Free ISC2 CCSP Exam Dumps and CCSP Exam Questions

Question No: 11

MultipleChoice

An audit against the ________ will demonstrate that an organization has adequate security controls to meet its ISO 27001 requirements.

Response:

Options

ASAS 70 standard

BSSAE 16 standard

CISO 27002 certification criteria

DNIST SP 800-53

Question No: 12

MultipleChoice

What is the most secure form of code testing and review?

Response:

Options

AOpen source

BProprietary/internal

CNeither open source nor proprietary

DCombination of open source and proprietary

Question No: 13

MultipleChoice

What is a data custodian responsible for?

Response:

Options

AThe safe custody, transport, storage of the data, and implementation of business rules

BData content, context, and associated business rules

CLogging and alerts for all data

DCustomer access and alerts for all data

Question No: 14

MultipleChoice

Of the following, which is probably the most significant risk in a managed cloud environment?

Response:

Options

ADDoS

BManagement plane breach

CGuest escape

DPhysical attack on the utility service lines

Question No: 15

MultipleChoice

Which of the following would probably best aid an organization in deciding whether to migrate from a legacy environment to a particular cloud provider?

Response:

Options

ARate sheets comparing a cloud provider to other cloud providers

BCloud provider offers to provide engineering assistance during the migration

CThe cost/benefit measure of closing the organization's relocation site (hot site/warm site) and using the cloud for disaster recovery instead

DSLA satisfaction surveys from other (current and past) cloud customers

Question No: 16

MultipleChoice

What is the primary security mechanism used to protect SOAP and REST APIs?

Response:

Options

AFirewalls

BXML firewalls

CEncryption

DWAFs

Question No: 17

MultipleChoice

Which of the following is not one of the types of controls?

Response:

Options

ATransitional

BAdministrative

CTechnical

DPhysical

Question No: 18

MultipleChoice

A cloud data encryption situation where the cloud customer retains control of the encryption keys and the cloud provider only processes and stores the data could be considered a ____________.

Response:

Options

AThreat

BRisk

CHybrid cloud deployment model

DCase of infringing on the rights of the provider

Question No: 19

MultipleChoice

Data transformation in a cloud environment should be of great concern to organizations considering cloud migration because __________ could affect data classification processes/implementations.

Response:

Options

AMultitenancy

BVirtualization

CRemote access

DPhysical distance

Question No: 20

MultipleChoice

Which of the following BCDR testing methodologies is least intrusive?

Response:

Options

AWalk-through

BSimulation

CTabletop

DFull test