File Info
| Exam | Certified Cloud Security Professional (CCSP) |
| Number | CCSP |
| File Name | ISC.CCSP.NewDumps.2023-08-04.167q.vcex |
| Size | 94 KB |
| Posted | Aug 04, 2023 |
| Downloads: | 2 |
| Download | ISC.CCSP.NewDumps.2023-08-04.167q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Under EU law, a cloud customer who gives sensitive data to a cloud provider is still legally responsible for the damages resulting from a data breach caused by the provider; the EU would say that it is the cloud customer’s fault for choosing the wrong provider.
This is an example of insufficient ______ .
- Proof
- Evidence
- Due diligence
- Application of reasonableness
Correct answer: C
Question 2
What is the term that describes the situation when a malicious user/attacker can exit the restrictions of a single host and access other nodes on the network?
Response:
- Host escape
- Guest escape
- Provider exit
- Escalation of privileges
Correct answer: A
Question 3
According to the (ISC)2 Cloud Secure Data Life Cycle, which phase comes soon after (or at the same time as) the Create phase?
- Store
- Use
- Deploy
- Archive
Correct answer: A
Question 4
Which cloud storage type uses an opaque value or descriptor to categorize and organize data? Response:
- Volume
- Object
- Structured
- Unstructured
Correct answer: D
Question 5
What type of device is often leveraged to assist legacy applications that may not have the programmatic capability to process assertions from modern web services?
- Web application firewall
- XML accelerator
- Relying party
- XML firewall
Correct answer: B
Question 6
Which of the following is essential for getting full security value from your system baseline? Response:
- Capturing and storing an image of the baseline
- Keeping a copy of upcoming suggested modifications to the baseline
- Having the baseline vetted by an objective third party
- Using a baseline from another industry member so as not to engage in repetitious efforts
Correct answer: A
Question 7
The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “unvalidated redirects and forwards.”
Which of the following is a good way to protect against this problem? Response:
- Don’t use redirects/forwards in your applications.
- Refrain from storing credentials long term.
- Implement security incident/event monitoring (security information and event management (SIEM)/security information management (SIM)/security event management (SEM)) solutions.
- Implement digital rights management (DRM) solutions.
Correct answer: A
Question 8
When an organization implements an SIEM solution and begins aggregating event data, the configured event sources are only valid at the time it was configured.
Application modifications, patching, and other upgrades will change the events generated and how they are represented over time.
What process is necessary to ensure events are collected and processed with this in mind?
- Continual review
- Continuous optimization
- Aggregation updates
- Event elasticity
Correct answer: B
Question 9
Which document will enforce uptime and availability requirements between the cloud customer and cloud provider?
Response:
- Contract
- Operational level agreement
- Service level agreement
- Regulation
Correct answer: C
Question 10
Which of the following is a file server that provides data access to multiple, heterogeneous machines/users on the network?
Response:
- Storage area network (SAN)
- Network-attached storage (NAS)
- Hardware security module (HSM)
- Content delivery network (CDN)
Correct answer: B
