Passleader offers free demo for CCSP exam. "Certified Cloud Security Professional", also known as CCSP exam, is a ISC2 Certification. This set of posts, Passing the ISC2 CCSP exam, will help you answer those questions. The CCSP Questions & Answers covers all the knowledge points of the real exam. 100% real ISC2 CCSP exams and revised by experts!
Free CCSP Demo Online For ISC2 Certifitcation:
NEW QUESTION 1
What is a cloud storage architecture that manages the data in a hierarchy of files? Response:
- A. Object-based storage
- B. File-based storage
- C. Database
- D. CDN
Answer: B
NEW QUESTION 2
The Cloud Security Alliance’s (CSA’s) Cloud Controls Matrix (CCM) addresses all the following security architecture elements except ______.
Response:
- A. Physical security
- B. IaaS
- C. Application security
- D. Business drivers
Answer: D
NEW QUESTION 3
You are in charge of creating the BCDR plan and procedures for your organization. Your organization has its production environment hosted by a cloud provider, and you have appropriate protections in place.
Which of the following is a significant consideration for your BCDR backup? Response:
- A. Enough personnel at the BCDR recovery site to ensure proper operations
- B. Good cryptographic key management
- C. Access to the servers where the BCDR backup is stored
- D. Forensic analysis capabilities
Answer: B
NEW QUESTION 4
Who is the entity identified by personal data? Response:
- A. The data owner
- B. The data processor
- C. The data custodian
- D. The data subject
Answer: D
NEW QUESTION 5
Impact resulting from risk being realized is often measured in terms of ______.
- A. Amount of data lost
- B. Money
- C. Amount of property lost
- D. Number of people affected
Answer: B
NEW QUESTION 6
The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “unvalidated redirects and forwards.”
Which of the following is a good way to protect against this problem? Response:
- A. Don’t use redirects/forwards in your applications.
- B. Refrain from storing credentials long term.
- C. Implement security incident/event monitoring (security information and event management (SIEM)/security information management (SIM)/security event management (SEM)) solutions.
- D. Implement digital rights management (DRM) solutions.
Answer: A
NEW QUESTION 7
Which of these characteristics of a virtualized network adds risks to the cloud environment? Response:
- A. Redundancy
- B. Scalability
- C. Pay-per-use
- D. Self-service
Answer: A
NEW QUESTION 8
Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site Infrastructure Tier Standard Topology?
Response:
- A. Concurrently Maintainable Site Infrastructure
- B. Fault-Tolerant Site Infrastructure
- C. Basic Site Infrastructure
- D. Redundant Site Infrastructure Capacity Components
Answer: D
NEW QUESTION 9
Which of the following should occur at each stage of the SDLC?
- A. Added functionality
- B. Management review
- C. Verification and validation
- D. Repurposing of any newly developed components
Answer: C
NEW QUESTION 10
What can tokenization be used for? Response:
- A. Encryption
- B. Compliance with PCI DSS
- C. Enhancing the user experience
- D. Giving management oversight to e-commerce functions
Answer: B
NEW QUESTION 11
The Restatement (Second) Conflict of Law refers to which of the following? Response:
- A. The basis for deciding which laws are most appropriate in a situation where conflicting laws exist
- B. When judges restate the law in an opinion
- C. How jurisdictional disputes are settled
- D. Whether local or federal laws apply in a situation
Answer: A
NEW QUESTION 12
A honeypot can be used for all the following purposes except ______.
Response:
- A. Gathering threat intelligence
- B. Luring attackers
- C. Distracting attackers
- D. Delaying attackers
Answer: B
NEW QUESTION 13
You are a consultant performing an external security review on a large manufacturing firm. You determine that its newest assembly plant, which cost $24 million, could be completely destroyed by a fire but that a fire suppression system could effectively protect the plant.
The fire suppression system costs $15 million. An insurance policy that would cover the full replacement cost of the plant costs $1 million per month.
In order to establish the true annualized loss expectancy (ALE), you would need all of the following information except ______ .
Response:
- A. The amount of revenue generated by the plant
- B. The rate at which the plant generates revenue
- C. The length of time it would take to rebuild the plant
- D. The amount of product the plant creates
Answer: D
NEW QUESTION 14
Which of the following would probably best aid an organization in deciding whether to migrate from a legacy environment to a particular cloud provider?
Response:
- A. Rate sheets comparing a cloud provider to other cloud providers
- B. Cloud provider offers to provide engineering assistance during the migration
- C. The cost/benefit measure of closing the organization’s relocation site (hot site/warm site) and using the cloud for disaster recovery instead
- D. SLA satisfaction surveys from other (current and past) cloud customers
Answer: D
NEW QUESTION 15
At which phase of the SDLC process should security begin participating?
- A. Requirements gathering
- B. Requirements analysis
- C. Design
- D. Testing
Answer: A
NEW QUESTION 16
......
Recommend!! Get the Full CCSP dumps in VCE and PDF From Allfreedumps.com, Welcome to Download: https://www.allfreedumps.com/CCSP-dumps.html (New 512 Q&As Version)
