mandatory access control (MAC)

Answer: A

NEW QUESTION 29

Administrative penalties for violating the General Data Protection Regulation (GDPR) can range up to
______ .
Response:

• A. US$100,000
• B. 500,000 euros
• C. 20,000,000 euros
• D. 1,000,000 euros

Answer: C

NEW QUESTION 30

You work for a government research facility. Your organization often shares data with other government research organizations.
You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations.
Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources.
In order to pass the user IDs and authenticating credentials of each user among the organizations, what
protocol/language/motif will you most likely utilize? Response:

• A. Representational State Transfer (REST)
• B. Security Assertion Markup Language (SAML)
• C. Simple Object Access Protocol (SOAP)
• D. Hypertext Markup Language (HTML)

Answer: B

NEW QUESTION 31
......