CCSP Topic 2
Question #: 101
Topic #: 1
Which if the following is NOT one of the three components of a federated identity system transaction?
A. Relying party
B. Identity provider
C. User
D. Proxy relay
Selected Answer: D
Question #: 102
Topic #: 1
Which value refers to the amount of time it takes to recover operations in a BCDR situation to meet management’s objectives?
A. RSL
B. RPO
C. SRE
D. RTO
Selected Answer: D
Question #: 103
Topic #: 1
Which of the cloud deployment models requires the cloud customer to be part of a specific group or organization in order to host cloud services within it?
A. Community
B. Hybrid
C. Private
D. Public
Selected Answer: A
Question #: 104
Topic #: 1
What provides the information to an application to make decisions about the authorization level appropriate when granting access?
A. User
B. Relying party
C. Federation
D. Identity Provider
Selected Answer: D
Question #: 105
Topic #: 1
What is a standard configuration and policy set that is applied to systems and virtual machines called?
A. Standardization
B. Baseline
C. Hardening
D. Redline
Selected Answer: B
Question #: 106
Topic #: 1
Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders?
A. Russia
B. France
C. Germany
D. United States
Selected Answer: A
Question #: 107
Topic #: 1
Which of the cloud cross-cutting aspects relates to the ability to easily move services and applications between different cloud providers?
A. Reversibility
B. Availability
C. Portability
D. Interoperability
Selected Answer: C
Question #: 108
Topic #: 1
Which type of audit report is considered a “restricted use” report for its intended audience?
A. SAS-70
B. SSAE-16
C. SOC Type 1
D. SOC Type 2
Selected Answer: C
Question #: 109
Topic #: 1
What is the concept of segregating information or processes, within the same system or application, for security reasons?
A. fencing
B. Sandboxing
C. Cellblocking
D. Pooling
Selected Answer: B
Question #: 110
Topic #: 1
The European Union passed the first major regulation declaring data privacy to be a human right. In what year did it go into effect?
A. 2010
B. 2000
C. 1995
D. 1990
Selected Answer: C
Question #: 111
Topic #: 1
Which of the following is NOT a key area for performance monitoring as far as an SLA is concerned?
A. CPU
B. Users
C. Memory
D. Network
Selected Answer: B
Question #: 112
Topic #: 1
Which of the following is the MOST important requirement and guidance for testing during an audit?
A. Stakeholders
B. Shareholders
C. Management
D. Regulations
Selected Answer: D
Question #: 113
Topic #: 1
Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?
A. SRE
B. RTO
C. RPO
D. RSL
Selected Answer: C
Question #: 114
Topic #: 1
What must SOAP rely on for security?
A. Encryption
B. Tokenization
C. TLS
D. SSL
Selected Answer: C
Question #: 115
Topic #: 1
Which of the following is a commonly used tool for maintaining system configurations?
A. Maestro
B. Orchestrator
C. Puppet
D. Conductor
Selected Answer: C
Question #: 116
Topic #: 1
What type of data does data rights management (DRM) protect?
A. Consumer
B. PII
C. Financial
D. Healthcare
Selected Answer: A
Question #: 117
Topic #: 1
Which type of testing uses the same strategies and toolsets that hackers would use?
A. Penetration
B. Dynamic
C. Static
D. Malicious
Selected Answer: A
Question #: 118
Topic #: 1
From a security perspective, which of the following is a major concern when evaluating possible BCDR solutions?
A. Access provisioning
B. Auditing
C. Jurisdictions
D. Authorization
Selected Answer: C
Question #: 119
Topic #: 1
Which of the following is NOT a focus or consideration of an internal audit?
A. Certification
B. Design
C. Costs
D. Operational efficiency
Selected Answer: A
Question #: 120
Topic #: 1
Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?
A. Infrastructure
B. Platform
C. Application
D. Data
Selected Answer: D
Question #: 121
Topic #: 1
What process is used within a clustered system to provide high availability and load balancing?
A. Dynamic balancing
B. Dynamic clustering
C. Dynamic optimization
D. Dynamic resource scheduling
Selected Answer: D
Question #: 122
Topic #: 1
Which of the following is NOT a function performed by the handshake protocol of TLS?
A. Key exchange
B. Encryption
C. Negotiation of connection
D. Establish session ID
Selected Answer: B
Question #: 123
Topic #: 1
Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?
A. Six months
B. One month
C. One year
D. One week
Selected Answer: A
Question #: 124
Topic #: 1
What changes are necessary to application code in order to implement DNSSEC?
A. Adding encryption modules
B. Implementing certificate validations
C. Additional DNS lookups
D. No changes are needed.
Selected Answer: D
Question #: 125
Topic #: 1
Which type of controls are the SOC Type 1 reports specifically focused on?
A. Integrity
B. PII
C. Financial
D. Privacy
Selected Answer: C
Question #: 126
Topic #: 1
Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?
A. Integrity
B. Availability
C. Confidentiality
D. Nonrepudiation
Selected Answer: C
Question #: 127
Topic #: 1
Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?
A. Data center security
B. Human resources
C. Mobile security
D. Budgetary and cost controls
Selected Answer: D
Question #: 128
Topic #: 1
Which security concept, if implemented correctly, will protect the data on a system, even if a malicious actor gains access to the actual system?
A. Sandboxing
B. Encryption
C. Firewalls
D. Access control
Selected Answer: B
Question #: 129
Topic #: 1
Which of the following is the sole responsibility of the cloud provider, regardless of which cloud model is used?
A. Platform
B. Data
C. Physical environment
D. Infrastructure
Selected Answer: C
Question #: 130
Topic #: 1
Which of the following is NOT a factor that is part of a firewall configuration?
A. Encryption
B. Port
C. Protocol
D. Source IP
Selected Answer: A
Question #: 131
Topic #: 1
Which of the cloud deployment models involves spanning multiple cloud environments or a mix of cloud hosting models?
A. Community
B. Public
C. Hybrid
D. Private
Selected Answer: C
Question #: 132
Topic #: 1
Which of the following is NOT one of five principles of SOC Type 2 audits?
A. Privacy
B. Processing integrity
C. Financial
D. Security
Selected Answer: B
Question #: 133
Topic #: 1
Which aspect of cloud computing makes data classification even more vital than in a traditional data center?
A. Interoperability
B. Virtualization
C. Multitenancy
D. Portability
Selected Answer: C
Question #: 134
Topic #: 1
What concept does the “T” represent in the STRIDE threat model?
A. TLS
B. Testing
C. Tampering with data
D. Transport
Selected Answer: C
Question #: 135
Topic #: 1
Which of the following would be a reason to undertake a BCDR test?
A. Functional change of the application
B. Change in staff
C. User interface overhaul of the application
D. Change in regulations
Selected Answer: A
Question #: 136
Topic #: 1
What is the biggest challenge to data discovery in a cloud environment?
A. Format
B. Ownership
C. Location
D. Multitenancy
Selected Answer: C
Question #: 137
Topic #: 1
Which crucial aspect of cloud computing can be most threatened by insecure APIs?
A. Automation
B. Redundancy
C. Resource pooling
D. Elasticity
Selected Answer: C
Question #: 138
Topic #: 1
Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?
A. Functionality
B. Programming languages
C. Software platform
D. Security requirements
Selected Answer: B
Question #: 139
Topic #: 1
Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and roles, as well as to ensuring they are successful and properly performed?
A. Service-level agreements
B. Governance
C. Regulatory requirements
D. Auditability
Selected Answer: B
Question #: 140
Topic #: 1
Which regulatory system pertains to the protection of healthcare data?
A. HIPAA
B. HAS
C. HITECH
D. HFCA
Selected Answer: A
Question #: 141
Topic #: 1
Which aspect of cloud computing makes it very difficult to perform repeat audits over time to track changes and compliance?
A. Virtualization
B. Multitenancy
C. Resource pooling
D. Dynamic optimization
Selected Answer: B
Question #: 142
Topic #: 1
Which security concept would business continuity and disaster recovery fall under?
A. Confidentiality
B. Availability
C. Fault tolerance
D. Integrity
Selected Answer: B
Question #: 143
Topic #: 1
Which of the following is NOT an application or utility to apply and enforce baselines on a system?
A. Chef
B. GitHub
C. Puppet
D. Active Directory
Selected Answer: B
Question #: 144
Topic #: 1
Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to easily remove their applications and data from a cloud environment?
A. Reversibility
B. Availability
C. Portability
D. Interoperability
Selected Answer: D
Question #: 145
Topic #: 1
Which of the following is NOT a function performed by the record protocol of TLS?
A. Encryption
B. Acceleration
C. Authentication
D. Compression
Selected Answer: C
Question #: 146
Topic #: 1
What concept does the “R” represent with the DREAD model?
A. Reproducibility
B. Repudiation
C. Risk
D. Residual
Selected Answer: D
Question #: 147
Topic #: 1
The SOC Type 2 reports are divided into five principles.
Which of the five principles must also be included when auditing any of the other four principles?
A. Confidentiality
B. Privacy
C. Security
D. Availability
Selected Answer: C
Question #: 148
Topic #: 1
How many additional DNS queries are needed when DNSSEC integrity checks are added?
A. Three
B. Zero
C. One
D. Two
Selected Answer: B
Question #: 149
Topic #: 1
Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?
A. Platform
B. Infrastructure
C. Governance
D. Application
Selected Answer: C
Question #: 150
Topic #: 1
Which of the following service categories entails the least amount of support needed on the part of the cloud customer?
A. SaaS
B. IaaS
C. DaaS
D. PaaS
Selected Answer: A
Question #: 151
Topic #: 1
Which of the following would NOT be a reason to activate a BCDR strategy?
A. Staffing loss
B. Terrorism attack
C. Utility disruptions
D. Natural disaster
Selected Answer: A
Question #: 152
Topic #: 1
Which of the cloud cross-cutting aspects relates to the oversight of processes and systems, as well as to ensuring their compliance with specific policies and regulations?
A. Governance
B. Regulatory requirements
C. Service-level agreements
D. Auditability
Selected Answer: A
Question #: 153
Topic #: 1
Which of the cloud cross-cutting aspects relates to the ability to reuse or move components of an application or service?
A. Availability
B. Interoperability
C. Reversibility
D. Portability
Selected Answer: D
Question #: 154
Topic #: 1
Which of the following is a restriction that can be enforced by information rights management (IRM) that is not possible for traditional file system controls?
A. Delete
B. Modify
C. Read
D. Print
Selected Answer: D
Question #: 155
Topic #: 1
What strategy involves hiding data in a data set to prevent someone from identifying specific individuals based on other data fields present?
A. Anonymization
B. Tokenization
C. Masking
D. Obfuscation
Selected Answer: A
Question #: 156
Topic #: 1
What type of security threat is DNSSEC designed to prevent?
A. Account hijacking
B. Snooping
C. Spoofing
D. Injection
Selected Answer: C
Question #: 157
Topic #: 1
Which European Union directive pertains to personal data privacy and an individual’s control over their personal data?
A. 99/9/EC
B. 95/46/EC
C. 2000/1/EC
D. 2013/27001/EC
Selected Answer: B
Question #: 158
Topic #: 1
Which of the cloud cross-cutting aspects relates to the requirements placed on a system or application by law, policy, or requirements from standards?
A. regulatory requirements
B. Auditability
C. Service-level agreements
D. Governance
Selected Answer: A
Question #: 159
Topic #: 1
Which data point that auditors always desire is very difficult to provide within a cloud environment?
A. Access policy
B. Systems architecture
C. Baselines
D. Privacy statement
Selected Answer: B
Question #: 160
Topic #: 1
What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?
A. Proxy
B. Bastion
C. Honeypot
D. WAF
Selected Answer: B
Question #: 161
Topic #: 1
Which security concept is focused on the trustworthiness of data?
A. Integrity
B. Availability
C. Nonrepudiation
D. Confidentiality
Selected Answer: A
Question #: 162
Topic #: 1
Which OSI layer does IPsec operate at?
A. Network
B. transport
C. Application
D. Presentation
Selected Answer: A
Question #: 163
Topic #: 1
Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met?
A. Regulatory requirements
B. SLAs
C. Auditability
D. Governance
Selected Answer: B
Question #: 164
Topic #: 1
Which of the following service capabilities gives the cloud customer the most control over resources and configurations?
A. Desktop
B. Platform
C. Infrastructure
D. Software
Selected Answer: C
Question #: 165
Topic #: 1
What concept does the “I” represent with the STRIDE threat model?
A. Integrity
B. Information disclosure
C. IT security
D. Insider threat
Selected Answer: B
Question #: 166
Topic #: 1
At which stage of the BCDR plan creation phase should security be included in discussions?
A. Define scope
B. Analyze
C. Assess risk
D. Gather requirements
Selected Answer: A
Question #: 167
Topic #: 1
Which approach is typically the most efficient method to use for data discovery?
A. Metadata
B. Content analysis
C. Labels
D. ACLs
Selected Answer: A
Question #: 168
Topic #: 1
Which of the following features is a main benefit of PaaS over IaaS?
A. Location independence
B. High-availability
C. Physical security requirements
D. Auto-scaling
Selected Answer: D
Question #: 169
Topic #: 1
Which audit type has been largely replaced by newer approaches since 2011?
A. SOC Type 1
B. SSAE-16
C. SAS-70
D. SOC Type 2
Selected Answer: C
Question #: 170
Topic #: 1
Which of the following can be useful for protecting cloud customers from a denial-of-service (DoS) attack against another customer hosted in the same cloud?
A. Reservations
B. Measured service
C. Limits
D. Shares
Selected Answer: C
Question #: 171
Topic #: 1
Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments?
A. Platform
B. Infrastructure
C. Software
D. Desktop
Selected Answer: C
Question #: 172
Topic #: 1
What does the “SOC” acronym refer to with audit reports?
A. Service Origin Confidentiality
B. System Organization Confidentiality
C. Service Organizational Control
D. System Organization Control
Selected Answer: C
Question #: 173
Topic #: 1
What does the REST API use to protect data transmissions?
A. NetBIOS
B. VPN
C. Encapsulation
D. TLS
Selected Answer: D
Question #: 174
Topic #: 1
What strategy involves replacing sensitive data with opaque values, usually with a means of mapping it back to the original value?
A. Masking
B. Anonymization
C. Tokenization
D. Obfuscation
Selected Answer: C
Question #: 175
Topic #: 1
With software-defined networking, what aspect of networking is abstracted from the forwarding of traffic?
A. Routing
B. Session
C. Filtering
D. Firewalling
Selected Answer: A
Question #: 177
Topic #: 1
What does dynamic application security testing (DAST) NOT entail?
A. Scanning
B. Probing
C. Discovery
D. Knowledge of the system
Selected Answer: D
Question #: 178
Topic #: 1
Where is an XML firewall most commonly deployed in the environment?
A. Between the application and data layers
B. Between the IPS and firewall
C. Between the presentation and application layers
D. Between the firewall and application server
Selected Answer: C
Question #: 179
Topic #: 1
What type of masking strategy involves replacing data on a system while it passes between the data and application layers?
A. Dynamic
B. Static
C. Replication
D. Duplication
Selected Answer: A
Question #: 180
Topic #: 1
Which of the following is a widely used tool for code development, branching, and collaboration?
A. GitHub
B. Maestro
C. Orchestrator
D. Conductor
Selected Answer: A
Question #: 181
Topic #: 1
Which aspect of security is DNSSEC designed to ensure?
A. Integrity
B. Authentication
C. Availability
D. Confidentiality
Selected Answer: A
Question #: 182
Topic #: 1
Which process serves to prove the identity and credentials of a user requesting access to an application or data?
A. Repudiation
B. Authentication
C. Identification
D. Authorization
Selected Answer: B
Question #: 183
Topic #: 1
Who would be responsible for implementing IPsec to secure communications for an application?
A. Developers
B. Systems staff
C. Auditors
D. Cloud customer
Selected Answer: B
Question #: 184
Topic #: 1
What is the minimum regularity for testing a BCDR plan to meet best practices?
A. Once year
B. Once a month
C. Every six months
D. When the budget allows it
Selected Answer: A
Question #: 185
Topic #: 1
Other than cost savings realized due to measured service, what is another facet of cloud computing that will typically save substantial costs in time and money for an organization in the event of a disaster?
A. Broad network access
B. Interoperability
C. Resource pooling
D. Portability
Selected Answer: C
Question #: 186
Topic #: 1
Which of the following is NOT part of a retention policy?
A. Format
B. Costs
C. Accessibility
D. Duration
Selected Answer: B
Question #: 187
Topic #: 1
Which aspect of cloud computing would make the use of a cloud the most attractive as a BCDR solution?
A. Interoperability
B. Resource pooling
C. Portability
D. Measured service
Selected Answer: D
Question #: 188
Topic #: 1
Which of the cloud deployment models offers the easiest initial setup and access for the cloud customer?
A. Hybrid
B. Community
C. Private
D. Public
Selected Answer: D
Question #: 189
Topic #: 1
Which of the following is NOT something that an HIDS will monitor?
A. Configurations
B. User logins
C. Critical system files
D. Network traffic
Selected Answer: B
Question #: 190
Topic #: 1
Which of the following technologies is used to monitor network traffic and notify if any potential threats or attacks are noticed?
A. IPS
B. WAF
C. Firewall
D. IDS
Selected Answer: D
Question #: 191
Topic #: 1
What concept does the “A” represent in the DREAD model?
A. Affected users
B. Authentication
C. Affinity
D. Authorization
Selected Answer: A
Question #: 192
Topic #: 1
Which attribute of data poses the biggest challenge for data discovery?
A. Labels
B. Quality
C. Volume
D. Format
Selected Answer: C
Question #: 193
Topic #: 1
What does static application security testing (SAST) offer as a tool to the testers?
A. Production system scanning
B. Injection attempts
C. Source code access
D. Live testing
Selected Answer: C
Question #: 194
Topic #: 1
Which of the following service capabilities gives the cloud customer an established and maintained framework to deploy code and applications?
A. Software
B. Desktop
C. Platform
D. Infrastructure
Selected Answer: C
Question #: 195
Topic #: 1
What process is used within a cloud environment to maintain resource balancing and ensure that resources are available where and when needed?
A. Dynamic clustering
B. Dynamic balancing
C. Dynamic resource scheduling
D. Dynamic optimization
Selected Answer: D
Question #: 196
Topic #: 1
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?
A. RPO
B. RTO
C. RSL
D. SRE
Selected Answer: C
Question #: 197
Topic #: 1
Over time, what is a primary concern for data archiving?
A. Size of archives
B. Format of archives
C. Recoverability
D. Regulatory changes
Selected Answer: C
Question #: 198
Topic #: 1
What is an often overlooked concept that is essential to protecting the confidentiality of data?
A. Strong password
B. Training
C. Security controls
D. Policies
Selected Answer: B
Question #: 199
Topic #: 1
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?
A. Public
B. Community
C. Hybrid
D. Private
Selected Answer: D
Question #: 200
Topic #: 1
What concept does the “D” represent with the STRIDE threat model?
A. Data loss
B. Denial of service
C. Data breach
D. Distributed
Selected Answer: B
