ISC2 CCSP Secret 2021

NEW QUESTION 1

DRM solutions should generally include all the following functions, except:

• A. Persistency
• B. Automatic self-destruct
• C. Automatic expiration
• D. Dynamic policy control

Answer: B

NEW QUESTION 2

In general, a cloud BCDR solution will be ______ than a physical solution. Response:

• A. Slower
• B. Less expensive
• C. Larger
• D. More difficult to engineer

Answer: B

NEW QUESTION 3

The cloud deployment model that features organizational ownership of the hardware and infrastructure, and usage only by members of that organization, is known as:
Response:

• A. Private
• B. Public
• C. Hybrid
• D. Motive

Answer: A

NEW QUESTION 4

TLS uses ______ to authenticate a connection and create a shared secret for the duration of the session.

• A. SAML 2.0
• B. X.509 certificates
• C. 802.11X
• D. The Diffie-Hellman process

Answer: B

NEW QUESTION 5

A web application firewall (WAF) can understand and act on ______ traffic.
Response:

• A. Malicious
• B. SMTP
• C. ICMP
• D. HTTP

Answer: D

NEW QUESTION 6

Which concept pertains to cloud customers paying only for the resources they use and consume, and only for the duration they are using them?
Response:

• A. Measured service
• B. Auto-scaling
• C. Portability
• D. Elasticity

Answer: A

NEW QUESTION 7

Although performing BCDR tests at regular intervals is a best practice to ensure processes and documentation are still relevant and efficient, which of the following represents a reason to conduct a BCDR review outside of the regular interval?
Response:

• A. Staff changes
• B. Application changes
• C. Regulatory changes
• D. Management changes

Answer: B

NEW QUESTION 8

Which of the following methods for the safe disposal of electronic records can always be used in a cloud
environment? Response:

• A. Physical destruction
• B. Encryption
• C. Overwriting
• D. Degaussing

Answer: B

NEW QUESTION 9

Cloud environments are based entirely on virtual machines and virtual devices, and those images are also in need of storage within the environment. What type of storage is typically used for virtual images?
Response:

• A. Volume
• B. Structured
• C. Unstructured
• D. Object

Answer: D

NEW QUESTION 10

All of the following are identity federation standards commonly found in use today except ______.
Response:

• A. WS-Federation
• B. OpenID
• C. OAuth
• D. PGP

Answer: D

NEW QUESTION 11

An audit against the ______ will demonstrate that an organization has a holistic, comprehensive security program.
Response:

• A. SAS 70 standard
• B. SSAE 16 standard
• C. SOC 2, Type 2 report matrix
• D. ISO 27001 certification requirements

Answer: D

NEW QUESTION 12

The Brewer-Nash security model is also known as which of the following? Response:

• A. MAC
• B. The Chinese Wall model
• C. Preventive measures
• D. RBAC

Answer: B

NEW QUESTION 13

According to OWASP recommendations, active software security testing should include all of the following except ______ .
Response:

• A. Session initiation testing
• B. Input validation testing
• C. Testing for error handling
• D. Testing for weak cryptography

Answer: A

NEW QUESTION 14

Resolving resource contentions in the cloud will most likely be the job of the ______.
Response:

• A. Router
• B. Emulator
• C. Regulator
• D. Hypervisor

Answer: D

NEW QUESTION 15

Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site Infrastructure Tier Standard Topology?

• A. Concurrently Maintainable Site Infrastructure
• B. Fault-Tolerant Site Infrastructure
• C. Basic Site Infrastructure
• D. Redundant Site Infrastructure Capacity Components

Answer: D

NEW QUESTION 16

Who should be involved in review and maintenance of user accounts/access? Response:

• A. The user’s manager
• B. The security manager
• C. The accounting department
• D. The incident response team

Answer: A

NEW QUESTION 17

Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site Infrastructure Tier Standard Topology?
Response:

• A. Concurrently Maintainable Site Infrastructure
• B. Fault-Tolerant Site Infrastructure
• C. Basic Site Infrastructure
• D. Redundant Site Infrastructure Capacity Components

Answer: D

NEW QUESTION 18

Which one of the following is not one of the three common threat modeling techniques? Response:

• A. Focused on assets
• B. Focused on attackers
• C. Focused on software
• D. Focused on social engineering

Answer: D

NEW QUESTION 19

Which SSAE 16 report is purposefully designed for public release (for instance, to be posted on a company’s website)?
Response:

• A. SOC 1
• B. SOC 2, Type 1
• C. SOC 2, Type 2
• D. SOC 3

Answer: D

NEW QUESTION 20

Which of the following is not a feature of SAST? Response:

• A. Source code review
• B. Team-building efforts
• C. “White-box” testing
• D. Highly skilled, often expensive outside consultants

Answer: B

NEW QUESTION 21

Static software security testing typically uses ______ as a measure of how thorough the testing was. Response:

• A. Number of testers
• B. Flaws detected
• C. Code coverage
• D. Malware hits

Answer: C

NEW QUESTION 22

Which of the following is a method for apportioning resources that involves setting maximum usage amounts for all tenants/customers within the environment?
Response:

• A. Reservations
• B. Shares
• C. Cancellations
• D. Limits

Answer: D

NEW QUESTION 23

Because PaaS implementations are so often used for software development, what is one of the vulnerabilities that should always be kept in mind?
Response:

• A. Malware
• B. Loss/theft of portable devices
• C. Backdoors
• D. DoS/DDoS

Answer: C

NEW QUESTION 24

You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
What should you not expect the tool to address? Response:

• A. Sensitive data sent inadvertently in user emails
• B. Sensitive data captured by screen shots
• C. Sensitive data moved to external devices
• D. Sensitive data in the contents of files sent via FTP

Answer: B

NEW QUESTION 25

The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, what is one reason the threat of insecure interfaces and APIs is so prevalent in cloud computing?
Response:

• A. Most of the cloud customer’s interaction with resources will be performed through APIs.
• B. APIs are inherently insecure.
• C. Attackers have already published vulnerabilities for all known APIs.
• D. APIs are known carcinogens.

Answer: A

NEW QUESTION 26

Each of the following are dependencies that must be considered when reviewing the BIA after cloud migration except:
Response:

• A. The cloud provider’s suppliers
• B. The cloud provider’s vendors
• C. The cloud provider’s utilities
• D. The cloud provider’s resellers

Answer: D

NEW QUESTION 27

The Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR) program has ______ tiers.
Response:

• A. Two
• B. Three
• C. Four
• D. Eight

Answer: B

NEW QUESTION 28
......