[Feb 20, 2023] 100% Latest Most updated CCSP Questions and Answers [Q87-Q103]

4/5 - (2 votes)

[Feb 20, 2023] 100% Latest Most updated CCSP Questions and Answers

Try with 100% Real Exam Questions and Answers

For more information, kindly read the exam reference

Cloud Infrastructure & Platform Security (17%):

Plan DR and BC – The candidates should understand a disaster recovery/business continuity strategy, risk associated with the Cloud environments, creation, testing & implementation of plans, and business requirements.
Design secure data centers – This subject area focuses on the learners’ knowledge of logical design, environmental design, and physical design;
Design & plan security controls – This section focuses on physical & environmental, virtualization systems protection, audit mechanisms, identification, authorization, and authentication within a Cloud infrastructure, and system & communication protection;
Understand the components of Cloud infrastructure – This subtopic tests your knowledge of compute, physical environment, storage, virtualization, management plane, and network & communications;
Evaluate Cloud infrastructure-related risks – These include risk assessment & analysis, virtualization risks, Cloud threats, vulnerabilities & attacks, as well as countermeasure strategies;

NO.87 The use of which of the following technologies will NOT require the security dependency of an operating system, other than its own?

Management plane

Type 1 hypervisor

Type 2 hypervisor

Virtual machine

NO.88 If you are running an application that has strict legal requirements that the data cannot reside on systems that contain other applications or systems, which aspect of cloud computing would be prohibitive in this case?

Multitenancy

Broad network access

Portability

Elasticity

Multitenancy is the aspect of cloud computing that involves having multiple customers and applications running within the same system and sharing the same resources. Although considerable mechanisms are in place to ensure isolation and separation, the data and applications are ultimately using shared resources. Broad network access refers to the ability to access cloud services from any location or client. Portability refers to the ability to easily move cloud services between different cloud providers, whereas elasticity refers to the capabilities of a cloud environment to add or remove services, as needed, to meet current demand.

NO.89 What type of data does data rights management (DRM) protect?

Consumer

PII

Financial

Healthcare

Explanation/Reference:
Explanation:
DRM applies to the protection of consumer media, such as music, publications, video, movies, and soon.

NO.90 Tokenization requires two distinct _________________ .

Personnel

Authentication factors

Encryption keys

Databases

In order to implement tokenization, there will need to be two databases: the database containing the raw, original data, and the token database containing tokens that map to original data. Having two-factor authentication is nice, but certainly not required. Encryption keys are not necessary for tokenization. Two- person integrity does not have anything to do with tokenization.

NO.91 Which of the following is the best example of a key component of regulated PII?
Response:

Items that should be implemented

Mandatory breach reporting

Audit rights of subcontractors

PCI DSS

NO.92 A main objective for an organization when utilizing cloud services is to avoid vendor lock-in so as to ensure flexibility and maintain independence.
Which core concept of cloud computing is most related to vendor lock-in?

Scalability

Interoperability

Portability

Reversibility

Portability is the ability for a cloud customer to easily move their systems, services, and applications among different cloud providers. By avoiding reliance on proprietary APIs and other vendor-specific cloud features, an organization can maintain flexibility to move among the various cloud providers with greater ease. Reversibility refers to the ability for a cloud customer to quickly and easy remove all their services and data from a cloud provider. Interoperability is the ability to reuse services and components for other applications and uses. Scalability refers to the ability of a cloud environment to add or remove resources to meet current demands.

NO.93 You work for a government research facility. Your organization often shares data with other government research organizations.
You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations.
Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization’s specific storage resources.
If you don’t use cross-certification, what other model can you implement for this purpose?

Third-party identity broker

Cloud reseller

Intractable nuanced variance

Mandatory access control (MAC)

NO.94 You are the IT director for a small contracting firm. Your company is considering migrating to a cloud production environment.
Which service model would best fit your needs if you wanted an option that reduced the chance of vendor lock-in but also did not require the highest degree of administration by your own personnel?

IaaS

PaaS

SaaS

TanstaafL

NO.95 What concept does the “D” represent with the STRIDE threat model?

Data loss

Denial of service

Data breach

Distributed

Explanation/Reference:
Explanation:
Any application can be a possible target of denial-of-service (DoS) attacks. From the application side, the developers should minimize how many operations are performed for non-authenticated users. This will keep the application running as quickly as possible and using the least amount of system resources to help minimize the impact of any such attacks.

NO.96 With a federated identity system, where would a user perform their authentication when requesting services or application access?

Cloud provider

The application

Their home organization

Third-party authentication system

Explanation/Reference:
Explanation:
With a federated identity system, a user will perform authentication with their home organization, and the application will accept the authentication tokens and user information from the identity provider in order to grant access. The purpose of a federated system is to allow users to authenticate from their home organization. Therefore, using the application or a third-party authentication system would be contrary to the purpose of a federated system because it necessitates the creation of additional accounts. The use of a cloud provider would not be relevant to the operations of a federated system.

NO.97 Which cloud storage type uses an opaque value or descriptor to categorize and organize data?
Response:

Volume

Object

Structured

Unstructured

NO.98 Three central concepts define what type of data and information an organization is responsible for pertaining to eDiscovery.
Which of the following are the three components that comprise required disclosure?

Possession, ownership, control

Ownership, use, creation

Control, custody, use

Possession, custody, control

Explanation
Data that falls under the purview of an eDiscovery request is that which is in the possession, custody, or control of the organization. Although this is an easy concept in a traditional data center, it can be difficult to distinguish who actually possesses and controls the data in a cloud environment due to multitenancy and resource pooling. Although these options provide similar-sounding terms, they are ultimately incorrect.

NO.99 Although the United States does not have a single, comprehensive privacy and regulatory framework, a number of specific regulations pertain to types of data or populations.
Which of the following is NOT a regulatory system from the United States federal government?

HIPAA

SOX

FISMA

PCI DSS

Explanation
The Payment Card Industry Data Security Standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry-regulatory standard, not a governmental one. The Sarbanes-Oxley Act (SOX) was passed in 2002 and pertains to financial records and reporting, as well as transparency requirements for shareholders and other stakeholders. The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 and pertains to data privacy and security for medical records. FISMA refers to the Federal Information Security Management Act of 2002 and pertains to the protection of all US federal government IT systems, with the exception of national security systems.

NO.100 A UPS should have enough power to last how long?

One day

12 hours

Long enough for graceful shutdown

10 minutes

Explanation/Reference:
Explanation:
Team-building has nothing to do with SAST; all the rest of the answers are characteristics of SAST.

NO.101 Which aspect of cloud computing will be most negatively impacted by vendor lock-in?

Elasticity

Reversibility

Interoperability

Portability

Explanation/Reference:
Explanation:
A cloud customer utilizing proprietary APIs or services from one cloud provider that are unlikely to be available from another cloud provider will most negatively impact portability.

NO.102 What provides the information to an application to make decisions about the authorization level appropriate when granting access?

User

Relying party

Federation

Identity Provider

Upon successful user authentication, the identity provider gives information about the user to the relying party that it needs to make authorization decisions for granting access as well as the level of access needed.

NO.103 Which jurisdiction lacks specific and comprehensive privacy laws at a national or top level of legal authority?

European Union

Germany

Russia

United States

Explanation/Reference:
Explanation:
The United States lacks a single comprehensive law at the federal level addressing data security and privacy, but there are multiple federal laws that deal with different industries.

Loading …