Share Latest Nov-2023 CCSP DUMP with 830 Questions and Answers [Q412-Q434]

NEW QUESTION 412
All of the following are usually nonfunctional requirements except ____________.
Response:

Color

Sound

Security

Function

NEW QUESTION 413
Which of the cloud cross-cutting aspects relates to the ability to easily move services and applications between different cloud providers?

Reversibility

Availability

Portability

Interoperability

NEW QUESTION 414
Which of the following is the correct name for Tier II of the Uptime Institute Data Center Site Infrastructure Tier Standard Topology?
Response:

Concurrently Maintainable Site Infrastructure

Fault-Tolerant Site Infrastructure

Basic Site Infrastructure

Redundant Site Infrastructure Capacity Components

NEW QUESTION 415
The goals of SIEM solution implementation include all of the following, except:

Dashboarding

Performance enhancement

Trend analysis

Centralization of log streams

NEW QUESTION 416
At which phase of the SDLC process should security begin participating?
Response:

Requirements gathering

Requirements analysis

Design

Testing

NEW QUESTION 417
In the cloud motif, the data processor is usually:

The party that assigns access rights

The cloud customer

The cloud provider

The cloud access security broker

NEW QUESTION 418
What type of host is exposed to the public Internet for a specific reason and hardened to perform only that function for authorized users?

Proxy

Bastion

Honeypot

WAF

NEW QUESTION 419
What is used with a single sign-on system for authentication after the identity provider has successfully authenticated a user?
Response:

Token

Key

XML

SAML

NEW QUESTION 420
Why does a Type 2 hypervisor typically offer less security control than a Type 1 hypervisor?

A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.

A Type 2 hypervisor allows users to directly perform some functions with their own access.

A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities with that access.

A Type 2 hypervisor is always exposed to the public Internet for federated identity access.

NEW QUESTION 421
Which of the following threat types involves the sending of invalid and manipulated requests through a user’s client to execute commands on the application under their own credentials?

Injection

Cross-site request forgery

Missing function-level access control

Cross-site scripting

NEW QUESTION 422
The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “unvalidated redirects and forwards.” Which of the following is a good way to protect against this problem?

Don’t use redirects/forwards in your applications.

Refrain from storing credentials long term.

Implement security incident/event monitoring (security information and event management (SIEM)/security information management (SIM)/security event management (SEM)) solutions.

Implement digital rights management (DRM) solutions.

NEW QUESTION 423
Why does a Type 2 hypervisor typically offer less security control than a Type 1 hypervisor?

A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.

A Type 2 hypervisor allows users to directly perform some functions with their own access.

A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities with that access.

A Type 2 hypervisor is always exposed to the public Internet for federated identity access.

NEW QUESTION 424
When an API is being leveraged, it will encapsulate its data for transmission back to the requesting party or service.
What is the data encapsulation used with the SOAP protocol referred to as?

Packet

Payload

Object

Envelope

NEW QUESTION 425
Audits are either done based on the status of a system or application at a specific time or done as a study over a period of time that takes into account changes and processes.
Which of the following pairs matches an audit type that is done over time, along with the minimum span of time necessary for it?

SOC Type 2, one year

SOC Type 1, one year

SOC Type 2, one month

SOC Type 2, six months

NEW QUESTION 426
The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing.
According to the CSA, what aspect of managed cloud services makes the threat of malicious insiders so alarming?
Response:

Scalability

Multitenancy

Metered service

Flexibility

NEW QUESTION 427
With the rapid emergence of cloud computing, very few regulations were in place that pertained to it specifically, and organizations often had to resort to using a collection of regulations that were not specific to cloud in order to drive audits and policies.
Which standard from the ISO/IEC was designed specifically for cloud computing?

ISO/IEC 27001

ISO/IEC 19889

ISO/IEC 27001:2015

ISO/IEC 27018

NEW QUESTION 428
You were recently hired as a project manager at a major university to implement cloud services for the academic and administrative systems. Because the load and demand for services at a university are very cyclical in nature, commensurate with the academic calendar, which of the following aspects of cloud computing would NOT be a primary benefit to you?

Measured service

Broad network access

Resource pooling

On-demand self-service

NEW QUESTION 429
What is a data custodian responsible for?

The safe custody, transport, storage of the data, and implementation of business rules

Data content, context, and associated business rules

Logging and alerts for all data

Customer access and alerts for all data

NEW QUESTION 430
Which standards body depends heavily on contributions and input from its open membership base?
Response:

NIST

ISO