CCSP study FA

Question 1

What type of solutions enable enterprises or individuals to store data and computer files on the Internet using a storage service provider rather than keeping the data locally on a physical disk such as a hard drive or tape backup?
A.Online backups
B.Cloud backup solutions
C.Removable hard drives
D.Masking

Answer 1

B.Cloud backup solutions enable enterprises to store their data and computer files on the Internet using a storage service rather than storing data locally on a hard disk or tape backup.This has the added benefit of providing access to data should the primary business location be damaged in some way that prevents accessing or restoring data locally due to damaged infrastructure or equipment.Online backups and removable hard drives are other options but do not by default supply the customer with ubiquitous access.Masking is a technology used to partially conceal sensitive data.

Question 2

What focuses on security and encryption to prevent unauthorized copying and limitations on distribution to only those who pay.
A.Information rights management (IRM)
B.Masking
C.Bit splitting
D.Degaussing

Answer 2

A.In an IaaS model, the customer must still maintain licenses for operating systems (OSs) and applications used in the cloud environment.In PaaS models, the licensing for OSs is managed by the cloud provider, but the customer is still responsible for application licenses; in SaaS models, the customer does not need to manage a license library.

Question 3

What focuses on security and encryption to prevent unauthorized copying and limitations on distribution to only those who pay.
A.Information rights management (IRM)
B.Masking
C.Bit splitting
D.Degaussing

Answer 3

A.Information rights management (IRM) (often also referred to as digital rights management, or DRM) is designed to focus on security and encryption as a means of preventing unauthorized copying and limiting distribution of content to only authorized personnel (usually, the purchasers). Masking entails hiding specific fields or data in particular user views in order to limit data exposure in the production environment.Bit splitting is a method of hiding information across multiple geographical boundaries, and degaussing is a method of deleting data permanently from magnetic media.

Question 4

Which of the following represents the correct set of four cloud deployment models?
A.Public, private, joint, and community
B.Public, private, hybrid, and community
C.Public, Internet, hybrid, and community
D.External, private, hybrid, and community

Answer 4

B.The only correct answer for this is public, private, hybrid, and community.Joint, Internet, and external are not cloud models.

Question 5

What is a special mathematical code that allows encryption hardware/software to encrypt and then decipher a message?
A.PKI
B.Key
C.Public-private
D.Masking

Answer 5

B.An encryption key is just that: a key used to encrypt and decrypt information.It is mathematical code that supports either hardware- or software-based encryption, is used to encrypt or decrypt information, and is kept confidential by the parties involved in the communication.PKI is an arrangement for creating and distributing digital certificates.Public-private is the description of the key pairs used in asymmetric encryption (this answer is too specific for the question; option B is preferable). Masking entails hiding specific fields or data in particular user views in order to limit data exposure in the production environment.

Question 6

Which of the following lists the correct six components of the STRIDE threat model?
A.Spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege
B.Spoofing, tampering, refutation, information disclosure, denial of service, and social engineering elasticity
C.Spoofing, tampering, repudiation, information disclosure, distributed denial of service, and elevation of privilege
D.Spoofing, tampering, non-repudiation, information disclosure, denial of service, and elevation of privilege

Answer 6

A.The letters in the acronym STRIDE represent spoofing of identity, tampering with data, repudiation, information disclosure, denial of service, and elevation (or escalation) of privilege.The other options are simply mixed up or incorrect versions of the same.

Question 7

What is the term that describes the assurance that a specific author actually created and sent a specific item to a specific recipient, and that the message was successfully received?
A.PKI
B.DLP
C.Nonrepudiation
D.Bit splitting

Answer 7

C.Non-repudiation means that a party to a transaction cannot deny they took part in that transaction.

Question 8

What is the correct term for the process of deliberately destroying the encryption keys used to encrypt data?
A.Poor key management
B.PKI
C.Obfuscation
D.Crypto-shredding

Answer 8

D.The act of crypto-shredding means destroying the key that was used to encrypt the data, thereby making the data very difficult to recover.

Question 9

In a federated environment, who is the relying party, and what do they do?
A.The relying party is the service provider, and they consume the tokens generated by the identity provider.
B.The relying party is the service provider, and they consume the tokens generated by the customer.
C.The relying party is the customer, and they consume the tokens generated by the identity provider.
D.The relying party is the identity provider, and they consume the tokens generated by the service provider.

Answer 9

A.The identity provider maintains the identities and generates tokens for known users.The relying party (RP) is the service provider, which consumes tokens.All other answers are incorrect.

Question 10

What is the process of replacing sensitive data with unique identification symbols/ addresses?
A.Randomization
B.Elasticity
C.Obfuscation
D.Tokenization

Answer 10

D.Replacing sensitive data with unique identification symbols is known as tokenization, a way of hiding or concealing sensitive data by representing it with unique identification symbols/addresses.While randomization and obfuscation are also means of concealing information, they are done quite differently.

Question 11

Which of the following data storage types are associated or used with platform as a service (PaaS)?
A.Databases and big data
B.SaaS application
C.Tabular
D.Raw and block

Answer 11

A.PaaS uses databases and big data storage types.

Question 12

What is the term used for software technology that abstracts application software from the underlying operating system on which it is executed?
A.Partition
B.Application virtualization
C.Distributed
D.SaaS

Answer 12

B.Application virtualization abstracts application software from the underlying operating system on which it is executed.SaaS is a cloud service model.A partition is an area of memory, usually on a drive.Distributed is a modifier usually suggesting multiple machines used for a common purpose.

Question 13

Which of the following represents the US legislation enacted to protect shareholders and the public from enterprise accounting errors and fraudulent practices?
A.PCI
B.Gramm-Leach-Bliley Act (GLBA)
C.Sarbanes–Oxley Act (SOX)
D.HIPAA

Answer 13

C.The Sarbanes–Oxley Act (SOX) was enacted in response to corporate scandals in the late 1990s/early 2000s. SOX not only forces executives to oversee all accounting practices, it also holds them accountable for fraudulent/deceptive activity. HIPAA is a US law for medical information.PCI is an industry standard for credit/debit cards. GLBA is a US law for the banking and insurance industries.

Question 14

Which of the following is a device that can safely store and manage encryption keys and is used in servers, data transmission, and log files?
A.Private key
B.Hardware security module (HSM)
C.Public key
D.Trusted operating system module (TOS)

Answer 14

B.A hardware security module (HSM) is a device that can safely store and manage encryption keys.These can be used in servers, workstations, and so on.One common type is called the Trusted Platform Module (TPM) and can be found on enterprise workstations and laptops.There is no such term as a trusted operating system module, and public and private keys are used with asymmetric encryption.

Question 15

What is a type of cloud infrastructure that is provisioned for open use by the general public and is owned, managed, and operated by a cloud provider?
A.Private cloud
B.Public cloud
C.Hybrid cloud
D.Personal cloud

Answer 15

B.This is the very definition of public cloud computing.

Question 16

When transparent encryption of a database is used, where does the encryption engine reside?
A.Within the database application itself
B.At the application using the database
C.On the instances attached to the volume
D.In a key management system

Answer 16

A.In transparent encryption, the encryption key for a database is stored in the boot record of the database itself.

Question 17

What is a type of assessment that employs a set of methods, principles, or rules for assessing risk based on nonnumerical categories or levels?
A.Quantitative assessment
B.Qualitative assessment
C.Hybrid assessment
D.SOC 2

Answer 17

B.A qualitative assessment is a set of methods or rules for assessing risk based on non-mathematical categories or levels.One that uses mathematical categories or levels is called a quantitative assessment.There is no such thing as a hybrid assessment, and an SOC 2 is an audit report regarding control effectiveness.

Question 18

Which of the following best describes the Cloud Which of the following best describes the Cloud Security Alliance Cloud Controls Matrix (CSA CCM)?
A) A set of regulatory requirements for cloud service providers
B) A set of software development lifecycle requirements for cloud service providers
C) A security controls framework that provides mapping/cross relationships with the main industry-accepted security standards, regulations, and controls frameworks
D) An inventory of cloud service security controls that are arranged into separate security domains

Answer 18

C.The CCM cross-references many industry standards, laws, and guidelines.

Question 19

When a conflict between parties occurs, which of the following is the primary means of determining the jurisdiction in which the dispute will be heard?
A.Tort law
B.Contract
C.Common law
D.Criminal law

Answer 19

B.Contracts between parties can establish the jurisdiction for resolving disputes; this takes primacy in determining jurisdiction (if not specified in the contract, other means will be used). Tort law refers to civil liability suits.Common law refers to laws regarding marriage, and criminal law refers to violations of state or federal criminal code.

Question 20

Which one of the following is the most important security consideration when selecting a new computer facility?
A.Local law enforcement response times
B.Location adjacent to competitor’s facilities
C.Aircraft flight paths
D.Utility infrastructure

Answer 20

D.Of the answers given, option D is the most important.It is vital that any data center facility be close to resilient utilities, such as power, water, and connectivity.

Question 21

Which of the following is always safe to use in the disposal of electronic records within a cloud environment?
A.Physical destruction
B.Overwriting
C.Encryption
D.Degaussing

Answer 21

C.Encryption can always be used in a cloud environment, but physical destruction, overwriting, and degaussing may not be available due to access and physical separation factors.

Question 22

Which of the following does not represent an attack on a network?
A.Syn flood
B.Denial of service
C.Nmap scan
D.Brute force

Answer 22

C.All of the rest of these options represent specific network attacks.Nmap is a relatively harmless scanning utility designed for network mapping.Although it can be used to gather information about a network as part of the process of developing an attack, it is not by itself an attack tool.

Question 23

Which of the following takes advantage of the information developed in the business impact analysis (BIA)?
A.Calculating ROI
B.Risk analysis
C.Calculating TCO
D.Securing asset acquisitions

Answer 23

B.Among other things, the BIA gathers asset valuation information that is crucial to risk management analysis and further selection of security controls.

Question 24

Which of the following terms best describes a managed service model where software applications are hosted by a vendor or cloud service provider and made available to customers over network resources?
A.Infrastructure as a service (IaaS)
B.Public cloud
C.Software as a service (SaaS)
D.Private cloud

Answer 24

C.This is the definition of the software as a service (SaaS) model.Public and private are cloud deployment models, and infrastructure as a service (IaaS) does not provide applications of any type.

Question 25

Which of the following is a federal law enacted in the United States to control the way financial institutions deal with private information of individuals?
A.PCI
B.ISO/IEC
C.Gramm-Leach-Bliley Act (GLBA)
D.Consumer Protection Act

Answer 25

C.The Gramm-Leach-Bliley Act targets US financial and insurance institutions and requires them to protect account holders’ private information.PCI refers to credit card processing requirements, ISO/IEC is a standards organization, and the Consumer Protection Act, while providing oversight for the protection of consumer private information, is limited in scope.

Question 26

The typical function of Secure Sockets Layer (SSL) in securing Wireless Application Protocol (WAP) is to protect transmissions that exist
A) Between the WAP gateway and the wireless endpoint device
B) Between the web server and the WAP gateway
C) From the web server to the wireless endpoint device
D) Between the wireless device and the base station

Answer 26

C.The purpose of SSL is to encrypt the communication channel between two endpoints.In this example, it is the end user and the server.

Question 27

What is an audit standard for service organizations?
A.SOC 1
B.SSAE 18
C.GAAP
D.SOC 2

Answer 27

B.Both SOC 1 and SOC 2 are report formats based on the SSAE 18 standard.While SOC 1 reports on controls for financial reporting, SOC 2 (Types 1 and 2) reports on controls associated with security or privacy.

Question 28

What is a company that purchases hosting services from a cloud server hosting or cloud
computing provider and then resells to its own customers?
A.Cloud programmer
B.Cloud broker
C.Cloud proxy
D.VAR

Answer 28

B.The cloud computing broker purchases hosting services and then resells them.

Question 29

Which of the following is comparable to grid computing in that it relies on sharing computing resources rather than having local servers or personal devices to handle applications?
A.Server hosting
B.Legacy computing
C.Cloud computing
D.Intranet

Answer 29

C.Cloud computing is built on the model of grid computing, whereby resources can be pooled and shared rather than having local devices do all the compute and storage functions.

Question 30

What is a set of technologies designed to analyze application source code and binaries for coding and design conditions that are indicative of security vulnerabilities?
A.Dynamic application security testing (DAST)
B.Static application security testing (SAST)
C.Secure coding
D.OWASP

Answer 30

B.Static application security testing (SAST) is used to review source code and binaries to detect problems before the code is loaded into memory and run.