Weekend Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

CCSP PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

CCSP PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: Certified Cloud Security Professional (CCSP)
  • Last Update: Dec 8, 2024
  • Questions and Answers: 512
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

CCSP Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

CCSP Practice Exam Questions with Answers Certified Cloud Security Professional (CCSP) Certification

Question # 6

Which of the following would NOT be considered part of resource pooling with an Infrastructure as a Service implementation?

A.

Storage

B.

Application

C.

Mamory

D.

CPU

Full Access
Question # 7

Your company is in the planning stages of moving applications that have large data sets to a cloud environment.

What strategy for data removal would be the MOST appropriate for you to recommend if costs and speed are primary considerations?

A.

Shredding

B.

Media destruction

C.

Crypthographic erasure

D.

Overwriting

Full Access
Question # 8

Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?

A.

Public

B.

Community

C.

Hybrid

D.

Private

Full Access
Question # 9

Which of the following represents a prioritization of applications or cloud customers for the allocation of additional requested resources when there is a limitation on available resources?

A.

Provision

B.

Limit

C.

Reservation

D.

Share

Full Access
Question # 10

Why does a Type 2 hypervisor typically offer less security control than a Type 1 hypervisor?

A.

A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.

B.

A Type 2 hypervisor allows users to directly perform some functions with their own access.

C.

A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities with that access.

D.

A Type 2 hypervisor is always exposed to the public Internet for federated identity access.

Full Access
Question # 11

Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight.

Which of the following is not a regulatory framework for more sensitive or specialized data?

A.

FIPS 140-2

B.

FedRAMP

C.

PCI DSS

D.

HIPAA

Full Access
Question # 12

What concept does the A represent within the DREAD model?

A.

Affected users

B.

Authorization

C.

Authentication

D.

Affinity

Full Access
Question # 13

Which of the following would be considered an example of insufficient due diligence leading to security or operational problems when moving to a cloud?

A.

Monitoring

B.

Use of a remote key management system

C.

Programming languages used

D.

Reliance on physical network controls

Full Access
Question # 14

Which phase of the cloud data lifecycle would be the MOST appropriate for the use of DLP technologies to protect the data?

A.

Use

B.

Store

C.

Share

D.

Create

Full Access
Question # 15

Modern web service systems are designed for high availability and resiliency. Which concept pertains to the ability to detect problems within a system, environment, or application and programmatically invoke redundant systems or processes for mitigation?

A.

Elasticity

B.

Redundancy

C.

Fault tolerance

D.

Automation

Full Access
Question # 16

The European Union is often considered the world leader in regard to the privacy of personal data and has declared privacy to be a "human right."

In what year did the EU first assert this principle?

A.

1995

B.

2000

C.

2010

D.

1999

Full Access
Question # 17

Which data state would be most likely to use digital signatures as a security protection mechanism?

A.

Data in use

B.

Data in transit

C.

Archived

D.

Data at rest

Full Access
Question # 18

Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?

A.

Memory

B.

Number of users

C.

Storage

D.

CPU

Full Access
Question # 19

If a key feature of cloud computing that your organization desires is the ability to scale and expand without limit or concern about available resources, which cloud deployment model would you MOST likely be considering?

A.

Public

B.

Hybrid

C.

Private

D.

Community

Full Access
Question # 20

Which of the following actions will NOT make data part of the create phase of the cloud data lifecycle?

A.

Modify data

B.

Modify metadata

C.

New data

D.

Import data

Full Access
Question # 21

The president of your company has tasked you with implementing cloud services as the most efficient way of obtaining a robust disaster recovery configuration for your production services.

Which of the cloud deployment models would you MOST likely be exploring?

A.

Hybrid

B.

Private

C.

Community

D.

Public

Full Access
Question # 22

ISO/IEC has established international standards for many aspects of computing and any processes or procedures related to information technology.

Which ISO/IEC standard has been established to provide a framework for handling eDiscovery processes?

A.

ISO/IEC 27001

B.

ISO/IEC 27002

C.

ISO/IEC 27040

D.

ISO/IEC 27050

Full Access
Question # 23

Which of the following aspects of cloud computing would make it more likely that a cloud provider would be unwilling to satisfy specific certification requirements?

A.

Regulation

B.

Multitenancy

C.

Virtualization

D.

Resource pooling

Full Access
Question # 24

Which of the following is NOT one of the main intended goals of a DLP solution?

A.

Showing due diligence

B.

Preventing malicious insiders

C.

Regulatory compliance

D.

Managing and minimizing risk

Full Access
Question # 25

With IaaS, what is responsible for handling the security and control over the volume storage space?

A.

Management plane

B.

Operating system

C.

Application

D.

Hypervisor

Full Access
Question # 26

Which of the following systems is used to employ a variety of different techniques to discover and alert on threats and potential threats to systems and networks?

A.

IDS

B.

IPS

C.

Firewall

D.

WAF

Full Access
Question # 27

From the perspective of compliance, what is the most important consideration when it comes to data center location?

A.

Natural disasters

B.

Utility access

C.

Jurisdiction

D.

Personnel access

Full Access
Question # 28

If you are running an application that has strict legal requirements that the data cannot reside on systems that contain other applications or systems, which aspect of cloud computing would be prohibitive in this case?

A.

Multitenancy

B.

Broad network access

C.

Portability

D.

Elasticity

Full Access
Question # 29

When an API is being leveraged, it will encapsulate its data for transmission back to the requesting party or service.

What is the data encapsulation used with the SOAP protocol referred to as?

A.

Packet

B.

Payload

C.

Object

D.

Envelope

Full Access
Question # 30

Where is a DLP solution generally installed when utilized for monitoring data in use?

A.

Application server

B.

Database server

C.

Network perimeter

D.

User’s client

Full Access
Question # 31

Although much of the attention given to data security is focused on keeping data private and only accessible by authorized individuals, of equal importance is the trustworthiness of the data.

Which concept encapsulates this?

A.

Validity

B.

Integrity

C.

Accessibility

D.

Confidentiality

Full Access
Question # 32

An SLA contains the official requirements for contract performance and satisfaction between the cloud provider and cloud customer. Which of the following would NOT be a component with measurable metrics and requirements as part of an SLA?

A.

Network

B.

Users

C.

Memory

D.

CPU

Full Access
Question # 33

Different types of audits are intended for different audiences, such as internal, external, regulatory, and so on.

Which of the following audits are considered "restricted use" versus being for a more broad audience?

A.

SOC Type 2

B.

SOC Type 1

C.

SOC Type 3

D.

SAS-70

Full Access
Question # 34

You are working for a cloud service provider and receive an eDiscovery order pertaining to one of your customers.

Which of the following would be the most appropriate action to take first?

A.

Take a shapshot of the virtual machines

B.

Escrow the encryption keys

C.

Copy the data

D.

Notify the customer

Full Access
Question # 35

Which cloud storage type is typically used to house virtual machine images that are used throughout the environment?

A.

Structured

B.

Unstructured

C.

Volume

D.

Object

Full Access
Question # 36

Which of the following is considered an internal redundancy for a data center?

A.

Power feeds

B.

Chillers

C.

Network circuits

D.

Generators

Full Access
Question # 37

Which of the following threat types can occur when baselines are not appropriately applied or when unauthorized changes are made?

A.

Security misconfiguration

B.

Insecure direct object references

C.

Unvalidated redirects and forwards

D.

Sensitive data exposure

Full Access
Question # 38

Configurations and policies for a system can come from a variety of sources and take a variety of formats. Which concept pertains to the application of a set of configurations and policies that is applied to all systems or a class of systems?

A.

Hardening

B.

Leveling

C.

Baselines

D.

Standards

Full Access
Question # 39

Digital investigations have adopted many of the same methodologies and protocols as other types of criminal or scientific inquiries.

What term pertains to the application of scientific norms and protocols to digital investigations?

A.

Scientific

B.

Investigative

C.

Methodological

D.

Forensics

Full Access
Question # 40

One of the main components of system audits is the ability to track changes over time and to match these changes with continued compliance and internal processes.

Which aspect of cloud computing makes this particular component more challenging than in a traditional data center?

A.

Portability

B.

Virtualization

C.

Elasticity

D.

Resource pooling

Full Access
Question # 41

Your boss has tasked your team with getting your legacy systems and applications connected with new cloud-based services that management has decided are crucial to customer service and offerings.

Which role would you be assuming under this directive?

A.

Cloud service administrator

B.

Cloud service user

C.

Cloud service integrator

D.

Cloud service business manager

Full Access
Question # 42

What strategy involves replacing sensitive data with opaque values, usually with a means of mapping it back to the original value?

A.

Masking

B.

Anonymization

C.

Tokenization

D.

Obfuscation

Full Access
Question # 43

Which of the following can be useful for protecting cloud customers from a denial-of-service (DoS) attack against another customer hosted in the same cloud?

A.

Reservations

B.

Measured service

C.

Limits

D.

Shares

Full Access
Question # 44

Which of the following service categories entails the least amount of support needed on the part of the cloud customer?

A.

SaaS

B.

IaaS

C.

DaaS

D.

PaaS

Full Access
Question # 45

Which value refers to the percentage of production level restoration needed to meet BCDR objectives?

A.

RPO

B.

RTO

C.

RSL

D.

SRE

Full Access
Question # 46

Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders?

A.

Russia

B.

France

C.

Germany

D.

United States

Full Access
Question # 47

Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?

A.

Six months

B.

One month

C.

One year

D.

One week

Full Access
Question # 48

Which security concept would business continuity and disaster recovery fall under?

A.

Confidentiality

B.

Availability

C.

Fault tolerance

D.

Integrity

Full Access
Question # 49

Which of the following is NOT a key area for performance monitoring as far as an SLA is concerned?

A.

CPU

B.

Users

C.

Memory

D.

Network

Full Access
Question # 50

What type of masking would you employ to produce a separate data set for testing purposes based on production data without any sensitive information?

A.

Dynamic

B.

Tokenized

C.

Replicated

D.

Static

Full Access
Question # 51

What is the term we use to describe the general ease and efficiency of moving data from one cloud provider either to another cloud provider or down from the cloud?

A.

Obfuscation

B.

Elasticity

C.

Mobility

D.

Portability

Full Access
Question # 52

What masking strategy involves the replacing of sensitive data at the time it is accessed and used as it flows between the data and application layers of a service?

A.

Active

B.

Static

C.

Dynamic

D.

Transactional

Full Access
Question # 53

Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except:

A.

The cloud provider’s utilities

B.

The cloud provider’s suppliers

C.

The cloud provider’s resellers

D.

The cloud provider’s vendors

Full Access
Question # 54

Many aspects of cloud computing bring enormous benefits over a traditional data center, but also introduce new challenges unique to cloud computing.

Which of the following aspects of cloud computing makes appropriate data classification of high importance?

A.

Multitenancy

B.

Interoperability

C.

Portability

D.

Reversibility

Full Access
Question # 55

Which of the following best describes a sandbox?

A.

An isolated space where untested code and experimentation can safely occur separate from the production environment.

B.

A space where you can safely execute malicious code to see what it does.

C.

An isolated space where transactions are protected from malicious software

D.

An isolated space where untested code and experimentation can safely occur within the production environment.

Full Access
Question # 56

Which component of ITIL pertains to planning, coordinating, executing, and validating changes and rollouts to production environments?

A.

Release management

B.

Availability management

C.

Problem management

D.

Change management

Full Access
Question # 57

Which kind of SSAE audit reviews controls dealing with the organization’s controls for assuring the confidentiality, integrity, and availability of data?

A.

SOC 1

B.

SOC 2

C.

SOC 3

D.

SOC 4

Full Access
Question # 58

Which of the following is considered an administrative control?

A.

Keystroke logging

B.

Access control process

C.

Door locks

D.

Biometric authentication

Full Access
Question # 59

Which protocol, as a part of TLS, handles negotiating and establishing a connection between two parties?

A.

Record

B.

Binding

C.

Negotiation

D.

Handshake

Full Access
Question # 60

What concept does the D represent within the STRIDE threat model?

A.

Denial of service

B.

Distributed

C.

Data breach

D.

Data loss

Full Access
Question # 61

Database activity monitoring (DAM) can be:

A.

Host-based or network-based

B.

Server-based or client-based

C.

Used in the place of encryption

D.

Used in place of data masking

Full Access
Question # 62

A UPS should have enough power to last how long?

A.

One day

B.

12 hours

C.

Long enough for graceful shutdown

D.

10 minutes

Full Access
Question # 63

With a federated identity system, where would a user perform their authentication when requesting services or application access?

A.

Cloud provider

B.

The application

C.

Their home organization

D.

Third-party authentication system

Full Access
Question # 64

Which of the following tasks within a SaaS environment would NOT be something the cloud customer would be responsible for?

A.

Authentication mechanism

B.

Branding

C.

Training

D.

User access

Full Access
Question # 65

Where is an XML firewall most commonly and effectively deployed in the environment?

A.

Between the application and data layers

B.

Between the presentation and application layers

C.

Between the IPS and firewall

D.

Between the firewall and application server

Full Access
Question # 66

What type of storage structure does object storage employ to maintain files?

A.

Directory

B.

Hierarchical

C.

tree

D.

Flat

Full Access
Question # 67

A DLP solution/implementation has three main components.

Which of the following is NOT one of the three main components?

A.

Monitoring

B.

Enforcement

C.

Auditing

D.

Discovery and classification

Full Access
Question # 68

Which of the following threat types involves the sending of invalid and manipulated requests through a user's client to execute commands on the application under their own credentials?

A.

Injection

B.

Cross-site request forgery

C.

Missing function-level access control

D.

Cross-site scripting

Full Access
Question # 69

Data centers have enormous power resources that are distributed and consumed throughout the entire facility.

Which of the following standards pertains to the proper fire safety standards within that scope?

A.

IDCA

B.

BICSI

C.

NFPA

D.

Uptime Institute

Full Access
Question # 70

Within a federated identity system, which entity accepts tokens from the identity provider?

A.

Assertion manager

B.

Servicing party

C.

Proxy party

D.

Relying party

Full Access
Question # 71

When dealing with PII, which category pertains to those requirements that can carry legal sanctions or penalties for failure to adequately safeguard the data and address compliance requirements?

A.

Contractual

B.

Jurisdictional

C.

Regulated

D.

Legal

Full Access
Question # 72

The share phase of the cloud data lifecycle involves allowing data to leave the application, to be shared with external systems, services, or even other vendors/contractors.

What technology would be useful for protecting data at this point?

A.

IDS

B.

DLP

C.

IPS

D.

WAF

Full Access
Question # 73

Although the REST API supports a wide variety of data formats for communications and exchange, which data formats are the most commonly used?

A.

SAML and HTML

B.

XML and SAML

C.

XML and JSON

D.

JSON and SAML

Full Access
Question # 74

Which of the cloud cross-cutting aspects relates to the ability to reuse or move components of an application or service?

A.

Availability

B.

Interoperability

C.

Reversibility

D.

Portability

Full Access
Question # 75

Which of the following is the sole responsibility of the cloud provider, regardless of which cloud model is used?

A.

Platform

B.

Data

C.

Physical environment

D.

Infrastructure

Full Access
Question # 76

Which aspect of cloud computing makes data classification even more vital than in a traditional data center?

A.

Interoperability

B.

Virtualization

C.

Multitenancy

D.

Portability

Full Access
Question # 77

Who would be responsible for implementing IPsec to secure communications for an application?

A.

Developers

B.

Systems staff

C.

Auditors

D.

Cloud customer

Full Access
Question # 78

Which attribute of data poses the biggest challenge for data discovery?

A.

Labels

B.

Quality

C.

Volume

D.

Format

Full Access
Question # 79

Other than cost savings realized due to measured service, what is another facet of cloud computing that will typically save substantial costs in time and money for an organization in the event of a disaster?

A.

Broad network access

B.

Interoperability

C.

Resource pooling

D.

Portability

Full Access
Question # 80

What does the "SOC" acronym refer to with audit reports?

A.

Service Origin Confidentiality

B.

System Organization Confidentiality

C.

Service Organizational Control

D.

System Organization Control

Full Access
Question # 81

Which process serves to prove the identity and credentials of a user requesting access to an application or data?

A.

Repudiation

B.

Authentication

C.

Identification

D.

Authorization

Full Access
Question # 82

Which type of audit report is considered a "restricted use" report for its intended audience?

A.

SAS-70

B.

SSAE-16

C.

SOC Type 1

D.

SOC Type 2

Full Access
Question # 83

What changes are necessary to application code in order to implement DNSSEC?

A.

Adding encryption modules

B.

Implementing certificate validations

C.

Additional DNS lookups

D.

No changes are needed.

Full Access
Question # 84

Which of the following is NOT one of five principles of SOC Type 2 audits?

A.

Privacy

B.

Processing integrity

C.

Financial

D.

Security

Full Access
Question # 85

Which of the following would NOT be a reason to activate a BCDR strategy?

A.

Staffing loss

B.

Terrorism attack

C.

Utility disruptions

D.

Natural disaster

Full Access
Question # 86

What provides the information to an application to make decisions about the authorization level appropriate when granting access?

A.

User

B.

Relying party

C.

Federation

D.

Identity Provider

Full Access
Question # 87

Which security concept is focused on the trustworthiness of data?

A.

Integrity

B.

Availability

C.

Nonrepudiation

D.

Confidentiality

Full Access
Question # 88

What is the concept of segregating information or processes, within the same system or application, for security reasons?

A.

fencing

B.

Sandboxing

C.

Cellblocking

D.

Pooling

Full Access
Question # 89

Which of the following is NOT a factor that is part of a firewall configuration?

A.

Encryption

B.

Port

C.

Protocol

D.

Source IP

Full Access
Question # 90

Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?

A.

Platform

B.

Infrastructure

C.

Governance

D.

Application

Full Access
Question # 91

Which aspect of security is DNSSEC designed to ensure?

A.

Integrity

B.

Authentication

C.

Availability

D.

Confidentiality

Full Access
Question # 92

Which of the following does NOT fall under the "IT" aspect of quality of service (QoS)?

A.

Applications

B.

Key performance indicators (KPIs)

C.

Services

D.

Security

Full Access
Question # 93

Which component of ITIL involves planning for the restoration of services after an unexpected outage or incident?

A.

Continuity management

B.

Problem management

C.

Configuration management

D.

Availability management

Full Access
Question # 94

With an application hosted in a cloud environment, who could be the recipient of an eDiscovery order?

A.

Users

B.

Both the cloud provider and cloud customer

C.

The cloud customer

D.

The cloud provider

Full Access
Question # 95

For optimal security, trust zones are used for network segmentation and isolation. They allow for the separation of various systems and tiers, each with its own security level.

Which of the following is typically used to allow administrative personnel access to trust zones?

A.

IPSec

B.

SSH

C.

VPN

D.

TLS

Full Access
Question # 96

Which component of ITIL involves the creation of an RFC ticket and obtaining official approvals for it?

A.

Problem management

B.

Release management

C.

Deployment management

D.

Change management

Full Access
Question # 97

Which of the following could be used as a second component of multifactor authentication if a user has an RSA token?

A.

Access card

B.

USB thumb drive

C.

Retina scan

D.

RFID

Full Access
Question # 98

Which ITIL component focuses on ensuring that system resources, processes, and personnel are properly allocated to meet SLA requirements?

A.

Continuity management

B.

Availability management

C.

Configuration management

D.

Problem management

Full Access
Question # 99

A data custodian is responsible for which of the following?

A.

Data context

B.

Data content

C.

The safe custody, transport, storage of the data, and implementation of business rules

D.

Logging access and alerts

Full Access
Question # 100

What is the Cloud Security Alliance Cloud Controls Matrix (CCM)?

A.

A set of software development life cycle requirements for cloud service providers

B.

An inventory of cloud services security controls that are arranged into a hierarchy of security domains

C.

An inventory of cloud service security controls that are arranged into separate security domains

D.

A set of regulatory requirements for cloud service providers

Full Access
Question # 101

In the cloud motif, the data owner is usually:

A.

The cloud provider

B.

In another jurisdiction

C.

The cloud customer

D.

The cloud access security broker

Full Access
Question # 102

Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cloud customers.

Which of the following is NOT a unit covered by limits?

A.

Hypervisor

B.

Cloud customer

C.

Virtual machine

D.

Service

Full Access
Question # 103

Which of the following are attributes of cloud computing?

A.

Minimal management effort and shared resources

B.

High cost and unique resources

C.

Rapid provisioning and slow release of resources

D.

Limited access and service provider interaction

Full Access
Question # 104

Which of the following are distinguishing characteristics of a managed service provider?

A.

Be able to remotely monitor and manage objects for the customer and proactively maintain these objects under management.

B.

Have some form of a help desk but no NOC.

C.

Be able to remotely monitor and manage objects for the customer and reactively maintain these objects under management.

D.

Have some form of a NOC but no help desk.

Full Access
Question # 105

When crafting plans and policies for data archiving, we should consider all of the following, except:

A.

The backup process

B.

Immediacy of the technology

C.

Archive location

D.

The format of the data

Full Access
Question # 106

Cryptographic keys for encrypted data stored in the cloud should be ________________ .

A.

Not stored with the cloud provider.

B.

Generated with redundancy

C.

At least 128 bits long

D.

Split into groups

Full Access
Question # 107

Which protocol operates at the network layer and provides for full point-to-point encryption of all communications and transmissions?

A.

IPSec

B.

VPN

C.

SSL

D.

TLS

Full Access
Question # 108

Cryptographic keys should be secured ________________ .

A.

To a level at least as high as the data they can decrypt

B.

In vaults

C.

With two-person integrity

D.

By armed guards

Full Access
Question # 109

All of the following are terms used to described the practice of obscuring original raw data so that only a portion is displayed for operational purposes, except:

A.

Tokenization

B.

Masking

C.

Data discovery

D.

Obfuscation

Full Access
Question # 110

APIs are defined as which of the following?

A.

A set of protocols, and tools for building software applications to access a web-based software application or tool

B.

A set of routines, standards, protocols, and tools for building software applications to access a web-based software application or tool

C.

A set of standards for building software applications to access a web-based software application or tool

D.

A set of routines and tools for building software applications to access web-based software applications

Full Access
Question # 111

Tokenization requires two distinct _________________ .

A.

Personnel

B.

Authentication factors

C.

Encryption keys

D.

Databases

Full Access
Question # 112

Which regulatory system pertains to the protection of healthcare data?

A.

HIPAA

B.

HAS

C.

HITECH

D.

HFCA

Full Access
Question # 113

How many additional DNS queries are needed when DNSSEC integrity checks are added?

A.

Three

B.

Zero

C.

One

D.

Two

Full Access
Question # 114

Which type of testing uses the same strategies and toolsets that hackers would use?

A.

Penetration

B.

Dynamic

C.

Static

D.

Malicious

Full Access
Question # 115

Which of the following is NOT something that an HIDS will monitor?

A.

Configurations

B.

User logins

C.

Critical system files

D.

Network traffic

Full Access
Question # 116

Which aspect of cloud computing makes it very difficult to perform repeat audits over time to track changes and compliance?

A.

Virtualization

B.

Multitenancy

C.

Resource pooling

D.

Dynamic optimization

Full Access
Question # 117

Which audit type has been largely replaced by newer approaches since 2011?

A.

SOC Type 1

B.

SSAE-16

C.

SAS-70

D.

SOC Type 2

Full Access
Question # 118

Which value refers to the amount of time it takes to recover operations in a BCDR situation to meet management's objectives?

A.

RSL

B.

RPO

C.

SRE

D.

RTO

Full Access
Question # 119

Which of the cloud cross-cutting aspects relates to the ability to easily move services and applications between different cloud providers?

A.

Reversibility

B.

Availability

C.

Portability

D.

Interoperability

Full Access
Question # 120

Which of the following would be a reason to undertake a BCDR test?

A.

Functional change of the application

B.

Change in staff

C.

User interface overhaul of the application

D.

Change in regulations

Full Access
Question # 121

Which OSI layer does IPsec operate at?

A.

Network

B.

transport

C.

Application

D.

Presentation

Full Access
Question # 122

Which term relates to the application of scientific methods and practices to evidence?

A.

Forensics

B.

Methodical

C.

Theoretical

D.

Measured

Full Access
Question # 123

Which of the following cloud aspects complicates eDiscovery?

A.

Resource pooling

B.

On-demand self-service

C.

Multitenancy

D.

Measured service

Full Access
Question # 124

What must be secured on physical hardware to prevent unauthorized access to systems?

A.

BIOS

B.

SSH

C.

RDP

D.

ALOM

Full Access
Question # 125

What does the management plane typically utilize to perform administrative functions on the hypervisors that it has access to?

A.

Scripts

B.

RDP

C.

APIs

D.

XML

Full Access
Question # 126

Which technology can be useful during the "share" phase of the cloud data lifecycle to continue to protect data as it leaves the original system and security controls?

A.

IPS

B.

WAF

C.

DLP

D.

IDS

Full Access
Question # 127

Which of the following roles involves the provisioning and delivery of cloud services?

A.

Cloud service deployment manager

B.

Cloud service business manager

C.

Cloud service manager

D.

Cloud service operations manager

Full Access
Question # 128

From a legal perspective, what is the most important first step after an eDiscovery order has been received by the cloud provider?

A.

Notification

B.

Key identification

C.

Data collection

D.

Virtual image snapshots

Full Access
Question # 129

Which of the following roles is responsible for preparing systems for the cloud, administering and monitoring services, and managing inventory and assets?

A.

Cloud service business manager

B.

Cloud service deployment manager

C.

Cloud service operations manager

D.

Cloud service manager

Full Access
Question # 130

Which of the following are the storage types associated with PaaS?

A.

Structured and freeform

B.

Volume and object

C.

Structured and unstructured

D.

Database and file system

Full Access
Question # 131

What does SDN stand for within a cloud environment?

A.

Software-dynamic networking

B.

Software-defined networking

C.

Software-dependent networking

D.

System-dynamic nodes

Full Access
Question # 132

What is used for local, physical access to hardware within a data center?

A.

SSH

B.

KVM

C.

VPN

D.

RDP

Full Access
Question # 133

Which of the following is considered an external redundancy for a data center?

A.

Power feeds to rack

B.

Generators

C.

Power distribution units

D.

Storage systems

Full Access
Question # 134

Which of the following represents a minimum guaranteed resource within a cloud environment for the cloud customer?

A.

Reservation

B.

Share

C.

Limit

D.

Provision

Full Access
Question # 135

What controls the formatting and security settings of a volume storage system within a cloud environment?

A.

Management plane

B.

SAN host controller

C.

Hypervisor

D.

Operating system of the host

Full Access
Question # 136

Which of the following threat types can occur when an application does not properly validate input and can be leveraged to send users to malicious sites that appear to be legitimate?

A.

Unvalidated redirects and forwards

B.

Insecure direct object references

C.

Security miscomfiguration

D.

Sensitive data exposure

Full Access
Question # 137

Which of the following does NOT relate to the hiding of sensitive data from data sets?

A.

Obfuscation

B.

Federation

C.

Masking

D.

Anonymization

Full Access
Question # 138

Which concept BEST describes the capability for a cloud environment to automatically scale a system or application, based on its current resource demands?

A.

On-demand self-service

B.

Resource pooling

C.

Measured service

D.

Rapid elasticity

Full Access
Question # 139

What is the biggest concern with hosting a key management system outside of the cloud environment?

A.

Confidentiality

B.

Portability

C.

Availability

D.

Integrity

Full Access
Question # 140

What type of PII is controlled based on laws and carries legal penalties for noncompliance with requirements?

A.

Contractual

B.

Regulated

C.

Specific

D.

Jurisdictional

Full Access
Question # 141

Which of the following roles is responsible for obtaining new customers and securing contracts and agreements?

A.

Inter-cloud provider

B.

Cloud service broker

C.

Cloud auditor

D.

Cloud service developer

Full Access
Question # 142

Which publication from the United States National Institute of Standards and Technology pertains to defining cloud concepts and definitions for the various core components of cloud computing?

A.

SP 800-153

B.

SP 800-145

C.

SP 800-53

D.

SP 800-40

Full Access
Question # 143

Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment, and only for the duration that they are consuming them?

A.

Consumable service

B.

Measured service

C.

Billable service

D.

Metered service

Full Access
Question # 144

Which of the following roles involves the connection and integration of existing systems and services to a cloud environment?

A.

Cloud service business manager

B.

Cloud service user

C.

Cloud service administrator

D.

Cloud service integrator

Full Access
Question # 145

What type of masking strategy involves making a separate and distinct copy of data with masking in place?

A.

Dynamic

B.

Replication

C.

Static

D.

Duplication

Full Access
Question # 146

Which of the following is the optimal humidity level for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air Conditioning Engineers (ASHRAE)?

A.

30-50 percent relative humidity

B.

50-75 percent relative humidity

C.

20-40 percent relative humidity

D.

40-60 percent relative humidity

Full Access
Question # 147

What type of PII is regulated based on the type of application or per the conditions of the specific hosting agreement?

A.

Specific

B.

Contractual

C.

regulated

D.

Jurisdictional

Full Access
Question # 148

Which of the following pertains to a macro level approach to data center design rather than the traditional tiered approach to data centers?

A.

IDCA

B.

NFPA

C.

BICSI

D.

Uptime Institute

Full Access
Question # 149

Which United States law is focused on data related to health records and privacy?

A.

Safe Harbor

B.

SOX

C.

GLBA

D.

HIPAA

Full Access
Question # 150

Which type of audit report does many cloud providers use to instill confidence in their policies, practices, and procedures to current and potential customers?

A.

SAS-70

B.

SOC 2

C.

SOC 1

D.

SOX

Full Access
Question # 151

What expectation of data custodians is made much more challenging by a cloud implementation, especially with PaaS or SaaS?

A.

Data classification

B.

Knowledge of systems

C.

Access to data

D.

Encryption requirements

Full Access
Question # 152

Which of the following is not a risk management framework?

A.

COBIT

B.

Hex GBL

C.

ISO 31000:2009

D.

NIST SP 800-37

Full Access
Question # 153

Which of the following approaches would NOT be considered sufficient to meet the requirements of secure data destruction within a cloud environment?

A.

Cryptographic erasure

B.

Zeroing

C.

Overwriting

D.

Deletion

Full Access