
New 2021 Latest Questions CCSP Dumps - Use Updated ISC Exam
Latest CCSP Exam Dumps ISC Exam from Training Expert VCETorrent
Prerequisites
The potential candidates for the (ISC)2 CSSP certification should have at least 5 years of cumulative, paid, and full-time professional experience in the Information Technology sector. Three of these five years must be within the domain of information security and at least one year of experience must be in one or more of the six domains of the (ISC)2 CCSP Common Book of Knowledge. Those individuals who already earned the CSA CCSK certificate can substitute it for the prerequisite experience.
NEW QUESTION 11
Digital investigations have adopted many of the same methodologies and protocols as other types of criminal or scientific inquiries.
What term pertains to the application of scientific norms and protocols to digital investigations?
- A. Forensics
- B. Investigative
- C. Scientific
- D. Methodological
Answer: A
Explanation:
Explanation
Forensics refers to the application of scientific methods and protocols to the investigation of crimes. Although forensics has traditionally been applied to well-known criminal proceedings and investigations, the term equally applies to digital investigations and methods. Although the other answers provide similar-sounding terms and ideas, none is the appropriate answer in this case.
NEW QUESTION 12
Which of the following threat types can occur when baselines are not appropriately applied or unauthorized changes are made?
- A. Insecure direct object references
- B. Security misconfiguration
- C. Unvalidated redirects and forwards
- D. Sensitive data exposure
Answer: B
Explanation:
Explanation
Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner. This can be caused from a shortcoming in security baselines or configurations, unauthorized changes to system configurations, or a failure to patch and upgrade systems as the vendor releases security patches.
NEW QUESTION 13
Which of the following threat types can occur when baselines are not appropriately applied or unauthorized changes are made?
- A. Insecure direct object references
- B. Security misconfiguration
- C. Unvalidated redirects and forwards
- D. Sensitive data exposure
Answer: B
Explanation:
Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner. This can be caused from a shortcoming in security baselines or configurations, unauthorized changes to system configurations, or a failure to patch and upgrade systems as the vendor releases security patches.
NEW QUESTION 14
All of the following are techniques to enhance the portability of cloud data, in order to minimize the potential of vendor lock-in except:
- A. Ensure favorable contract terms to support portability
- B. Use DRM and DLP solutions widely throughout the cloud operation
- C. Avoid proprietary data formats
- D. Ensure there are no physical limitations to moving
Answer: B
Explanation:
Explanation
DRM and DLP are used for increased authentication/access control and egress monitoring, respectively, and would actually decrease portability instead of enhancing it.
NEW QUESTION 15
What type of storage structure does object storage employ to maintain files?
- A. Flat
- B. Directory
- C. Hierarchical
- D. tree
Answer: A
Explanation:
Explanation
Explanation:
Object storage uses a flat file system to hold storage objects; it assigns files a key value that is then used to access them, rather than relying on directories or descriptive filenames. Typical storage layouts such as tree, directory, and hierarchical structures are used within volume storage, whereas object storage maintains a flat structure with key values.
NEW QUESTION 16
The Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR) program has
__________ tiers.
- A. Two
- B. Three
- C. Eight
- D. Four
Answer: B
NEW QUESTION 17
Just like the risk management process, the BCDR planning process has a defined sequence of steps and processes to follow to ensure the production of a comprehensive and successful plan.
Which of the following is the correct sequence of steps for a BCDR plan?
- A. Gather requirements, define scope, implement, assess risk
- B. Gather requirements, define scope, assess risk, implement
- C. Define scope, gather requirements, assess risk, implement
- D. Define scope, gather requirements, implement, assess risk
Answer: C
Explanation:
The correct sequence for a BCDR plan is to define the scope, gather requirements based on the scope, assess overall risk, and implement the plan. The other sequences provided are not in the correct order.
NEW QUESTION 18
Which type of cloud service category would having a vendor-neutral encryption scheme for data at rest (DAR) be the MOST important?
Response:
- A. Hybrid
- B. Community
- C. Public
- D. Private
Answer: A
NEW QUESTION 19
What are the objectives of change management?
(Choose all that apply.)
Response:
- A. Respond to a customer's changing business requirements while maximizing value and reducing incidents, disruption, and rework
- B. Respond to business and IT requests for change that will disassociate services with business needs
- C. Ensure that changes are recorded and evaluated
- D. Ensure that all changes are prioritized, planned, tested, implemented, documented, and reviewed in a controlled manner
Answer: A,C
NEW QUESTION 20
ISO/IEC has established international standards for many aspects of computing and any processes or procedures related to information technology.
Which ISO/IEC standard has been established to provide a framework for handling eDiscovery processes?
- A. ISO/IEC 27001
- B. ISO/IEC 27050
- C. ISO/IEC 27002
- D. ISO/IEC 27040
Answer: B
Explanation:
Explanation/Reference:
Explanation:
ISO/IEC 27050 strives to establish an internationally accepted standard for eDiscovery processes and best practices. It encompasses all steps of the eDiscovery process, including the identification, preservation, collection, processing, review, analysis, and the final production of the requested data archive. ISO/IEC
27001 is a general security specification for an information security management system. ISO/IEC 27002 gives best practice recommendations for information security management. ISO/IEC 27040 is focused on the security of storage systems.
NEW QUESTION 21
Which regulatory system pertains to the protection of healthcare data?
- A. HIPAA
- B. HITECH
- C. HFCA
- D. HAS
Answer: A
Explanation:
Explanation
The Health Insurance Portability and Accountability Act (HIPAA) sets stringent requirements in the United States for the protection of healthcare records.
NEW QUESTION 22
Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?
- A. Governance
- B. Platform
- C. Application
- D. Infrastructure
Answer: A
Explanation:
Explanation
Regardless of which cloud-hosting model is used, the cloud customer always has sole responsibility for the governance of systems and data.
NEW QUESTION 23
Which of the following is a widely used tool for code development, branching, and collaboration?
- A. Conductor
- B. Orchestrator
- C. Maestro
- D. GitHub
Answer: D
Explanation:
GitHub is an open source tool that developers leverage for code collaboration, branching, and versioning.
NEW QUESTION 24
Different certifications and standards take different approaches to data center design and operations. Although many traditional approaches use a tiered methodology, which of the following utilizes a macro-level approach to data center design?
- A. BICSI
- B. Uptime Institute
- C. NFPA
- D. IDCA
Answer: D
Explanation:
Explanation/Reference:
Explanation:
The Infinity Paradigm of the International Data Center Authority (IDCA) takes a macro-level approach to data center design. The IDCA does not use a specific, focused approach on specific components to achieve tier status. Building Industry Consulting Services International (BICSI) issues certifications for data center cabling.
The National Fire Protection Association (NFPA) publishes a broad range of fire safety and design standards for many different types of facilities. The Uptime Institute publishes the most widely known and used standard for data center topologies and tiers.
NEW QUESTION 25
What is a key component of GLBA?
Response:
- A. The right to be forgotten
- B. The right to audit
- C. The information security program
- D. EU Data Directives
Answer: C
NEW QUESTION 26
When using an Infrastructure as a Service (IaaS) solution, what is the capability provided to the customer?
Response:
- A. To provision processing, storage, networks, and other fundamental computing resources when the consumer is not able to deploy and run arbitrary software, which can include operating systems and applications.
- B. To provision processing, storage, networks, and other fundamental computing resources when the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.
- C. To provision processing, storage, networks, and other fundamental computing resources when the auditor is able to deploy and run arbitrary software, which can include operating systems and applications.
- D. To provision processing, storage, networks, and other fundamental computing resources when the provider is able to deploy and run arbitrary software, which can include operating systems and applications.
Answer: B
NEW QUESTION 27
There are two reasons to conduct a test of the organization's recovery from backup in an environment other than the primary production environment. Which of the following is one of them?
Response:
- A. It is good for your personnel to see other places occasionally.
- B. You want to approximate contingency conditions, which includes not operating in the primary location.
- C. Your regulators won't follow you offsite, so you'll be unobserved during your test.
- D. It is good to invest in more than one community.
Answer: B
NEW QUESTION 28
What type of security threat is DNSSEC designed to prevent?
- A. Spoofing
- B. Injection
- C. Account hijacking
- D. Snooping
Answer: A
Explanation:
Explanation
DNSSEC is designed to prevent the spoofing and redirection of DNS resolutions to rogue sites.
NEW QUESTION 29
Within a federated identity system, which of the following would you be MOST likely to use for sending information for consumption by a relying party?
- A. WS-Federation
- B. HTML
- C. XML
- D. SAML
Answer: D
Explanation:
The Security Assertion Markup Language (SAML) is the most widely used method for encoding and sending attributes and other information from an identity provider to a relying party.WS- Federation, which is used by Active Directory Federation Services (ADFS), is the second most used method for sending information to a relying party, but it is not a better choice than SAML.
XML is similar to SAML in the way it encodes and labels data, but it does not have all of the required extensions that SAML does. HTML is not used within federated systems at all.
NEW QUESTION 30
Which of the following threat types involves the sending of commands or arbitrary data through input fields in an application in an attempt to get that code executed as part of normal processing?
- A. Missing function-level access control
- B. Cross-site forgery
- C. Cross-site scripting
- D. Injection
Answer: D
Explanation:
Explanation
An injection attack is where a malicious actor will send commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries. This can trick an application into exposing data that is not intended or authorized to be exposed, or it could potentially allow an attacker to gain insight into configurations or security controls. Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. Cross-site request forgery occurs when an attack forces an authenticated user to send forged requests to an application running under their own access and credentials. Cross-site scripting occurs when an attacker is able to send untrusted data to a user's browser without going through validation processes.
NEW QUESTION 31
What is the intellectual property protection for a useful manufacturing innovation?
- A. patent
- B. Copyright
- C. Trade secret
- D. Trademark
Answer: A
Explanation:
Explanation
Patents protect processes (as well as inventions, new plantlife, and decorative patterns). The other answers listed are answers to other questions.
NEW QUESTION 32
The BIA can be used to provide information about all the following, except:
- A. Selection of security controls
- B. BC/DR planning
- C. Secure acquisition
- D. Risk analysis
Answer: C
Explanation:
The business impact analysis gathers asset valuation information that is beneficial for risk analysis and selection of security controls (it helps avoid putting the ten-dollar lock on the five- dollar bicycle), and criticality information that helps in BC/DR planning by letting the organization understand which systems, data, and personnel are necessary to continuously maintain.
However, it does not aid secure acquisition efforts, since the assets examined by the BIA have already been acquired.
NEW QUESTION 33
Which technology is most associated with tunneling?
Response:
- A. IaaS
- B. GRE
- C. XML
- D. IPSec
Answer: B
NEW QUESTION 34
When is a virtual machine susceptible to attacks while a physical server in the same state would not be?
- A. When it is behind a WAF
- B. When it is not patched
- C. When it is powered off
- D. When it is behind an IPS
Answer: C
Explanation:
Explanation
A virtual machine is ultimately an image file residing a file system. Because of this, even when a virtual machine is "powered off," it is still susceptible to attacks and modification. A physical server that is powered off would not be susceptible to attacks.
NEW QUESTION 35
......
The Certified Cloud Security Professional certification exam, best known as the CCSP, fulfills the growing demands for experienced and specialized Cloud Security specialists. This test was introduced in 2015 and is available in more than 800 locations and 114 countries across the globe. Particularly, such a certification is focused on specialists working with cloud technologies to ensure that data is not only safer, but that security vulnerability is recognized to overcome those risks. Also, the CCSP certification is suitable for IT security leaders seeking to demonstrate their knowledge of cybersecurity and cloud computing. As a rule, the CCSP trained specialists can identify the issues and challenges faced by several cloud computing companies around the world.
Updated Test Engine to Practice CCSP Dumps & Practice Exam: https://www.vcetorrent.com/CCSP-valid-vce-torrent.html
Pass ISC CCSP PDF Dumps Recently Updated 830 Questions: https://drive.google.com/open?id=1CnTjxe6O97a8ohYL7sDjPZe27YsklVGT