Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CCSP 2023 > LearnZapp Practice 2 > Flashcards

LearnZapp Practice 2 Flashcards

1
Q

Which of the following poses a secondary risk?

A. Fire exit signs
B. Oxygen displacing fire suppression
C. Automated fire detection systems
D. Failsafe fire egress paths

A

B. Oxygen displacing fire suppression

Explanation:
Secondary risk is any risks resulting from enacting a control/countermeasure to the original risk. In this case, a suppression system that displaces oxygen is a means to mitigate the original risk but adds a new risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which resiliency technique attenuates the possible loss of functional capabilities during contingency operations?

A. Cross training
B. Metered usage
C. Proper placement of HVAC temperature measurement tools
D. Raised floors

A

A. Cross training

Explanation:
Cross training offers attenuation of lost contingency capabilities by ensuring personnel will be able to perform essential tasks, even if they are not primarily assigned to those positions in a full time capacity. Metered usage is a benefit for cloud customers associated with ensuring value for payment but not resiliency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is a tool that can be used to perform security control audits?

A. Federal Information Processing Standard (FIPS) 140-2
B. GDPR
C. ISO 27001
D. CSA CCM

A

D. CSA CCM

Explanation:
The Cloud Controls Matrix is an excellent tool for determiniing completelyness and possible replication of security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following characteristics is associated with DRM solutions?

A. Automatic expiration
B. Multilevel aggregation
C. Enhanced detail
D. Broad spectrum

A

A. Automatic expiration

Explanation:
Automatic expiration is the trait that allows DRM tools to prevent access to objects when a license expires or to remove protections when intellectual proerty moves into the public domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following architecture fraemworks was designed for service delivery entities, from the perspective of how they serve customers?

A. SABSA
B. ITIL
C. COBIT
D. TOGAF

A

B. ITIL

Explanation:
ITIL was specifically designed to address service delivery entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When you are accessing an electronic stroage file for forensic purposes, it is a best practice to use _______

A. Gloves
B. A trust comptuing base
C. Sysadmin access
D. A write blocker

A

D.A write blocker

Explanation:
It is important that any changes to the data only be made in purposeful, specific ways; a write blocker helps to ensure that extraneous changes arent made to the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Alice is staging an attack against Bobs website. She has discovered that Bob has been sotring cryptograhic keys and violate confidentiality and access controls. This is an example of which type of attack?

A. SQL Injection
B. Buffer overflow
C. Using components with known vulnerabilities
D. Security misconfiguration

A

D. Security misconfiguration

Explanation:
This is likely a security misconfiguration, as crypto keys must not be disclosed or the cryptosystem does not provide protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Clustering hosts allows you to do all the following except:

A. Meet high availability demands
B. Optimize performance with load balancing
C. Enhance scalability
D. Apply updated, patches or configuration modifications instantly

A

D. Apply updated, patches or configuration modifications instantly

Explanation:
Cluster does not preclude the time and dilligence necessary to perform patching or updates. All the other options are attributes provided by host clustering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What element of credit card holder information may never be stored for any length of time, according to the PCI DSS?

A. The full credit card number
B. The card verification value
C. The cardholders mailing address
D. The cardholders name

A

B. The card verification value

Explanation:
The PCI DSS disallows the storage of the CVV for any length of time; the CVV may only be used during the payment transaction, and not saved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is not an element of the identification component of IAM?

A. Proviosning
B. Management
C. Discretion
D. Deprovisoining

A

C. Discretion

Explanation:
Discretion is not an element of IAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the term that describes the situation when an malicious user or attacker can exit the restrictions of a virtual machine and access another VM residing on the same host?

A. Host Escape
B. Guest Escape
C. Provider Exit
D. Escalation of privileges

A

B. Guest Escape

Explanation:
The question describes a guest escape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The OWASP Top Ten list sometimes includes missing function level access control. WHich of these is a technique to reduce the potential for a missing function level access control?

A. Run a process as both user and privileged user, compare results, and determine similarily
B. Run automated monitoring and audit scripts
C. Include browser buttons/navigation elements to secure functions
D. Enhance user training to include management personnel

A

A. Run a process as both user and privileged user, compare results, and determine similarily

Explanation:
The method in option A will help you determine if these function that regular users should not have access to and thereby demonstrate that you are missing necessary controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The EU and GDPR addresses performance by _______________

A. Data subjects
B. Data controllers
C. Data processors
D. Data controllers and processors

A

D. Data controllers and processors

Explanation:
The GDPR describes requirements for data collection by and transfers to data controller and processors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An API gateway can typically offer all of the following capabilities except _______

A. Rate limiting
B. Access control
C. Hardware confirmation
D. Logging

A

C. Hardware confirmation

Explanation:
hardware confirmation is a meaningless term in this respect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following can be included in the cloud security architecture as a means to identify and reject hostile SQL commands?

A. WAF
B. API Gateway
C. DLP
D. DAM

A

D. DAM

Explanation:
A DAM can recognize and block malicious SQL traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are the security manager for an online marketing company. Your company has recently migrated to a cloud production environment and has dpeloyed a number of new cloud absed protection mechanisms offered by both third parties and cloud provider, including DLP and SIEM solutions. After one week of operation, your security team reports an inordinate amount of time responding to potential incidents that have turned out to only be false positive reports. Management is concerned that the cloud migration was a bad idea and that it is too costly in terms of misspent security efforts.

What do you recommend?

A. Change the control set so that you use only security products not offered by the cloud provider
B. Change the control set so that you use only security products offered by cloud provider
C. Wait three weeks before making a final decision
D. Move back to an on premises environment as soon as possible to avoid additional wasted funds and effort

A

C. Wait three weeks before making a final decision

Explanation:
Many security solutions, particularly DLP and similar tools require a learning curve as they become accustomed to new data sources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Due to their reliance on vulnerability signatures, vulnerability scanners will not detect ___________

A. User error
B. Improper control selection
C. Cloud vulnerabilities
D. Unknown vulnerabilities

A

D. Unknown vulnerabilities

Explanation:
Because scanning tools require vulnerability signatures to operate effectively, unknown vulnerability that might exist in the scanned system wont be detected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which federal standard is for the accreditation of secure and well architected cryptographic modules produced by private sector vendors?

A. FIPS 120
B. ISO 27002
C. COBIT
D. FIPS 140-2

A

D. FIPS 140-2

Explanation:
FIPS 140-2 is the federal standard for the accreditation and distinguishing of secure and well architected cryptgraphic modules produced by private sector vendors who see to or are in the process of having their solutions and services certified by the US government

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

In which of these options does the encryption engine reside within the application accessing the database?

A. Transparent encryption
B. Symmetric key encryption
C. Application level encryption
D. Homomorphic encryption

A

C. Application level encryption

Explanation:
In appplication level encryption, the application will encrypt data before it is placed in the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Why as PaaS environments at a higher likelihood of suffering backdoor vulnerabilities?

A. They rely on virtualization
B. They often used for software development
C. They have multitenancy
D. They are scalable

A

B. They often used for software development

Explanation:
PaaS environments are attractive for software development because they allow testing of software on multiple OS that are administered by the cloud provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following techniques for ensuring cloud datacenter storage resiliency uses encrypted chunks of data?

A. Cloud bursting
B. RAID
C. Data dispersion
D. SAN

A

C. Data dispersion

Explanation:
Data dispersion uses parity bits, data chunks and encryption. Parity bits and disk striping are characteristic of RAID implementations. Cloud bursting is a feature of scalable cloud hosting. SAN is data storage technique but not focused on resiliency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Event monitoring tools SIEM/SEM can aid in which of the following efforts?

A. External hacking detection
B. Prediction of physical device theft
C. Data classification/categorization issues
D. Social engineering attacks

A

A. External hacking detection

Explanation:
Event monitoring tools can help detect external hacking efforts by tracking and reporting on common hack related activity, such as repeated failed login attempts and scanning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

WAFs can be used to reduce the likelihood that _________ attacks will be successful

A. Social Engineering
B. Physical Theft
C. Obverse inflection
D. Cross Site Scripting

A

D. Cross Site Scripting

Explanation:
WAFs can be used to attenuate the possibility that cross site scripting attacks will be successful. WAFs do not protect against social engineering or physical attacks in any way, so options A and B are incorrect
Option C is a nonsense term and is therefore incorrect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

In addition to having it for business continuity and disaster recovery purposes, data archiving might also be useful for ________

A. Ensuring profitability
B. Increasing performance
C. Motivating users
D. Correcting accidental errors

A

D. Correcting accidental errors

Explanation:
If users inadvertently erase or modify data, an archived backup copy could be useful for restoring the original, correct version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
A cloud environment that lacks security controls is vulnerable to exploitation, data loss, and interruptions. Conversely, excessive use of security controls: A. Can lead to data breaches B. Causes electromagnetic interference C. Will affect quality of service D. Can cause regulatory non compliance
C. Will affect quality of service Explanation: Security and operations are always inversely related; excessive controls necessarily degrade performance. Excessive use of controls should not lead to more data breaches; if anything, it may reduce their occurrence. However, it is more likely that there will be no effect.
26
What are the activities involving the generation, storage, distribution, deletion archiving, and application of keys in accordance with a formal security policy? A. Key management B. Security management C. Application management D. SDLC
A. Key management Explanation: These are all activities associated with encryption key management and are critical for the safety and security of key usage
27
Where is isolation failure probably least likely to pose a significant risk? A. Public cloud B. Private cloud C. PaaS Environment D. SaaS environment
B. Private cloud Explanation: Guest escape is less likely to occur and to have a significant impact in an environment provisioned for and used by a single customer
28
Data dispersion uses ________, where the traditional implementation is calling striping A. Chunking B. Vaulting C. Lumping D. Grouping
A. Chunking Explanation: Where RAID used data striping across multiple drives, with data dispersion this technique is referred to as chunking, or sometimes sharing when encryption is also used.
29
You are the security manager of a small firm that has just purchased an egress monitoring solution to implement in your cloud based production environment. What should you not expect the tool to address? A. Sensitive data sent inadvertently in user emails B. Sensitive data captured by screenshots C. Sensitive data moved to external devices D. Sensitive data in the contents of files sent via FTP
B. Sensitive data captured by screenshots Explanation: Its unlikely that any egress monitoring tools will be able to detect sensitive data captured, stored and/or sent as graphic image files, which is the usual form of screenshots
30
Which of the following can enhance data portability? A. Interoperable export formats B. Egress monitoring solutions C. Strong physical protections D. Agile business intelligence
A. Interoperable export formats Explanation: Data formatted in a manner that allows its reuse in other environments is essential for portability. None of the other options are relevant to the issue of data portability
31
You are the IT security manager for a video game software development company. Your development team hired an external game development lab to work on part of the game engine. A few weeks before the initial release of your game, the company that owns the lab publishes a strikingly similar game, with many of the features and elements that appear in your work. Which of the following methods could be used to determine if your ownership rights were violated? A. Physical surveillance of their property and personnel B. Communications tapping of their offices C. Code signing D. Subverting insiders
C. Code signing Explanation: Digitally signing software code is an excellent method for determining original ownership and has proven effective in major intellectual property rights disputes
32
When a programs source code is open to review by the public, what is that software called? A. Freeware B. Malware C. Open source D. Shareware
C. Open source Explanation: Open source software includes programs where customers (or even the public) can view the softwares source code
33
The American Society of Heating, Refrigeration and Air Conditioning Engineerins (ASHRAE) guidelines for internal environmental conditions within a data center suggest that a temperature setting of _______ degrees (F) would be too high A. 93 B. 80 C. 72 D. 32
A. 93 Explanation: The range suggested by the ASHRAE Technical COmmittee 9.9 is 64 to 81 degrees Fahrenheit. All the other options are distractors
34
To optimize airflow within a data center according to industry standards, a raised floor used as an air pienum must have at least _______ of clearance A. One foot B. One meter C. 24 inches D. 30 inches
C. 24 inches Explanation: THe industry standard is 24 inches
35
What is a key component of Gramm LEach Billey Act (GLBA)? A. The right to be forgotten B. EU Data Directives C. The information security program D. The right to audit
C. The information security program Explanation: The most important aspect of GLBA was the creation of a formal information security program
36
Perhaps the best method for avoiding vendor lock out is also a means for enhancing BCDR capabilities. This is _______ A. Having a warm site within 250 miles of the primary production environment B. Using one cloud provider for primary production and another for backup processes C. Building a data center above the flood plain D. Cross training all personnel
B. Using one cloud provider for primary production and another for backup processes Explanation: Using distinct cloud providers for production and backup ensuresd that the loss of one provider, for any reason, will not result in a total loss of the organizations data
37
In a PaaS mdoel, who should most likely be responsible for the security of the applications in the production environment? A. Cloud customer B. Cloud provider C. Regulator D. Programmers
A. Cloud customer Explanation: In PaaS, the customer is responsible for the administration (and security) of applications. Neither regulators nor programmers are responsible for the security of the applications in the production environment. That is the responsibility of the cloud customer
38
Which of the following is a federation standard/protocol that does not rely on SOAP, SAML or XML? A. WS Federation B. OpenID Connect C. SOC 2 D. OWASP
B. OpenID Connect Explanation: OpenID connect is a federation protocol that uses REST and JSON; it was specifically designed with mobile apps in mind, instead of only web based federation
39
In protections afforded to PII under the US Health Information Portability and Accountability Act, the subject must _____ in order to allow the vendor to share their personal data A. Opt in B. Opt out C. Undergo screening D. Provide a bio metric template
A. Opt in Explanation: Under HIPAA, the subject must opt in to information sharing - that is, the subject (patient) must explicitly state, in writing and with a signature, who the vendor is allowed to share personal information with, such as family members, spouses and children
40
Which of the following is not commonly considered a form of privacy data processing? A. Storing B. Computing C. Destroying D. Buying
D. Buying Explanation: Purchasing is not normally an activity related to privacy data processing. All the other options fall into the definition of processing
41
When using real user monitoring (RUM) for web application activity analysis, which of the following do you need to take into account? A. False positives B. Attacker baseline actions C. Privacy concerns D. Sandboxed environments
C. Privacy concerns Explanation: Depending on the jurisdiction, RUM may entail unlawful surveillance, so the practitioner must take this into account and plan accordingly
42
You are a consultant performing an external security review on a large manufacturing firm. You determine that its newest assemply plant, which costs 24 million, could be completely destroyed by a fire but that a fire suppression system could effectively protect the plant. The fire suppression system costs 15 million. An insurance policy that would cover the full replacement cost of the plant costs 1 million per month. IN order to establish the true annualized loss expectancy (ALE), you would need all of the following information expect: A. Amount of revenue generated by the plant B. The rate at which the plant generates revenue C. The length of time it would take to rebuild the plant D. The amount of product the plant creates
D. The amount of product the plant creates Explanation: Unless this number is being used to determine the measures of options A or B, or we are trying to better estimate the costs of the impact of the first occurrence, the amount of product the plant creates is not as important as the attendant revenue that amount generates for the company
43
Having your BCDR backup stored with the same cloud provider as your production environment can help you ________ A. Maintain regulatory compliance B. Spend less of your budget on traveling C. Train your users about security awareness D. Recovery quickly from minor incidents
D. Recovery quickly from minor incidents Explanation: Having the backup within the same environment can allow easy rollback to a last known good state or to reinstantiate clean VM images after minor incidents
44
What can be revealed by an audit of a baseline virtual image, used in a cloud environment? A. Adequate physical protections in the data center B. Potential criminal activity before it occurs C. Whether necessary security controls are in place and functioning properly D. Lack of user training and awareness
C. Whether necessary security controls are in place and functioning properly Explanation: The baseline will contain the suite of security controls applied uniformly throughout the enivornment
45
A localized incident or disaster can be addressed in a cost effective manner by using which of the following? A. UPS B. Generators C. Joint operating agreements D. Strict adherence to applicable regulations
C. Joint operating agreements Explanation: Joint operating agreements can provide nearby relocation sites so that a disruption limited to the organizations own facility and campus can be addressed at a different facility and campus
46
Setting thermostat controls by measuring the ________ temperature will result in the highest energy costs A. Server inlet B. Return air C. Underfloor D. External ambient
B. Return air Explanation: The return air temperature will be slightly higher than anywhere else inside the data center becausethe air has been warmed by passing through the equipment
47
Which of the following best describes HIPAA? A. US Federal law for electronic healthcare transactions and national identifiers for providers, health plans and employers B. EU Standards for electronic healthcare transactions and national identified for providers, health plans and employers C. Contractual standards for electronic healthcare transactions and national identifiers for providers, health plans and employers D. ISO standards for electronic healthcare transactions and national identifiers for providers, health plans and employers
A. US Federal law for electronic healthcare transactions and national identifiers for providers, health plans and employers Explanation:
48
Any organization that complies with ISO 27034 will have a maximum of ________ Organizational Normative Frameworks A. 0 B. 1 C. 5 D. 25
B. 1 Explanation: dictates that an orgnization will have a collection of security controls used for all software within that organization; this collection is called the ONF ISO
49
WAFs and DAMs function at levels ________ and _______ of the OSI model, respectively. A. 1 and 7 B. 7 and 1 C. 7 and 7 D. 3 and 4
C. 7 and 7 Explanation: These are both Layer 7 tools.
50
Legal controls refer to which of the following: A. Controls designed to comply with laws and regulations related to the cloud environment B. PCI DSS C. ISO D. NIST 800 53r4
A. Controls designed to comply with laws and regulations related to the cloud environment Explanation: Legal controls are those controls that are designed to comply with laws and regulations whether they be local or international
51
A fundamental aspect of security principles, ___________ should be implemented in the cloud as well as in traditional environments A. Continual uptime B. Defense in depth C. MFA D. Separation of duties
B. Defense in depth Explanation: Defense in depth, or layered defense, is perhaps the most fundamental characteristic of all security concepts.
52
In a PII context, who is the controller? A. The cloud customer B. The cloud provider C. The regulator D. The individual
A. The cloud customer Explanation: In a PII context, the controller is the entity that creates/collects, owns or manages the data - that is, the data owner
53
Which of the following is not a way to manage risk? A. Enveloping B. Mitigating C. Accepting D. Transferring
A. Enveloping Explanation: Enveloping is a nonsense term, unrelated to risk management
54
Pentesting is an ______ form of security assessment A.Active B. Comprehensive C. Total D. Inexpensive
A.Active Explanation: A pentest requires the tester to analyze the security of an environment from the perspective of an attacker
55
You are the IT director for a small contracting form. Your company is considering migrating to a cloud production environment. WHich service model would best fir your needs if you wanted an option that reduced the chance of vendor lock in but also did not require the highest degree of administration by your own personnel? A. IaaS B. PaaS C. SaaS D. Tanstaffl
B. PaaS Explanation: With PaaS, the cloud provider will administer both the hardware and the OS< but you will be in charge of managing the application and data. There is less likelihood of vendor lock in with PaaS than SaaS
56
DAST is usually considered a __________ form of testing A. White box B. Black box C. Gray box D. Parched field
B. Black box Explanation: Explanation: DAST is often referred to as black box testing
57
Typically, SSDs are _______ A. More expensive than spinning platters B. Larger than tape backup C. Heavier than tape libraries D. More subject to malware than traditional drives
A. More expensive than spinning platters Explanation: SSDs are usually more expensive, per drive, than their counterparts.
58
Developers creating software for the cloud environment should bear in mind cloud specific risks such as ________ and ____________ A. DoS and DDoS B. Multitenancy and 3rd party administrators C. Unprotected servers and unprotected clients D. Default configurations and user error
B. Multitenancy and 3rd party administrators Explanation: All the other options are risks that exists in the traditional environment as well as the cloud
59
What is the important input of the SDLC? A. Senior management direction B. Legislation/regulation C.Investor oversight D. Business requirements
D. Business requirements Explanation: Business requirements are paramount because they incorporate the elements of all the other options as well as additional inputs
60
In general, a cloud BCDR solutions will be _____ than a physical solution A. Slower B. Less expensive C. Larger D. More difficult to engineer
B. Less expensive Explanation: Typically, the cost of using the cloud for contingency operations will be much less than creating a physical alternate operating site
61
Data archiving and retention policies should include _________ A. How long the data must be kept before destruction B. The depth of underground storage bunkers used for archiving C. The names of specific personnel tasked with restoring data in the event of data loss in the operational environment D. The names of regulators approving the policy
A. How long the data must be kept before destruction Explanation: The policy for data archiving and retention must include guidance on the length of time data is expected to remain
62
The OWASP Top Ten list usually includes injection. In most cases, what is the attacker trying to do with an injection attack? A. Get the user to allow access for the attacker B. Insert malware onto the system C. Trick the application into running commands D. Penetrate the facility hosting the software
C. Trick the application into running commands Explanation: In injection attacks, the attacker enter s a string of command code into a user facing field in an attempt to get the application to run the command
63
Where is a NIDS deployed in a cloud or enterprise environment? A. On the segment being monitored B. On the device being monitored C. Near the firewall or gateway D. On a virtual server
A. On the segment being monitored Explanation: A NIDS is deployed anywhere on the network segment being montiored. THis can be, but does not need to be, near the network gateway
64
You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a SSO experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead wnat every user to have access to each organizations specific storage resources. If you are in Canada, one of the standards you will have to adhere to is _________ A. FIPS 140-2 B. PIPEDA C. HIPAA D. EFTA
B. PIPEDA Explanation: The Personal Information Protection and Electronic Documents Act is a Canadian law governing protection of personal information
65
Which of the following probably poses the most significant risk to the organization? A. Lack of data confidentiality during a contingency B. Lack of regulatory compliance during a contingency C. Returning to normal operations too late D. Lack of encrypted communications during a contingency
C. Returning to normal operations too late Explanation: Not returning to normal operations in a timely fashion can cause you to exceed the RTO and MAD.
66
Which of the following factors will probably have the most impact on the cost of running your heating, ventilation and air conditioning systems? A. Whether you choose hot or cold aisle containment B. The external ambient environment C. The initial cost of the HVAC systems D. Proper cable maintenance
B. The external ambient environment Explanation:
67
When crafting plans and policies for data archiving, we should consider all of the following except: A. Archive location B. The backup process C. The format of the data D. Immediacy of the technology
D. Immediacy of the technology Explanation: All of the following things should be considered when creating data archival policies except option D, which is a nonsense term.
68
Which of the following is not used to determine data retention requirements? A. Legislation B. Business needs C. Average media longevity D. Contracts
C. Average media longevity Explanation: Data retention periods should be established in policy regardless of the projected lifetime of the media the data resides on. All the other options do/should influence data retention periods
69
The practice of using strong magnets to erase and scramble data on magnetic media is called: A. Deguassing B. Scrubbing C. Cryptoshredding D. Bitsplitting
A. Deguassing Explanation: Degassing refers to the practice of using strong magnets for scrambling data on magnetic media such as hard drvies and tapes. Although scrubbing generally can scramble data as well as degaussing, it does not use magnets
70
WHich of the following is a service that replicates data across geographic areas? A. CDN B. Cloud service C. Cloud storage D. ISO
A. CDN Explanation: A CDN is a service that replicates data across many locations
71
Which of the following is an aspect of IT costs that will likely be reduced by moving from a traditional, on premises IT environment into the cloud? A. Number of users B. Costs of software licensing C. Number of applications D. Number of clientele
B. Costs of software licensing Explanation: In a tradition environment, enterprise software costs can be exorbitant, and the price of licensing doesnt even reflect the hidden costs associated with licensing, such as managing the license library
72
Which of the following is a risk associated with automated patching? A. Users can be leveraged by intruders B. A patch may not be applicable to a given environment C. Patches can come loaded with malware in a Trojan horse D. Automated patching is slow and inefficient
B. A patch may not be applicable to a given environment Explanation: Not all patches are necessary for all environments.
73
Which of the following of BCDR testing has the most impact on operations? A. Tabletop B. Dry run C. Full test D. Structured test
C. Full test Explanation: The full test will involve every asset in the organizaion, including all personnel.
74
You are in charge of a cloud migration for your organization. You anticipate attack traffic from various sources, each using a variety of both automated and manual intrusion techniques. In order to deter novel attacks used only against your organization, you would be wise to employ firewalls that use ________ to detect threats A. Attack signatures B. Behavioral outliers C. Content filters D. Biometric templates
B. Behavioral outliers Explanation: Behavioral detection looks for activity beyond the norm of the organizations usual traffic
75
Which type of cloud infrastructure is provisioned for open use for the general public? A. Hybrid cloud B. Community cloud C. Cloud storage D. Public cloud
D. Public cloud Explanation: A public cloud infrastructure is provisioned for open use by the general public and may be owned, managed and operated by a business, academic or government organization or some combination of them and exists on the premises of the cloud provider
76
Who is the cloud carrier? A. The cloud customer B. The cloud provider C. The regulator overseeing the cloud customers industry D. The ISP between the cloud customer and provider
D. The ISP between the cloud customer and provider Explanation: Option D is the definition of a cloud carrier from NIST
77
The SOC 2 report covers which of the following security principles? A. Security, availability, processing integrity, confidentiality, privacy B. Confidentiality, integrity, availability C. Encrypting, hashing and digital signatures D. Identification, authentication and authorization
A. Security, availability, processing integrity, confidentiality, privacy Explanation: SOC 2 reports are relevant to the target entitys internal controls over the five security principles of security, availability, processing integrity, confidentiality and privacy
78
All of the following are ways of addressing risks, except: A. Acceptance B. Reversal C. Mitigation D. Transfer
B. Reversal Explanation:
79
Firewalls can be included in all the following aspects of a cloud environment excepts ________ A.The guest OS B. The cloud data center IT architecture C. Bandwidth providers used to connect to the cloud D. Applications used to manipulate data in the cloud
C. Bandwidth providers used to connect to the cloud Explanation: Internet service providers dont usually offer firewall services.
80
Migrating to a cloud environment will reduce an organizations dependence on _______ A. Capital expenditures for IT B. Operational expenditures for IT C. Data driven workflows D. Customer satisfaction
A. Capital expenditures for IT Explanation: As a cloud customer, the organization is not responsible for making up from infrastructure purchases, which are capital expenditures
81
Which of the following is a valid risk management metric? A. Key performance indicators (KPI) B. Key RISK indicators (KRI) C. Service level agreement (SLA) D. SOC
B. Key RISK indicators (KRI) Explanation: KRI stands for key risk indicator. KRIs are red flags if you will in the world of risk management. When these change, they indicate something is amiss and should be looked at quickly to determine if the change is minor or something more
82
Deploying DRM tools in a BYOD environment will require: A. User consent and action B. Enhanced security protocols C. Use of the cloud D. Newer, upgraded devices
A. User consent and action Explanation: Deploying DRM usually requires installing a local agent on each device intended for use in that environment; with BYOD, that means getting all users to agree and install that agent because they own the device
83
Data destruction in the cloud is difficult because _________ A. Data in the cloud is constantly being replicated and backed up B. Delete commands are prohibited in the cloud C. Internet service providers will not allow destruction of data stored in the cloud D. The end clients may prevent it
A. Data in the cloud is constantly being replicated and backed up Explanation: one of the benefits of using managed cloud service is that most providers are constantly performing backup and preservation activities in order to ensure that customers do not lose data
84
When considering the option to migrate from an on premise environment to a hosted cloud service, an organization should weigh the risk of allowing external entities to access the cloud data for collaborative purposes against _________ A. Not securing the data in the traditional environment B, Disclosing the data publicly C. Inviting external personnel into the traditional workspace in order to enhance collaboration D. Sending the data outside the traditional environment for collab purposes
D. Sending the data outside the traditional environment for collab purposes Explanation: The cloud generally enhances opportunities for collab between organizations, mostly giving external parties some limited access to the owners data in the cloud. While there is risk in this situation, the truly comparable risk in the traditional environment would result from sending data outside the organization to external collaborators
85
The OWASP Top Ten list often includes using components with known vulnerabilities. Why would an organization ever use components with known vulnerabilities to create software? A. The organization is insured B. The particular vulnerabilities exist only in a context not being used by developers C. Some vulnerabilities exist only in foreign countries D. A component might have a hidden vulnerability
B. The particular vulnerabilities exist only in a context not being used by developers Explanation: Option B makes the most sense; some vulnerabilities are known to exist only when a component is used in a specific way or with specific services; if the programmers are not including that way of using the component or the risky service, then the vulnerability would not pose a threat to the software they are creating and may therefore be acceptable
86
You are the security manager for a retail company that is considering cloud migration to a public SaaS solution both for your current internal production environment (an on premise data center) and to host your ecommerce presence. Which of the following is a new concern you should bring up to senior management for them to consider before the migration? A. Regulatory compliance for your credit card processing transactions B. Inadvertent disclosure by internal personnel C. Data disclosure through insufficiently isolated resources D. Malicious intrusion by external entities
C. Data disclosure through insufficiently isolated resources Explanation: Because of the multitenant nature of public cloud services, processes and resources that are not properly isolated may create a sitatuon where data could be disclosed to other cloud customers. This is a new threat that may result from the migration
87
IAM is a security discipline that ensures which of the following? A. That all users are properly authorized B. That the right individual gets access to the right resources at the right time for the right reasons C. That all users are properly authenticated D. That unauthorized users will get access to the right resources at the right time for the right reasons
B. That the right individual gets access to the right resources at the right time for the right reasons Explanation: Options A and C are also correct, but included in B, making B the best choice. D is incorrect, because we do not want unauthorized users gaining access
88
You are the IT director for an automtive parts supply distribution service; your company wants to operate a production environment in the cloud. Your company wants to install its own software solutions in a managed environment to decrease the cost of purchasing and maintaining the hardware of a data center. You should most likely be considering a ________ offering A. IaaS B. PaaS C. SaaS D. Hybrid
B. PaaS Explanation: PaaS model will probably best suit your companys needs as it allows the customer to install software and load data onto a hardware infrastructure owned and operated by the provider
89
Which of the following best describes SDN? A. Controlling network devices from a single management interface B. The idea of using a hyper converged network model to stream efficiencies C. The idea of controlling network provisioning via the hypervisor D. The idea of separating the network control plane from the actual network forwarding plane
D. The idea of separating the network control plane from the actual network forwarding plane Explanation: SDN is the idea of separating the network control plane from the actual network forwarding plane
90
Bob is designing a data center to support his organization, a financial services firm. Bobs data center will have to be approved by regulators using a framework under which law? A. HIPAA B. PCI C. GLBA D. SOX
C. GLBA Explanation: GLBA mandates requirements for securing personal account information in the financial and insurance industries
91
What is the term we use to describe the general ease and efficiency of moving data from one cloud provider either to another cloud provider or down from the cloud? A. Mobility B. Elasticity C. Obfuscation D. Portability
D. Portability Explanation: Elasticity is the name for the benefit of cloud computing where resources can be apportioned as necessary to meet customer demand.
92
What is the current EU privacy legislation that restricts dissemination of personal data outside the EU? A. The EU Data Directive B. The GDPR C. Privacy Shield D. SOX
B. The GDPR Explanation: GDPR is the current prevailing privacy data legislation. It replaced the Data Directive
93
Most PII is gathered by _________ A. EU companies B. Voluntary disclosure C. Malicious attackers D. Insidious methods
B. Voluntary disclosure Explanation: Most PII is gathered from individuals who voluntarily disclose it
94
You are the security manager for a software development firm. Your company is interested in using a managed cloud service provider for hosting its testing environment. WHich cloud service or deployment model would probably best suit your needs? A. IaaS B. PaaS C. SaaS D. Community
B. PaaS Explanation: PaaS is optimum for software testing as it allows the software to run across multiple platforms/OSs
95
DRM tools might be used to protect all the following assets except _________ A. A trusted device B. Proprietary software C. Medical records D. Financial data
A. A trusted device Explanation: DRM solutions are mainly designed to protect intellectual property assets, but they can also be used to provide enhanced protection to other electronic information
96
When discussing the cloud, we often segregate the data center into the terms compute, storage and networking. Compute is made up of ________ and ____________ A. Routers; hosts B. APIs; NBIs C. CPU; RAM D. Virtualized; actual hardware devices
C. CPU; RAM Explanation: The compute nodes of a cloud data center can be measured in terms of how many CPUs
97
An organizations data classification scheme must include which of the following categories? A. File size B. Origin of the data C. Sensitivity of the data D. Whatever the data owner decides
D. Whatever the data owner decides Explanation: Each organization has to decide for itself, how to classify its own data. With that said, many factors bear on this determination; external regulations and drivers
98
When you are building a new data center in a rural setting, which of the following is probably the most restrictive? A. Natural disasters B. Staffing C. Availability of emergency services D. Municipal codes
C. Availability of emergency services Explanation: In a rural location, the positioning and depth of first responders (fire, law enforcement, paramedics) may be severely limited in comparison to an urban setting
99
Which of the following is the primary purpose of an SOC 3 report? A. Absolute assurances B. Compliance with PCIDSS C. HIPAA compliance D. Seal of approval
D. Seal of approval Explanation: The SOC 3 report is more of an attestation than a full evaluation of controls associated with a service provider
100

CCSP 2023 (54 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions