CCSP Practice Test Questions

512 Questions


Topic 2, Exam Pool B

The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats
to organizations participating in cloud computing.
According to the CSA, what aspect of managed cloud services makes the threat of
malicious insiders so alarming?
Response:


A.

Scalability


B.

Multitenancy


C.

Metered service


D.

Flexibility





B.   

Multitenancy



What is a form of cloud storage where data is stored as objects, arranged in a hierarchal
structure, like a file tree?
Response:


A.

Volume storage


B.

Databases


C.

Content delivery network (CDN)


D.

Object storage





D.   

Object storage



While an audit is being conducted, which of the following could cause management and the
auditors to change the original plan in order to continue with the audit?
Response:


A.

Cost overruns


B.

Impact on systems


C.

Regulatory changes


D.

Software version changes





A.   

Cost overruns



Which of the following in a federated environment is responsible for consuming
authentication tokens?
Response:


A.

Relying party


B.

Identity provider


C.

Cloud services broker


D.

Authentication provider





A.   

Relying party



All of the following entitles are required to use FedRAMP-accredited Cloud Service
Providers except ___________.
Response:


A.

The US post office


B.

The Department of Homeland Security


C.

Federal Express


D.

The CIA





C.   

Federal Express



The Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR)
program has __________ tiers.
Response:


A.

Two


B.

Three


C.

Four


D.

Eight





B.   

Three



Which of the following is NOT a core component of an SIEM solution?
Response:


A.

Correlation


B.

Aggregation


C.

Compliance


D.

Escalation





D.   

Escalation



An organization could have many reasons that are common throughout the industry to
activate a BCDR situation. Which of the following is NOT a typical reason to activate a
BCDR plan?
Response:


A.

Natural disaster


B.

Utility outage


C.

Staff loss


D.

Terrorist attack





C.   

Staff loss



Which of the following are not examples of personnel controls?
Response:


A.

Background checks


B.

Reference checks


C.

Strict access control mechanisms


D.

Continuous security training





C.   

Strict access control mechanisms



Which SSAE 16 audit report is simply an attestation of audit results? 
Response:


A.

SOC 1


B.

SOC 2, Type 1


C.

SOC 2, Type 2


D.

SOC 3





D.   

SOC 3



Which of the following threats from the OWASP Top Ten is the most difficult for an
organization to protect against?
Response:


A.

Advanced persistent threats


B.

Account hijacking


C.

Malicious insiders


D.

Denial of service





C.   

Malicious insiders



Which theoretical technology would allow superposition of physical states to increase both
computing capacity and encryption keyspace?
Response:


A.

All-or-nothing-transform with Reed-Solomon (AONT-RS)


B.

Quantum computing


C.

Filigree investment


D.

Sharding





B.   

Quantum computing




Page 20 out of 43 Pages
Previous