CCSP 2021 BEST EXAM STUDY ALREADY GRADED A+

What type of solutions enable enterprises or individuals to store data and computer files on the Internet using a storage service provider rather than keeping the data locally on a physical disk such as a hard drive or tape backup? A. Online backups B. Cloud backup solutions C. Removable hard drives D. Masking Correct answer- B When using an infrastructure as a service (IaaS) solution, which of the following is not an essential benefit for the customer? A. Removing the need to maintain a license library B. Metered service C. Energy and cooling efficiencies D. Transfer of ownership cost Correct answer- A ______________focuses on security and encryption to prevent unauthorized copying and limitations on distribution to only those who pay. A. Information rights management (IRM) B. Masking C. Bit splitting D. Degaussing Correct answer- A Which of the following represents the correct set of four cloud deployment models? A. Public, private, joint and community B. Public, private, hybrid, and community C. Public, Internet, hybrid, and community D. External, private, hybrid, and community Correct answer- B A special mathematical code that allows encryption hardware/software to encrypt and then decipher a message. A. PKI B. Key C. Public-private D. Masking Correct answer- B Which of the following lists the correct six components of the STRIDE threat model? A. Spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege B. Spoofing, tampering, refutation, information disclosure, denial of service, and social engineering elasticity C. Spoofing, tampering, repudiation, information disclosure, distributed denial of service, and elevation of privilege D. Spoofing, tampering, nonrepudiation, information disclosure, denial of service, and elevation of privilege Correct answer- A What is the term that describes the assurance that a specific author actually created and sent a specific item to a specific recipient, and that the message was successfully received? A. PKI B. DLP C. Nonrepudiation D. Bit splitting Correct answer- C What is the correct term for the process of deliberately destroying the encryption keys used to encrypt data? A. Poor key management B. PKI C. Obfuscation D. Crypto-shredding Correct answer- D In a federated environment, who is the relying party, and what do they do? A. The relying party is the service provider, and they consume the tokens generated by the identity provider. B. The relying party is the service provider, and they consume the tokens generated by the customer. C. The relying party is the customer, and they consume the tokens generated by the identity provider. D. The relying party is the identity provider, and they consume the tokens generated by the service provider. Correct answer- A What is the process of replacing sensitive data with unique identification symbols/addresses? A. Randomization B. Elasticity C. Obfuscation D. Tokenization Correct answer- D Which of the following data storage types are associated or used with platform as a service (PaaS)? A. Databases and big data B. SaaS application C. Tabular D. Raw and block Correct answer- A What is the term used for software technology that abstracts application software from the underlying operating system on which it is executed? A. Partition B. Application virtualization C. Distributed D. SaaS Correct answer- B Which of the following represents the US legislation enacted to protect shareholders and the public from enterprise accounting errors and fraudulent practices? A. PCI B. Gramm-Leach-Bliley Act (GLBA) C. Sarbanes-Oxley Act (SOX) D. HIPAA Correct answer- C Which of the following is a device that can safely store and manage encryption keys and is used in servers, data transmission, and log files? A. Private key B. Hardware security module (HSM) C. Public key D. Trusted operating system module (TOS) Correct answer- B What is a type of cloud infrastructure that is provisioned for open use by the general public and is owned, managed, and operated by a cloud provider? A. Private cloud B. Public cloud C. Hybrid cloud D. Personal cloud Correct answer- B When transparent encryption of a database is used, where does the encryption engine reside? A. Within the database application itself B. At the application using the database C. On the instances attached to the volume D. In a key management system Correct answer- A What is a type of assessment that employs a set of methods, principles, or rules for assessing risk based on nonnumerical categories or levels? A. Quantitative assessment B. Qualitative assessment C. Hybrid assessment D. SOC 2 Correct answer- B Which of the following best describes the Cloud Security Alliance Cloud Controls Matrix (CSA CCM)? A. A set of regulatory requirements for cloud service providers B. A set of software development lifecycle requirements for cloud service providers C. A security controls framework that provides mapping/cross relationships with the main industry-accepted security standards, regulations, and controls frameworks D. An inventory of cloud service security controls that are arranged into separate security domains Correct answer- C When a conflict between parties occurs, which of the following is the primary means of determining the jurisdiction in which the dispute will be heard? A. Tort law B. Contract C. Common law D. Criminal law Correct answer- B Which one of the following is the most important security consideration when selecting a new computer facility? A. Local law enforcement response times B. Location adjacent to competitor's facilities Your selection is incorrect C. Aircraft flight paths D. Utility infrastructure Correct answer- D Which of the following is always safe to use in the disposal of electronic records within a cloud environment? A. Physical destruction B. Overwriting C. Encryption D. Degaussing Correct answer- C Which of the following does not represent an attack on a network? A. Syn flood B. Denial of service C. Nmap scan D. Brute force Correct answer- C Which of the following takes advantage of the information developed in the business impact analysis (BIA)? A. Calculating ROI B. Risk analysis C. Calculating TCO D. Securing asset acquisitions Correct answer- B Which of the following terms best describes a managed service model where software applications are hosted by a vendor or cloud service provider and made available to customers over network resources? A. Infrastructure as a service (IaaS) B. Public cloud C. Software as a service (SaaS) D. Private cloud Correct answer- C Which of the following is a federal law enacted in the United States to control the way financial institutions deal with private information of individuals? A. PCI B. ISO/IEC C. Gramm-Leach-Bliley Act (GLBA) D. Consumer Protection Act Correct answer- C The typical function of Secure Sockets Layer (SSL) in securing Wireless Application Protocol (WAP) is to protect transmissions that exist: A. Between the WAP gateway and the wireless endpoint device B. Between the web server and the WAP gateway C. From the web server to the wireless endpoint device D. Between the wireless device and the base station Correct answer- C What is an audit standard for service organizations? A. SOC 1 B. SSAE 18 C. GAAP D. SOC 2 Correct answer- B What is a company that purchases hosting services from a cloud server hosting provider or cloud computing provider and then resells to its own customers? A. Cloud programmer B. Cloud broker C. Cloud proxy D. VAR Correct answer- B Which of the following is comparable to grid computing in that it relies on sharing computing resources rather than having local servers or personal devices to handle applications? A. Server hosting B. Legacy computing C. Cloud computing D. Intranet Correct answer- C What is a set of technologies designed to analyze application source code and binaries for coding and design conditions that are indicative of security vulnerabilities? A. Dynamic application security testing (DAST) B. Static application security testing (SAST) C. Secure coding D. OWASP Correct answer- B Which of the following is not a common cloud service model? A. Software as a service (SaaS) B. Programming as a service (PaaS) C. Infrastructure as a service (IaaS) D. Platform as a service (PaaS) Correct answer- B All of these technologies have made cloud service viable except ___________________. A. Virtualization B. Widely available broadband C. Encrypted connectivity D. Smart hubs Correct answer- D Cloud vendors are held to contractual obligations with specified metrics by ___________________. A. Service-level agreements (SLAs) B. Regulations C. Law D. Discipline Correct answer- A ________ drive(s) security decisions. A. Customer service responses B. Surveys C. Business requirements D. Public opinion Correct answer- C If a cloud customer cannot get access to the cloud provider, this affects what portion of the CIA triad? A. Integrity B. Authentication C. Confidentiality D. Availability Correct answer- D Cloud access security brokers (CASBs) might offer all the following services except ___________________. A. Single sign-on B. Business continuity/disaster recovery/Continuity of Operations (BC/DR/COOP) C. Identity and access management (IAM) D. Key escrow Correct answer- B Encryption can be used in various aspects of cloud computing, including all of these except ___________________. A. Storage B. Remote access C. Secure sessions D. Magnetic swipe cards Correct answer- D All of these are reasons an organization may want to consider cloud migration except ___________________. A. Reduced personnel costs B. Elimination of risks C. Reduced operational expenses D. Increased efficiency Correct answer- B The generally accepted definition of cloud computing includes all of the following characteristics except ___________________. A. On-demand self-service B. Negating the need for backups C. Resource pooling D. Measured or metered service Correct answer- B A gamer is part of the PlayStation Network community cloud. Who owns the PlayStation console in the gamer's home? A. Sony B. The community as a whole C. The company that made the game that the gamer is playing at the time D. The gamer Correct answer- D The risk that a cloud provider might go out of business and the cloud customer might not be able to recover data is known as ___________________. A. Vendor closure B. Vendor lock-out C. Vendor lock-in D. Vending route Correct answer- B All of these are features of cloud computing except ___________________. A. Broad network access B. Reversed charging configuration C. Rapid scaling D. On-demand self-service Correct answer- B When a cloud customer uploads personally identifiable information (PII) to a cloud provider, who is ultimately responsible for the security of that PII? A. Cloud provider B. Regulators C. Cloud customer D. The individuals who are the subjects of the PII Correct answer- C We use which of the following to determine the critical paths, processes, and assets of an organization? A. Business requirements B. Business impact analysis (BIA) C. Risk Management Framework (RMF) D. Confidentiality, integrity, availability (CIA) triad Correct answer- B If an organization owns all of the hardware and infrastructure of a cloud data center that is used only by members of that organization, which cloud model would this be? A. Private B. Public C. Hybrid D. Motive Correct answer- A The cloud deployment model that features ownership by a cloud provider, with services offered to anyone who wants to subscribe, is known as ___________________. A. Private B. Public C. Hybrid D. Latent Correct answer- B The cloud deployment model that features joint ownership of assets among an affinity group is known as ___________________. A. Private B. Public C. Hybrid D. Community Correct answer- D If a cloud customer wants a secure, isolated environment in order to conduct software development and testing, which cloud service model would probably be best? A. IaaS B. PaaS C. SaaS D. Hybrid Correct answer- B If a cloud customer wants a fully operational environment with very little maintenance or administration necessary, which cloud service model would probably be best? A. IaaS B. PaaS C. SaaS D. Hybrid Correct answer- C If a cloud customer wants a bare-bones environment in which to replicate their own enterprise for business continuity/disaster recovery (BC/DR) purposes, which cloud service model would probably be best? A. IaaS B. PaaS C. SaaS D. Hybrid Correct answer- A Gathering business requirements can aid the organization in determining all of these facets of organizational assets except ___________________. A. Full inventory B. Usefulness C. Value D. Criticality Correct answer- B The BIA can be used to provide information about all the following elements except___________________. A. Risk analysis B. Secure acquisition C. BC/DR planning D. Selection of security controls Correct answer- B In which cloud service model is the customer required to maintain the OS? A. CaaS B. SaaS C. PaaS D. IaaS Correct answer- D In which cloud service model is the customer required to maintain and update only the applications? A. CaaS B. SaaS C. PaaS D. IaaS Correct answer- C 55 In which cloud service model is the customer only responsible for the data? A. CaaS B. SaaS C. PaaS D. IaaS Correct answer- B The cloud customer and provider negotiate their respective responsibilities and rights regarding the capabilities and data of the cloud service. Where is the eventual agreement codified? A. RMF B. Contract C. MOU D. BIA Correct answer- B In attempting to provide a layered defense, the security practitioner should convince senior management to include security controls of which type? A. Technological B. Physical C. Administrative D. All of the above Correct answer- D Which of the following is considered an administrative control? A. Access control process B. Keystroke logging C. Door locks D. Biometric authentication Correct answer- A Which of the following is considered a technological control? A. Firewall software B. Fireproof safe C. Fire extinguisher D. Firing personnel Correct answer- A Which of the following is the best example of a physical control? A. Carpets B. Ceilings C. Doors D. Fences Correct answer- D In a cloud environment, encryption should be used for all the following except ___________________. A. Long-term storage of data B. Near-term storage of virtualized images C. Secure sessions/VPN D. Profile formatting Correct answer- D The process of hardening a device should include all the following except ___________________. A. Improve default accounts B. Close unused ports C. Delete unnecessary services D. Strictly control administrator access Correct answer- A The process of hardening a device should include which of the following? A. Encrypting the OS B. Updating and patching the system C. Using video cameras D. Performing thorough personnel background checks Correct answer- B What is an experimental technology that is intended to create the possibility of processing encrypted data without having to decrypt it first? A. Homomorphic B. Polyinstantiation C. Quantum-state D. Gastronomic Correct answer- A Risk appetite for an organization is determined by which of the following? A. Reclusion evaluation B. Senior management C. Legislative mandates D. Contractual agreement Correct answer- B What is the risk left over after controls and countermeasures are put in place? A. Null B. High C. Residual D. Pertinent Correct answer- C All the following are ways of addressing risk except ___________________. A. Acceptance B. Reversal C. Mitigation D. Transfer Correct answer- B To protect data on user devices in a BYOD environment, the organization should consider requiring all the following except ___________________. A. DLP agents B. Local encryption C. Multifactor authentication D. Two-person integrity Correct answer- D Devices in the cloud data center should be secure against attack. All the following are means of hardening devices except ___________________. A. Using a strong password policy B. Removing default passwords C. Strictly limiting physical access D. Removing all admin accounts Correct answer- D Which of the following best describes risk? A. Preventable B. Everlasting C. The likelihood that a threat will exploit a vulnerability D. Transient Correct answer- C All of these are methods of data discovery except: A. Content-based B. User-based C. Label-based D. Metadata-based Correct answer- B Data labels could include all the following except: A. Date data was created B. Data owner C. Data value D. Date of scheduled destruction Correct answer- C Data labels could include all the following except: A. Source B. Delivery vendor C. Handling restrictions D. Jurisdiction Correct answer- B Data labels could include all the following except: A. Confidentiality level B. Distribution limitations C. Access restrictions D. Multifactor authentication Correct answer- D All the following are data analytics modes except: A. Real-time analytics B. Datamining C. Agile business intelligence D. Refractory iterations Correct answer- D In the cloud, the data owner is usually: A. In another jurisdiction B. The cloud customer C. The cloud provider D. The cloud access security broker Correct answer- B In the cloud, the data processor is usually: A. The party that assigns access rights B. The cloud customer C. The cloud provider D. The cloud access security broker Correct answer- C Which of the following is not an acceptable means of sanitizing hardware? A. Burning B. Deletion C. Industrial Shredding D. Drilling Correct answer- B All policies within the organization should include a section that includes all of the following except: A. Policy maintenance B. Policy monitoring C. Policy enforcement D. Policy transference Correct answer- D The most pragmatic option for data disposal in the cloud is which of the following? A. Melting B. Crypto-shredding C. Cold fusion D. Overwriting Correct answer- B What is the intellectual property protection for the tangible expression of a creative idea? A. Copyright B. Patent C. Trademark D. Trade secret Correct answer- A What is the intellectual property protection for a useful manufacturing innovation? A. Copyright B. Patent C. Trademark D. Trade secret Correct answer- B What is the intellectual property protection for a very valuable set of sales leads? A. Copyright B. Patent C. Trademark D. Trade secret Correct answer- D What is the intellectual property protection for a confidential recipe for muffins? A. Copyright B.