[Oct-2021] Valid Way To Pass ISC Exam Dumps with CCSP Exam Study Guide [Q448-Q469]

Share

[Oct-2021] Valid Way To Pass ISC Exam Dumps with CCSP Exam Study Guide

All CCSP Dumps and Certified Cloud Security Professional Training Courses Help candidates to study and pass the Exams hassle-free!

NEW QUESTION 448
Which of the following frameworks focuses specifically on design implementation and management?

  • A. ISO 27017
  • B. HIPAA
  • C. NIST 800-92
  • D. ISO 31000:2009

Answer: D

Explanation:
Explanation
ISO 31000:2009 specifically focuses on design implementation and management. HIPAA refers to health care regulations, NIST 800-92 is about log management, and ISO 27017 is about cloud specific security controls.

 

NEW QUESTION 449
Which of the following technologies is NOT commonly used for accessing systems and services in a cloud environment in a secure manner?

  • A. HTTPS
  • B. TLS
  • C. VPN
  • D. KVM

Answer: D

Explanation:
A keyboard-video-mouse (KVM) system is commonly used for directly accessing server terminals in a data center. It is not a method that would be possible within a cloud environment, primarily due to the use virtualized systems, but also because only the cloud provider's staff would be allowed the physical access to hardware systems that's provided by a KVM. Hypertext Transfer Protocol Secure (HTTPS), virtual private network (VPN), and Transport Layer Security (TLS) are all technologies and protocols that are widely used with cloud implementations for secure access to systems and services.

 

NEW QUESTION 450
A typical DLP tool can enhance the organization's efforts at accomplishing what legal task?
Response:

  • A. Criminal prosecution
  • B. Delivering testimony
  • C. Evidence collection
  • D. Enforcement of intellectual property rights

Answer: C

 

NEW QUESTION 451
What concept does the "R" represent with the DREAD model?

  • A. Risk
  • B. Residual
  • C. Repudiation
  • D. Reproducibility

Answer: D

Explanation:
Reproducibility is the measure of how easy it is to reproduce and successful use an exploit. Scoring within the DREAD model ranges from 0, signifying a nearly impossibly exploit, up to 10, which signifies something that anyone from a simple function call could exploit, such as a URL.

 

NEW QUESTION 452
When an organization implements an SIEM solution and begins aggregating event data, the configured event sources are only valid at the time it was configured.
Application modifications, patching, and other upgrades will change the events generated and how they are represented over time.
What process is necessary to ensure events are collected and processed with this in mind?

  • A. Continuous optimization
  • B. Continual review
  • C. Aggregation updates
  • D. Event elasticity

Answer: A

 

NEW QUESTION 453
All of these are reasons an organization may want to consider cloud migration except:
Response:

  • A. Reduced operational expenses
  • B. Reduced personnel costs
  • C. Increased efficiency
  • D. Elimination of risks

Answer: D

 

NEW QUESTION 454
The SOC Type 2 reports are divided into five principles.
Which of the five principles must also be included when auditing any of the other four principles?

  • A. Privacy
  • B. Availability
  • C. Confidentiality
  • D. Security

Answer: D

Explanation:
Explanation
Under the SOC guidelines, when any of the four principles other than security are being audited, which includes availability, confidentiality, processing integrity, and privacy, the security principle must also be included with the audit.

 

NEW QUESTION 455
Which key storage solution would be the BEST choice in a situation where availability might be of a particular concern?
Response:

  • A. Embedded
  • B. External
  • C. Hosted
  • D. Internal

Answer: D

 

NEW QUESTION 456
Your new CISO is placing increased importance and focus on regulatory compliance as your applications and systems move into cloud environments.
Which of the following would NOT be a major focus of yours as you develop a project plan to focus on regulatory compliance?

  • A. Data at rest
  • B. Data in transit
  • C. Data in use
  • D. Data custodian

Answer: D

Explanation:
Explanation
The jurisdictions where data is being stored, processed, or consumed are the ones that dictate the regulatory frameworks and compliance requirements, regardless of who the data owner or custodian might be. The other concepts for protecting data would all play a prominent role in regulatory compliance with a move to the cloud environment. Each concept needs to be evaluated based on the new configurations as well as any potential changes in jurisdiction or requirements introduced with the move to a cloud.

 

NEW QUESTION 457
Which of the following is the primary purpose of an SOC 3 report?

  • A. Seal of approval
  • B. HIPAA compliance
  • C. Absolute assurances
  • D. Compliance with PCI/DSS

Answer: A

Explanation:
Explanation
The SOC 3 report is more of an attestation than a full evaluation of controls associated with a service provider.

 

NEW QUESTION 458
Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. Using a managed service allows the customer to realize significant cost savings through the reduction of ____________.
Response:

  • A. Risk
  • B. Personnel
  • C. Security controls
  • D. Data

Answer: B

 

NEW QUESTION 459
What are the phases of a software development lifecycle process model?
Response:

  • A. Planning and requirements analysis, design, define, develop, testing, and maintenance
  • B. Define, planning and requirements analysis, design, develop, testing, and maintenance
  • C. Planning and requirements analysis, define, design, testing, develop, and maintenance
  • D. Planning and requirements analysis, define, design, develop, testing, and maintenance

Answer: D

 

NEW QUESTION 460
What are third-party providers of IAM functions for the cloud environment?

  • A. AESs
  • B. CASBs
  • C. DLPs
  • D. SIEMs

Answer: B

 

NEW QUESTION 461
Which of the following roles would be responsible for managing memberships in federations and the use and integration of federated services?

  • A. Cloud service business manager
  • B. Cloud service integrator
  • C. Cloud service administrator
  • D. Inter-cloud provider

Answer: D

Explanation:
The inter-cloud provider is responsible for peering with other cloud services and providers, as well as overseeing and managing federations and federated services. A cloud service administrator is responsible for testing, monitoring, and securing cloud services, as well as providing usage reporting and dealing with service problems. The cloud service integrator is responsible for connecting existing systems and services with a cloud. The cloud service business manager is responsible for overseeing the billing, auditing, and purchasing of cloud services.

 

NEW QUESTION 462
Which of the cloud cross-cutting aspects relates to the requirements placed on a system or application by law, policy, or requirements from standards?

  • A. regulatory requirements
  • B. Auditability
  • C. Governance
  • D. Service-level agreements

Answer: A

Explanation:
Explanation
Regulatory requirements are those imposed upon businesses and their operations either by law, regulation, policy, or standards and guidelines. These requirements are specific either to the locality in which the company or application is based or to the specific nature of the data and transactions conducted.

 

NEW QUESTION 463
Which of the following statements about Type 1 hypervisors is true?

  • A. The hardware vendor and software vendor are different.
  • B. The hardware vendor and software vendor are the same
  • C. The hardware vendor and software vendor should always be different for the sake of security.
  • D. The hardware vendor provides an open platform for software vendors.

Answer: B

Explanation:
With a Type 1 hypervisor, the management software and hardware are tightly tied together and provided by the same vendor on a closed platform. This allows for optimal security, performance, and support. The other answers are all incorrect descriptions of a Type 1 hypervisor.

 

NEW QUESTION 464
Jurisdictions have a broad range of privacy requirements pertaining to the handling of personal data and information.
Which jurisdiction requires all storage and processing of data that pertains to its citizens to be done on hardware that is physically located within its borders?

  • A. Japan
  • B. European Union
  • C. United States
  • D. Russia

Answer: D

Explanation:
Explanation
The Russian government requires all data and processing of information about its citizens to be done solely on systems and applications that reside within the physical borders of the country. The United States, European Union, and Japan focus their data privacy laws on requirements and methods for the protection of data, rather than where the data physically resides.

 

NEW QUESTION 465
Which of the following is NOT a focus or consideration of an internal audit?

  • A. Costs
  • B. Design
  • C. Operational efficiency
  • D. Certification

Answer: D

Explanation:
Explanation/Reference:
Explanation:
In order to obtain and comply with certifications, independent external audits must be performed and satisfied. Although some testing of certification controls can be part of an internal audit, they will not satisfy requirements.

 

NEW QUESTION 466
All the following are data analytics modes, except:

  • A. Real-time analytics
  • B. Refractory iterations
  • C. Agile business intelligence
  • D. Datamining

Answer: B

Explanation:
All the others are data analytics methods, but "refractory iterations" is a nonsense term thrown in as a red herring.

 

NEW QUESTION 467
Who should be the only entity allowed to declare that an organization can return to normal following contingency or BCDR operations?
Response:

  • A. The incident manager
  • B. Senior management
  • C. Regulators
  • D. Law enforcement

Answer: B

 

NEW QUESTION 468
Which ITIL component is an ongoing, iterative process of tracking all deployed and configured resources that an organization uses and depends on, whether they are hosted in a traditional data center or a cloud?

  • A. Problem management
  • B. Continuity management
  • C. Configuration management
  • D. Availability management

Answer: C

Explanation:
Configuration management tracks and maintains detailed information about all IT components within an organization. Availability management is focused on making sure system resources, processes, personnel, and toolsets are properly allocated and secured to meet SLA requirements. Continuity management (or business continuity management) is focused on planning for the successful restoration of systems or services after an unexpected outage, incident, or disaster. Problem management is focused on identifying and mitigating known problems and deficiencies before they occur.

 

NEW QUESTION 469
......

Real Exam Questions & Answers - ISC CCSP Dump is Ready: https://drive.google.com/open?id=1IrlydEqhajTMFfWDpYXRQ7Qa28LIfxIO

Get Latest [Oct-2021] Conduct effective penetration tests using  ExamCost CCSP