Get Special Discount Offer of CCSP Certification Exam Sample Questions and Answers [Q355-Q370]

Rate this post

Get Special Discount Offer of CCSP Certification Exam Sample Questions and Answers

New CCSP Dumps For Preparing ISC Cloud Security Certified ISC Exam Well

ISC CCSP Certification Exam covers a wide range of cloud security domains, including cloud concepts, architecture and design, data security, compliance and legal, operations, and infrastructure security. CCSP exam measures a candidate’s ability to understand and apply cloud security best practices and industry standards to mitigate risks and protect cloud environments.

QUESTION 355
The destruction of a cloud customer’s data can be required by all of the following except ___________.

Statute

Regulation

The cloud provider’s policy

Contract

QUESTION 356
What is the amount of fuel that should be on hand to power generators for backup datacenter power, in all tiers, according to the Uptime Institute?

1,000 gallons

12 hours

As much as needed to ensure all systems may be gracefully shut down and data securely stored

QUESTION 357
During which phase of the cloud data lifecycle is it possible for the classification of data to change?

Use

Archive

Create

The create phase encompasses any time data is created, imported, or modified. With any change in the content or value of data, the classification may also change. It must be continually reevaluated to ensure proper security. During the use, share, and archive phases, the data is not modified in any way, so the original classification is still relevant.

QUESTION 358
Cryptographic keys should be secured ________________ .

To a level at least as high as the data they can decrypt

In vaults

With two-person integrity

By armed guards

Explanation
The physical security of crypto keys is of some concern, but guards or vaults are not always necessary.
Two-person integrity might be a good practice for protecting keys. The best answer to this question is option A, because it is always true, whereas the remaining options depend on circumstances.

QUESTION 359
Which of the following is a restriction that can be enforced by information rights management (IRM) that is not possible for traditional file system controls?

Delete

Modify

Read

Explanation/Reference:
Explanation:
IRM allows an organization to control who can print a set of information. This is not be possible under traditional file system controls, where if a user can read a file, they are able to print it as well.

QUESTION 360
What are the six components that make up the STRIDE threat model?

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege

Spoofing, Tampering, Non-Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege

Spoofing, Tampering, Repudiation, Information Disclosure, Distributed Denial of Service, and Elevation of Privilege

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Social Engineering

QUESTION 361
Which technology can be useful during the “share” phase of the cloud data lifecycle to continue to protect data as it leaves the original system and security controls?

IPS

WAF

DLP

IDS

Explanation/Reference:
Explanation:
Data loss prevention (DLP) can be applied to data that is leaving the security enclave to continue to enforce access restrictions and policies on other clients and systems.

QUESTION 362
Gap analysis is performed for what reason?

To begin the benchmarking process

To assure proper accounting practices are being used

To provide assurances to cloud customers

To ensure all controls are in place and working properly

Explanation
The primary purpose of the gap analysis is to begin the benchmarking process against risk and security standards and frameworks.

QUESTION 363
As part of the auditing process, getting a report on the deviations between intended configurations and actual policy is often crucial for an organization.
What term pertains to the process of generating such a report?

Deficiencies

Findings

Gap analysis

Errors

Explanation/Reference:
Explanation:
The gap analysis determines if there are any differences between the actual configurations in use on systems and the policies that govern what the configurations are expected or mandated to be. The other terms provided are all similar to the correct answer (“findings” in particular is often used to articulate deviations in configurations), but gap analysis is the official term used.

QUESTION 364
Designers making applications for the cloud have to take into consideration risks and operational constraints that did not exist or were not as pronounced in the legacy environment. Which of the following is an element cloud app designers may have to consider incorporating in software for the cloud that might not have been as important in the legacy environment?

IAM capability

DDoS resistance

Encryption for data at rest and in motion

Field validation

QUESTION 365
What concept does the D represent within the STRIDE threat model?

Denial of service

Distributed

Data breach

Data loss

Explanation
Any application can be a possible target of denial of service (DoS) attacks. From the application side, the developers should minimize how many operations are performed for unauthenticated users. This will keep the application running as quickly as possible and using the least amount of system resources to help minimize the impact of any such attacks. None of the other options provided is the correct term.

QUESTION 366
Which of the following is NOT a common component of a DLP implementation process?
Response:

Discovery

Monitoring

Revision

Enforcement

QUESTION 367
Which of the following is a file server that provides data access to multiple, heterogeneous machines/users on the network?

Storage area network (SAN)

Network-attached storage (NAS)

Hardware security module (HSM)

Content delivery network (CDN)

QUESTION 368
When a data center is configured such that the backs of the devices face each other and the ambient temperature in the work area is cool, it is called ___________.
Response:

Hot aisle containment

Cold aisle containment

Thermo-optimized

HVAC modulated

QUESTION 369
What is the most secure form of code testing and review?

Open source

Proprietary/internal

Neither open source nor proprietary

Combination of open source and proprietary

QUESTION 370
Which of the following is NOT a component of access control?

Accounting

Federation

Authorization

Authentication

Explanation
Federation is not a component of access control. Instead, it is used to allow users possessing credentials from other authorities and systems to access services outside of their domain. This allows for access and trust without the need to create additional, local credentials. Access control encompasses not only the key concepts of authorization and authentication, but also accounting. Accounting consists of collecting and maintaining logs for both authentication and authorization for operational and regulatory requirements.

Loading …

ISC CCSP certification is a globally recognized credential that validates a professional’s knowledge and expertise in cloud security. It covers six domains and is ideal for professionals who are involved in cloud security, such as security architects, engineers, consultants, and managers. The CCSP certification has several benefits, including increased professional credibility and recognition, enhanced knowledge and skills in cloud security, improved career prospects, and higher salary potential.

Updated CCSP Dumps Questions Are Available For Passing ISC Exam: https://www.examcollectionpass.com/ISC/CCSP-practice-exam-dumps.html

Leave a Reply Cancel reply