ISC2 CCSP Certified Cloud Security Professional Exam Practice Test

Page: 1 / 14
Total 512 questions
Question 1

Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?



Answer : B

It is imperative that an application perform checks when each function or portion of the application is accessed, to ensure that the user is properly authorized to access it. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted.


Question 2

What masking strategy involves the replacing of sensitive data at the time it is accessed and used as it flows between the data and application layers of a service?



Answer : C

Dynamic masking involves the live replacing of sensitive data fields during transactional use between the data and application layers of a service. Static masking involves creating a full data set with the sensitive data fields masked, but is not done during live transactions like dynamic masking. Active and transactional are offered as similar types of answers but are not types of masking.


Question 3

Maintenance mode requires all of these actions except:



Answer : C

While the other answers are all steps in moving from normal operations to maintenance mode, we do not necessarily initiate any enhanced security controls.


Question 4

What type of PII is regulated based on the type of application or per the conditions of the specific hosting agreement?



Answer : B

Contractual PII has specific requirements for the handling of sensitive and personal information, as defined at a contractual level. These specific requirements will typically document the required handling procedures and policies to deal with PII. They may be in specific security controls and configurations, required policies or procedures, or limitations on who may gain authorized access to data and systems.


Question 5

Which of the following is a restriction that can be enforced by information rights management (IRM) that is not possible for traditional file system controls?



Answer : D

IRM allows an organization to control who can print a set of information. This is not be possible under traditional file system controls, where if a user can read a file, they are able to print it as well.


Question 6

Gathering business requirements can aid the organization in determining all of this information about organizational assets, except:



Answer : D

When we gather information about business requirements, we need to do a complete inventory, receive accurate valuation of assets (usually from the owners of those assets), and assess criticality; this collection of information does not tell us, objectively, how useful an asset is, however.


Question 7

If you are running an application that has strict legal requirements that the data cannot reside on systems that contain other applications or systems, which aspect of cloud computing would be prohibitive in this case?



Answer : A

Multitenancy is the aspect of cloud computing that involves having multiple customers and applications running within the same system and sharing the same resources. Although considerable mechanisms are in place to ensure isolation and separation, the data and applications are ultimately using shared resources. Broad network access refers to the ability to access cloud services from any location or client. Portability refers to the ability to easily move cloud services between different cloud providers, whereas elasticity refers to the capabilities of a cloud environment to add or remove services, as needed, to meet current demand.


Page:    1 / 14   
Total 512 questions