Download ISC.CCSP.TestKing.2019-04-04.287q.vcex

Download Exam

File Info

Exam Certified Cloud Security Professional (CCSP)
Number CCSP
File Name ISC.CCSP.TestKing.2019-04-04.287q.vcex
Size 253 KB
Posted Apr 04, 2019
Download ISC.CCSP.TestKing.2019-04-04.287q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

What is the best source for information about securing a physical asset's BIOS?


  1. Security policies
  2. Manual pages
  3. Vendor documentation
  4. Regulations
Correct answer: C
Explanation:
Vendor documentation from the manufacturer of the physical hardware is the best source of best practices for securing the BIOS.
Vendor documentation from the manufacturer of the physical hardware is the best source of best practices for securing the BIOS.



Question 2

Which of the following is not a component of contractual PII?


  1. Scope of processing
  2. Value of data
  3. Location of data
  4. Use of subcontractors
Correct answer: C
Explanation:
The value of data itself has nothing to do with it being considered a part of contractual
The value of data itself has nothing to do with it being considered a part of contractual



Question 3

Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment, and only for the duration that they are consuming them?


  1. Consumable service
  2. Measured service
  3. Billable service
  4. Metered service
Correct answer: B
Explanation:
Measured service is where cloud services are delivered and billed in a metered way, where the cloud customer only pays for those that they actually use, and for the duration of time that they use them.
Measured service is where cloud services are delivered and billed in a metered way, where the cloud customer only pays for those that they actually use, and for the duration of time that they use them.



Question 4

Which of the following roles involves testing, monitoring, and securing cloud services for an organization?


  1. Cloud service integrator
  2. Cloud service business manager
  3. Cloud service user
  4. Cloud service administrator
Correct answer: D
Explanation:
The cloud service administrator is responsible for testing cloud services, monitoring services, administering security for services, providing usage reports on cloud services, and addressing problem reports
The cloud service administrator is responsible for testing cloud services, monitoring services, administering security for services, providing usage reports on cloud services, and addressing problem reports



Question 5

What is the only data format permitted with the SOAP API?


  1. HTML
  2. SAML
  3. XSML
  4. XML
Correct answer: D
Explanation:
The SOAP protocol only supports the XML data format.
The SOAP protocol only supports the XML data format.



Question 6

Which data formats are most commonly used with the REST API?


  1. JSON and SAML
  2. XML and SAML
  3. XML and JSON
  4. SAML and HTML
Correct answer: C
Explanation:
JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the most commonly used data formats for the Representational State Transfer (REST) API, and are typically implemented with caching for increased scalability and performance.
JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the most commonly used data formats for the Representational State Transfer (REST) API, and are typically implemented with caching for increased scalability and performance.



Question 7

Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?


  1. Injection
  2. Missing function-level access control
  3. Cross-site request forgery
  4. Cross-site scripting
Correct answer: B
Explanation:
It is imperative that an application perform checks when each function or portion of the application is accessed, to ensure that the user is properly authorized to access it. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted.
It is imperative that an application perform checks when each function or portion of the application is accessed, to ensure that the user is properly authorized to access it. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted.



Question 8

Which of the following cloud aspects complicates eDiscovery?


  1. Resource pooling
  2. On-demand self-service
  3. Multitenancy
  4. Measured service
Correct answer: C
Explanation:
With multitenancy, eDiscovery becomes more complicated because the data collection involves extra steps to ensure that only those customers or systems that are within scope are turned over to the requesting authority.
With multitenancy, eDiscovery becomes more complicated because the data collection involves extra steps to ensure that only those customers or systems that are within scope are turned over to the requesting authority.



Question 9

What is a serious complication an organization faces from the perspective of compliance with international operations?


  1. Different certifications
  2. Multiple jurisdictions
  3. Different capabilities
  4. Different operational procedures
Correct answer: B
Explanation:
When operating within a global framework, a security professional runs into a multitude of jurisdictions and requirements, and many times they might be in contention with one other or not clearly applicable. These requirements can include the location of the users and the type of data they enter into systems, the laws governing the organization that owns the application and any regulatory requirements they may have, as well as the appropriate laws and regulations for the jurisdiction housing the IT resources and where the data is actually stored, which might be multiple jurisdictions as well.
When operating within a global framework, a security professional runs into a multitude of jurisdictions and requirements, and many times they might be in contention with one other or not clearly applicable. These requirements can include the location of the users and the type of data they enter into systems, the laws governing the organization that owns the application and any regulatory requirements they may have, as well as the appropriate laws and regulations for the jurisdiction housing the IT resources and where the data is actually stored, which might be multiple jurisdictions as well.



Question 10

Which networking concept in a cloud environment allows for network segregation and isolation of IP spaces?


  1. PLAN
  2. WAN
  3. LAN
  4. VLAN
Correct answer: D
Explanation:
A virtual area network (VLAN) allows the logical separation and isolation of networks and IP spaces to provide enhanced security and controls.
A virtual area network (VLAN) allows the logical separation and isolation of networks and IP spaces to provide enhanced security and controls.









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files