CCSP Topic 1
Question #: 1
Topic #: 1
Which of the following roles is responsible for creating cloud components and the testing and validation of services?
A. Cloud auditor
B. Inter-cloud provider
C. Cloud service broker
D. Cloud service developer
Selected Answer: D
Question #: 2
Topic #: 1
What is the best source for information about securing a physical asset’s BIOS?
A. Security policies
B. Manual pages
C. Vendor documentation
D. Regulations
Selected Answer: C
Question #: 3
Topic #: 1
Which of the following is not a component of contractual PII?
A. Scope of processing
B. Value of data
C. Location of data
D. Use of subcontractors
Selected Answer: B
Question #: 4
Topic #: 1
Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment, and only for the duration that they are consuming them?
A. Consumable service
B. Measured service
C. Billable service
D. Metered service
Selected Answer: B
Question #: 5
Topic #: 1
Which of the following roles involves testing, monitoring, and securing cloud services for an organization?
A. Cloud service integrator
B. Cloud service business manager
C. Cloud service user
D. Cloud service administrator
Selected Answer: D
Question #: 6
Topic #: 1
What is the only data format permitted with the SOAP API?
A. HTML
B. SAML
C. XSML
D. XML
Selected Answer: D
Question #: 7
Topic #: 1
Which data formats are most commonly used with the REST API?
A. JSON and SAML
B. XML and SAML
C. XML and JSON
D. SAML and HTML
Selected Answer: C
Question #: 8
Topic #: 1
Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?
A. Injection
B. Missing function-level access control
C. Cross-site request forgery
D. Cross-site scripting
Selected Answer: B
Question #: 9
Topic #: 1
Which of the following roles involves overseeing billing, purchasing, and requesting audit reports for an organization within a cloud environment?
A. Cloud service user
B. Cloud service business manager
C. Cloud service administrator
D. Cloud service integrator
Selected Answer: A
Question #: 10
Topic #: 1
What is the biggest concern with hosting a key management system outside of the cloud environment?
A. Confidentiality
B. Portability
C. Availability
D. Integrity
Selected Answer: A
Question #: 11
Topic #: 1
Which of the following approaches would NOT be considered sufficient to meet the requirements of secure data destruction within a cloud environment?
A. Cryptographic erasure
B. Zeroing
C. Overwriting
D. Deletion
Selected Answer: C
Question #: 12
Topic #: 1
Which of the following cloud aspects complicates eDiscovery?
A. Resource pooling
B. On-demand self-service
C. Multitenancy
D. Measured service
Selected Answer: C
Question #: 13
Topic #: 1
What does the management plane typically utilize to perform administrative functions on the hypervisors that it has access to?
A. Scripts
B. RDP
C. APIs
D. XML
Selected Answer: C
Question #: 14
Topic #: 1
What is a serious complication an organization faces from the perspective of compliance with international operations?
A. Different certifications
B. Multiple jurisdictions
C. Different capabilities
D. Different operational procedures
Selected Answer: B
Question #: 15
Topic #: 1
Which networking concept in a cloud environment allows for network segregation and isolation of IP spaces?
A. PLAN
B. WAN
C. LAN
D. VLAN
Selected Answer: D
Question #: 16
Topic #: 1
Which of the following standards primarily pertains to cabling designs and setups in a data center?
A. IDCA
B. BICSI
C. NFPA
D. Uptime Institute
Selected Answer: C
Question #: 17
Topic #: 1
Which of the following publishes the most commonly used standard for data center design in regard to tiers and topologies?
A. IDCA
B. Uptime Institute
C. NFPA
D. BICSI
Selected Answer: B
Question #: 18
Topic #: 1
What type of segregation and separation of resources is needed within a cloud environment for multitenancy purposes versus a traditional data center model?
A. Virtual
B. Security
C. Physical
D. Logical
Selected Answer: D
Question #: 19
Topic #: 1
Which United States law is focused on data related to health records and privacy?
A. Safe Harbor
B. SOX
C. GLBA
D. HIPAA
Selected Answer: D
Question #: 20
Topic #: 1
What is used for local, physical access to hardware within a data center?
A. SSH
B. KVM
C. VPN
D. RDP
Selected Answer: D
Question #: 21
Topic #: 1
Within an Infrastructure as a Service model, which of the following would NOT be a measured service?
A. CPU
B. Storage
C. Number of users
D. Memory
Selected Answer: C
Question #: 22
Topic #: 1
Which of the following is NOT a criterion for data within the scope of eDiscovery?
A. Possession
B. Custody
C. Control
D. Archive
Selected Answer: D
Question #: 23
Topic #: 1
Which United States law is focused on accounting and financial practices of organizations?
A. Safe Harbor
B. GLBA
C. SOX
D. HIPAA
Selected Answer: C
Question #: 24
Topic #: 1
What type of masking strategy involves making a separate and distinct copy of data with masking in place?
A. Dynamic
B. Replication
C. Static
D. Duplication
Selected Answer: C
Question #: 25
Topic #: 1
Which of the following storage types is most closely associated with a database-type storage implementation?
A. Object
B. Unstructured
C. Volume
D. Structured
Selected Answer: D
Question #: 26
Topic #: 1
Which of the following roles is responsible for overseeing customer relationships and the processing of financial transactions?
A. Cloud service manager
B. Cloud service deployment
C. Cloud service business manager
D. Cloud service operations manager
Selected Answer: C
Question #: 27
Topic #: 1
Which protocol does the REST API depend on?
A. HTTP
B. XML
C. SAML
D. SSH
Selected Answer: A
Question #: 28
Topic #: 1
Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the
European Union?
A. GLBA
B. HIPAA
C. Safe Harbor
D. SOX
Selected Answer: C
Question #: 29
Topic #: 1
What is the biggest benefit to leasing space in a data center versus building or maintain your own?
A. Certification
B. Costs
C. Regulation
D. Control
Selected Answer: B
Question #: 30
Topic #: 1
Which of the following security measures done at the network layer in a traditional data center are also applicable to a cloud environment?
A. Dedicated switches
B. Trust zones
C. Redundant network circuits
D. Direct connections
Selected Answer: B
Question #: 31
Topic #: 1
Which aspect of cloud computing will be most negatively impacted by vendor lock-in?
A. Elasticity
B. Reversibility
C. Interoperability
D. Portability
Selected Answer: D
Question #: 32
Topic #: 1
Which of the following APIs are most commonly used within a cloud environment?
A. REST and SAML
B. SOAP and REST
C. REST and XML
D. XML and SAML
Selected Answer: B
Question #: 33
Topic #: 1
Which of the following attempts to establish an international standard for eDiscovery processes and best practices?
A. ISO/IEC 31000
B. ISO/IEC 27050
C. ISO/IEC 19888
D. ISO/IEC 27001
Selected Answer: D
Question #: 34
Topic #: 1
Which of the following roles is responsible for obtaining new customers and securing contracts and agreements?
A. Inter-cloud provider
B. Cloud service broker
C. Cloud auditor
D. Cloud service developer
Selected Answer: A
Question #: 35
Topic #: 1
Which term relates to the application of scientific methods and practices to evidence?
A. Forensics
B. Methodical
C. Theoretical
D. Measured
Selected Answer: C
Question #: 36
Topic #: 1
Which of the following roles involves the provisioning and delivery of cloud services?
A. Cloud service deployment manager
B. Cloud service business manager
C. Cloud service manager
D. Cloud service operations manager
Selected Answer: C
Question #: 37
Topic #: 1
What is the primary reason that makes resolving jurisdictional conflicts complicated?
A. Different technology standards
B. Costs
C. Language barriers
D. Lack of international authority
Selected Answer: B
Question #: 38
Topic #: 1
GAAPs are created and maintained by which organization?
A. ISO/IEC
B. AICPA
C. PCI Council
D. ISO
Selected Answer: B
Question #: 39
Topic #: 1
Which of the following roles is responsible for preparing systems for the cloud, administering and monitoring services, and managing inventory and assets?
A. Cloud service business manager
B. Cloud service deployment manager
C. Cloud service operations manager
D. Cloud service manager
Selected Answer: A
Question #: 40
Topic #: 1
Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP network traffic instead?
A. SATA
B. iSCSI
C. TLS
D. SCSI
Selected Answer: C
Question #: 41
Topic #: 1
Which of the cloud deployment models is used by popular services such as iCloud, Dropbox, and OneDrive?
A. Hybrid
B. Public
C. Private
D. Community
Selected Answer: C
Question #: 42
Topic #: 1
Why does a Type 2 hypervisor typically offer less security control than a Type 1 hypervisor?
A. A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.
B. A Type 2 hypervisor allows users to directly perform some functions with their own access.
C. A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities with that access.
D. A Type 2 hypervisor is always exposed to the public Internet for federated identity access.
Selected Answer: B
Question #: 43
Topic #: 1
Which is the appropriate phase of the cloud data lifecycle for determining the data’s classification?
A. Create
B. Use
C. Share
D. Store
Selected Answer: C
Question #: 44
Topic #: 1
Which of the following is the optimal temperature for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air
Conditioning Engineers (ASHRAE)?
A. 69.8-86.0degF (21-30degC)
B. 64.4-80.6degF(18-27degC)
C. 51.8-66.2degF(11-19degC)
D. 44.6-60-8degF(7-16degC)
Selected Answer: A
Question #: 45
Topic #: 1
Which of the following is not a risk management framework?
A. COBIT
B. Hex GBL
C. ISO 31000:2009
D. NIST SP 800-37
Selected Answer: B
Question #: 46
Topic #: 1
Which of the following threat types involves the sending of untrusted data to a user’s browser to be executed with their own credentials and access?
A. Missing function level access control
B. Cross-site scripting
C. Cross-site request forgery
D. Injection
Selected Answer: B
Question #: 47
Topic #: 1
How is an object stored within an object storage system?
A. Key value
B. Database
C. LDAP
D. Tree structure
Selected Answer: A
Question #: 48
Topic #: 1
Which of the following is NOT a regulatory system from the United States federal government?
A. PCI DSS
B. FISMA
C. SOX
D. HIPAA
Selected Answer: D
Question #: 49
Topic #: 1
Which jurisdiction lacks specific and comprehensive privacy laws at a national or top level of legal authority?
A. European Union
B. Germany
C. Russia
D. United States
Selected Answer: D
Question #: 50
Topic #: 1
Which United States law is focused on PII as it relates to the financial industry?
A. HIPAA
B. SOX
C. Safe Harbor
D. GLBA
Selected Answer: C
Question #: 51
Topic #: 1
Which of the following threat types can occur when encryption is not properly applied or insecure transport mechanisms are used?
A. Security misconfiguration
B. Insecure direct object references
C. Sensitive data exposure
D. Unvalidated redirects and forwards
Selected Answer: A
Question #: 52
Topic #: 1
What is the best approach for dealing with services or utilities that are installed on a system but not needed to perform their desired function?
A. Remove
B. Monitor
C. Disable
D. Stop
Selected Answer: C
Question #: 53
Topic #: 1
Which of the following actions will NOT make data part of the “create” phase of the cloud data lifecycle?
A. Modifying metadata
B. Importing data
C. Modifying data
D. Constructing new data
Selected Answer: C
Question #: 54
Topic #: 1
What are the two protocols that TLS uses?
A. Handshake and record
B. Transport and initiate
C. Handshake and transport
D. Record and transmit
Selected Answer: A
Question #: 55
Topic #: 1
Which type of cloud model typically presents the most challenges to a cloud customer during the “destroy” phase of the cloud data lifecycle?
A. IaaS
B. DaaS
C. SaaS
D. PaaS
Selected Answer: B
Question #: 56
Topic #: 1
Which of the following may unilaterally deem a cloud hosting model inappropriate for a system or application?
A. Multitenancy
B. Certification
C. Regulation
D. Virtualization
Selected Answer: B
Question #: 57
Topic #: 1
Which of the following is considered an internal redundancy for a data center?
A. Power distribution units
B. Network circuits
C. Power substations
D. Generators
Selected Answer: A
Question #: 58
Topic #: 1
Which of the following represents a control on the maximum amount of resources that a single customer, virtual machine, or application can consume within a cloud environment?
A. Share
B. Reservation
C. Provision
D. Limit
Selected Answer: C
Question #: 59
Topic #: 1
Which of the following roles is responsible for peering with other cloud services and providers?
A. Cloud auditor
B. Inter-cloud provider
C. Cloud service broker
D. Cloud service developer
Selected Answer: B
Question #: 60
Topic #: 1
Which of the following does NOT relate to the hiding of sensitive data from data sets?
A. Obfuscation
B. Federation
C. Masking
D. Anonymization
Selected Answer: D
Question #: 61
Topic #: 1
Which of the following are the storage types associated with IaaS?
A. Volume and object
B. Volume and label
C. Volume and container
D. Object and target
Selected Answer: A
Question #: 62
Topic #: 1
Which technology can be useful during the “share” phase of the cloud data lifecycle to continue to protect data as it leaves the original system and security controls?
A. IPS
B. WAF
C. DLP
D. IDS
Selected Answer: D
Question #: 63
Topic #: 1
Which of the following storage types is most closely associated with a traditional file system and tree structure?
A. Volume
B. Unstructured
C. Object
D. Structured
Selected Answer: A
Question #: 64
Topic #: 1
Which of the following represents a prioritization of applications or cloud customers for the allocation of additional requested resources when there is a limitation on available resources?
A. Provision
B. Limit
C. Reservation
D. Share
Selected Answer: C
Question #: 65
Topic #: 1
Which type of audit report does many cloud providers use to instill confidence in their policies, practices, and procedures to current and potential customers?
A. SAS-70
B. SOC 2
C. SOC 1
D. SOX
Selected Answer: B
Question #: 66
Topic #: 1
Which of the following statements accurately describes VLANs?
A. They are not restricted to the same data center or the same racks.
B. They are not restricted to the name rack but restricted to the same data center.
C. They are restricted to the same racks and data centers.
D. They are not restricted to the same rack but restricted to same switches.
Selected Answer: A
Question #: 67
Topic #: 1
What must be secured on physical hardware to prevent unauthorized access to systems?
A. BIOS
B. SSH
C. RDP
D. ALOM
Selected Answer: A
Question #: 68
Topic #: 1
What type of PII is regulated based on the type of application or per the conditions of the specific hosting agreement?
A. Specific
B. Contractual
C. regulated
D. Jurisdictional
Selected Answer: A
Question #: 69
Topic #: 1
Which of the following security technologies is commonly used to give administrators access into trust zones within an environment?
A. VPN
B. WAF
C. IPSec
D. HTTPS
Selected Answer: A
Question #: 70
Topic #: 1
Which concept BEST describes the capability for a cloud environment to automatically scale a system or application, based on its current resource demands?
A. On-demand self-service
B. Resource pooling
C. Measured service
D. Rapid elasticity
Selected Answer: C
Question #: 71
Topic #: 1
If you’re using iSCSI in a cloud environment, what must come from an external protocol or application?
A. Kerberos support
B. CHAP support
C. Authentication
D. Encryption
Selected Answer: B
Question #: 72
Topic #: 1
Which of the following pertains to a macro level approach to data center design rather than the traditional tiered approach to data centers?
A. IDCA
B. NFPA
C. BICSI
D. Uptime Institute
Selected Answer: B
Question #: 73
Topic #: 1
What does the REST API support that SOAP does NOT support?
A. Caching
B. Encryption
C. Acceleration
D. Redundancy
Selected Answer: A
Question #: 74
Topic #: 1
Why does a Type 1 hypervisor typically offer tighter security controls than a Type 2 hypervisor?
A. A Type 1 hypervisor also controls patching of its hosted virtual machines ensure they are always secure.
B. A Type 1 hypervisor is tied directly to the bare metal and only runs with code necessary to perform its specific mission.
C. A Type 1 hypervisor performs hardware-level encryption for tighter security and efficiency.
D. A Type 1 hypervisor only hosts virtual machines with the same operating systems as the hypervisor.
Selected Answer: A
Question #: 75
Topic #: 1
Which of the following are the storage types associated with PaaS?
A. Structured and freeform
B. Volume and object
C. Structured and unstructured
D. Database and file system
Selected Answer: D
Question #: 76
Topic #: 1
Which of the following threat types can occur when baselines are not appropriately applied or unauthorized changes are made?
A. Insecure direct object references
B. Unvalidated redirects and forwards
C. Security misconfiguration
D. Sensitive data exposure
Selected Answer: C
Question #: 77
Topic #: 1
What is the data encapsulation used with the SOAP protocol referred to?
A. Packet
B. Envelope
C. Payload
D. Object
Selected Answer: B
Question #: 78
Topic #: 1
Which of the following threat types can occur when an application does not properly validate input and can be leveraged to send users to malicious sites that appear to be legitimate?
A. Unvalidated redirects and forwards
B. Insecure direct object references
C. Security miscomfiguration
D. Sensitive data exposure
Selected Answer: A
Question #: 79
Topic #: 1
Which publication from the United States National Institute of Standards and Technology pertains to defining cloud concepts and definitions for the various core components of cloud computing?
A. SP 800-153
B. SP 800-145
C. SP 800-53
D. SP 800-40
Selected Answer: B
Question #: 80
Topic #: 1
What is the biggest negative to leasing space in a data center versus building or maintain your own?
A. Costs
B. Control
C. Certification
D. Regulation
Selected Answer: B
Question #: 81
Topic #: 1
Which aspect of archiving must be tested regularly for the duration of retention requirements?
A. Availability
B. Recoverability
C. Auditability
D. Portability
Selected Answer: B
Question #: 82
Topic #: 1
Which of the following represents a minimum guaranteed resource within a cloud environment for the cloud customer?
A. Reservation
B. Share
C. Limit
D. Provision
Selected Answer: A
Question #: 83
Topic #: 1
When is a virtual machine susceptible to attacks while a physical server in the same state would not be?
A. When it is behind a WAF
B. When it is behind an IPS
C. When it is not patched
D. When it is powered off
Selected Answer: D
Question #: 84
Topic #: 1
Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?
A. Sensitive data exposure
B. Security misconfiguration
C. Insecure direct object references
D. Unvalidated redirect and forwards
Selected Answer: C
Question #: 85
Topic #: 1
Which of the following is the biggest concern or challenge with using encryption?
A. Dependence on keys
B. Cipher strength
C. Efficiency
D. Protocol standards
Selected Answer: A
Question #: 86
Topic #: 1
Which of the following would NOT be considered part of resource pooling with an Infrastructure as a Service implementation?
A. Storage
B. Application
C. Mamory
D. CPU
Selected Answer: B
Question #: 87
Topic #: 1
Which technology is NOT commonly used for security with data in transit?
A. DNSSEC
B. IPsec
C. VPN
D. HTTPS
Selected Answer: A
Question #: 88
Topic #: 1
Which of the following roles is responsible for gathering metrics on cloud services and managing cloud deployments and the deployment processes?
A. Cloud service business manager
B. Cloud service operations manager
C. Cloud service manager
D. Cloud service deployment manager
Selected Answer: D
Question #: 89
Topic #: 1
Which of the following is considered an external redundancy for a data center?
A. Power feeds to rack
B. Generators
C. Power distribution units
D. Storage systems
Selected Answer: A
Question #: 90
Topic #: 1
Which of the following is the optimal humidity level for a data center, per the guidelines established by the America Society of Heating, Refrigeration, and Air
Conditioning Engineers (ASHRAE)?
A. 30-50 percent relative humidity
B. 50-75 percent relative humidity
C. 20-40 percent relative humidity
D. 40-60 percent relative humidity
Selected Answer: B
Question #: 91
Topic #: 1
What is the first stage of the cloud data lifecycle where security controls can be implemented?
A. Use
B. Store
C. Share
D. Create
Selected Answer: D
Question #: 92
Topic #: 1
What controls the formatting and security settings of a volume storage system within a cloud environment?
A. Management plane
B. SAN host controller
C. Hypervisor
D. Operating system of the host
Selected Answer: A
Question #: 93
Topic #: 1
What does SDN stand for within a cloud environment?
A. Software-dynamic networking
B. Software-defined networking
C. Software-dependent networking
D. System-dynamic nodes
Selected Answer: B
Question #: 94
Topic #: 1
From a legal perspective, what is the most important first step after an eDiscovery order has been received by the cloud provider?
A. Notification
B. Key identification
C. Data collection
D. Virtual image snapshots
Selected Answer: A
Question #: 95
Topic #: 1
Which of the following would make it more likely that a cloud provider would be unwilling to satisfy specific certification requirements?
A. Resource pooling
B. Virtualization
C. Multitenancy
D. Regulation
Selected Answer: D
Question #: 96
Topic #: 1
Which of the following pertains to fire safety standards within a data center, specifically with their enormous electrical consumption?
A. NFPA
B. BICSI
C. IDCA
D. Uptime Institute
Selected Answer: A
Question #: 97
Topic #: 1
Which of the following roles involves the connection and integration of existing systems and services to a cloud environment?
A. Cloud service business manager
B. Cloud service user
C. Cloud service administrator
D. Cloud service integrator
Selected Answer: D
Question #: 98
Topic #: 1
Which technique involves replacing values within a specific data field to protect sensitive data?
A. Anonymization
B. Masking
C. Tokenization
D. Obfuscation
Selected Answer: B
Question #: 99
Topic #: 1
What expectation of data custodians is made much more challenging by a cloud implementation, especially with PaaS or SaaS?
A. Data classification
B. Knowledge of systems
C. Access to data
D. Encryption requirements
Selected Answer: B
Question #: 100
Topic #: 1
What type of PII is controlled based on laws and carries legal penalties for noncompliance with requirements?
A. Contractual
B. Regulated
C. Specific
D. Jurisdictional
Selected Answer: B
