Get New 2021 Valid Practice ISC Cloud Security CCSP Q&A - Testing Engine
CCSP Dumps PDF - 100% Passing Guarantee
NEW QUESTION 253
Which of the following roles is responsible for gathering metrics on cloud services and managing cloud deployments and the deployment processes?
- A. Cloud service manager
- B. Cloud service deployment manager
- C. Cloud service business manager
- D. Cloud service operations manager
Answer: B
Explanation:
Explanation
Explanation:
The cloud service deployment manager is responsible for gathering metrics on cloud services, managing cloud deployments and the deployment process, and defining the environments and processes.
NEW QUESTION 254
In the cloud motif, the data processor is usually:
- A. The cloud customer
- B. The party that assigns access rights
- C. The cloud provider
- D. The cloud access security broker
Answer: C
Explanation:
Explanation
In legal terms, when "data processor" is defined, it refers to anyone who stores, handles, moves, or manipulates data on behalf of the data owner or controller. In the cloud computing realm, this is the cloud provider.
NEW QUESTION 255
Although host-based and network-based IDSs perform similar functions and have similar capabilities, which of the following is an advantage of a network-based IDS over a host-based IDS, assuming all capabilities are equal?
- A. Segregated from host systems
- B. External to system patching
- C. Network access
- D. Scalability
Answer: A
Explanation:
A network-based IDS has the advantage of being segregated from host systems, and as such, it would not be open to compromise in the same manner a host-based system would be. Although a network-based IDS would be external to system patching, this is not the best answer here because it is a minor concern compared to segregation due to possible host compromise.
Scalability is also not the best answer because, although a network-based IDS does remove processing from the host system, it is not a primary security concern. Network access is not a consideration because both a host-based IDS and a network- based IDS would have access to network resources.
NEW QUESTION 256
Which of the following are cloud computing roles?
- A. Cloud service broker and user
- B. Cloud customer and financial auditor
- C. CSP and backup service provider
- D. Cloud service auditor and object
Answer: C
Explanation:
Explanation/Reference:
Explanation:
The following groups form the key roles and functions associated with cloud computing. They do not constitute an exhaustive list but highlight the main roles and functions within cloud computing:
- Cloud customer: An individual or entity that utilizes or subscribes to cloud based services or resources.
- CSP: A company that provides cloud-based platform, infrastructure, application, or storage services to other organizations or individuals, usually for a fee; otherwise known to clients "as a service.
- Cloud backup service provider: A third-party entity that manages and holds operational responsibilities for cloud-based data backup services and solutions to customers from a central data center.
- CSB: Typically a third-party entity or company that looks to extend or enhance value to multiple customers of cloud-based services through relationships with multiple CSPs. It acts as a liaison between cloud services customers and CSPs, selecting the best provider for each customer and monitoring the services. The CSB can be utilized as a "middleman" to broker the best deal and customize services to the customer's requirements. May also resell cloud services.
- Cloud service auditor: Third-party organization that verifies attainment of SLAs.
NEW QUESTION 257
Which security concept is focused on the trustworthiness of data?
- A. Confidentiality
- B. Availability
- C. Integrity
- D. Nonrepudiation
Answer: C
Explanation:
Explanation
Integrity is focused on the trustworthiness of data as well as the prevention of unauthorized modification or tampering of it. A prime consideration for maintaining integrity is an emphasis on the change management and configuration management aspects of operations, so that all modifications are predictable, tracked, logged, and verified, whether they are performed by actual human users or systems processes and scripts.
NEW QUESTION 258
Which of the following types of software is a Type 2 hypervisor dependent on that a Type 1 hypervisor isn't?
Response:
- A. Firewall
- B. Operating system
- C. IDS
- D. VPN
Answer: B
NEW QUESTION 259
In which cloud service model is the customer required to maintain the OS?
- A. CaaS
- B. Iaas
- C. SaaS
- D. PaaS
Answer: B
Explanation:
In IaaS, the service is bare metal, and the customer has to install the OS and the software; the customer then is responsible for maintaining that OS. In the other models, the provider installs and maintains the OS.
NEW QUESTION 260
Which jurisdiction lacks specific and comprehensive privacy laws at a national or top level of legal authority?
- A. European Union
- B. Russia
- C. Germany
- D. United States
Answer: D
Explanation:
Explanation
The United States lacks a single comprehensive law at the federal level addressing data security and privacy, but there are multiple federal laws that deal with different industries.
NEW QUESTION 261
Which SSAE 16 report is purposefully designed for public release (for instance, to be posted on a company's website)?
Response:
- A. SOC 3
- B. SOC 1
- C. SOC 2, Type 1
- D. SOC 2, Type 2
Answer: A
NEW QUESTION 262
Which kind of SSAE audit reviews controls dealing with the organization's controls for assuring the confidentiality, integrity, and availability of data?
- A. SOC 4
- B. SOC 1
- C. SOC 2
- D. SOC 3
Answer: C
Explanation:
Explanation/Reference:
Explanation:
SOC 2 deals with the CIA triad. SOC 1 is for financial reporting. SOC 3 is only an attestation by the auditor. There is no SOC 4.
NEW QUESTION 263
In order to prevent cloud customers from potentially consuming enormous amounts of resources within a cloud environment and thus having a negative impact on other customers, what concept is commonly used by a cloud provider?
- A. Limit
- B. Reservation
- C. Cap
- D. Throttle
Answer: A
Explanation:
A limit puts a maximum value on the amount of resources that may be consumed by either a system, a service, or a cloud customer. It is commonly used to prevent one entity from consuming enormous amounts of resources and having an operational impact on other tenants within the same cloud system. Limits can either be hard or somewhat flexible, meaning a customer can borrow from other customers while still having their actual limit preserved. A reservation is a guarantee to a cloud customer that a certain level of resources will always be available to them, regardless of what operational demands are currently placed on the cloud environment. Both cap and throttle are terms that sound similar to limit, but they are not the correct terms in this case.
NEW QUESTION 264
Which protocol, as a part of TLS, handles negotiating and establishing a connection between two parties?
- A. Handshake
- B. Record
- C. Negotiation
- D. Binding
Answer: A
Explanation:
The TLS handshake protocol is what negotiates and establishes the TLS connection between two parties and enables a secure communications channel to then handle data transmissions. The TLS record protocol is the actual secure communications method for transmitting data; it's responsible for the encryption and authentication of packets throughout their transmission between the parties, and in some cases it also performs compression. Negotiation and binding are not protocols under TLS.
NEW QUESTION 265
Which of the following is NOT part of a retention policy?
- A. Accessibility
- B. Format
- C. Costs
- D. Duration
Answer: C
Explanation:
Explanation
The data retention policy covers the duration, format, technologies, protection, and accessibility of archives, but does not address the specific costs of its implementation and maintenance.
NEW QUESTION 266
With a cloud service category where the cloud customer is responsible for deploying all services, systems, and components needed for their applications, which of the following storage types are MOST likely to be available to them?
- A. Volume and object
- B. Structured and hierarchical
- C. Structured and unstructured
- D. Volume and database
Answer: A
Explanation:
Explanation/Reference:
Explanation:
The question is describing the Infrastructure as a Service (IaaS) cloud offering, and as such, the volume and object storage types will be available to the customer. Structured and unstructured are storage types associated with PaaS, and although the other answers present similar-sounding storage types, they are a mix of real and fake names.
NEW QUESTION 267
Which of the following is a possible negative aspect of bit-splitting?
- A. It may require trust in additional third parties beyond the primary cloud service provider.
- B. Limited vendors make acquisition and support challenging.
- C. There may be cause for management concern that the technology will violate internal policy.
- D. Users will have far greater difficulty understanding the implementation.
Answer: A
NEW QUESTION 268
What concept does the "I" represent with the STRIDE threat model?
- A. IT security
- B. Insider threat
- C. Integrity
- D. Information disclosure
Answer: D
Explanation:
Explanation
Explanation:
Perhaps the biggest concern for any user is having their personal and sensitive information disclosed by an application. There are many aspects of an application to consider with security and protecting this information, and it is very difficult for any application to fully ensure security from start to finish. The obvious focus is on security within the application itself, as well as protecting and storing the data.
NEW QUESTION 269
Key maintenance and security are paramount within a cloud environment due to the widespread use of encryption for both data and transmissions.
Which of the following key-management systems would provide the most robust control over and ownership of the key-management processes for the cloud customer?
- A. Internal key management service
- B. Client key management service
- C. Remote key management service
- D. Local key management service
Answer: C
Explanation:
A remote key management system resides away from the cloud environment and is owned and controlled by the cloud customer. With the use of a remote service, the cloud customer can avoid being locked into a proprietary system from the cloud provider, but also must ensure that service is compatible with the services offered by the cloud provider. A local key management system resides on the actual servers using the keys, which does not provide optimal security or control over them. Both the terms internal key management service and client key management service are provided as distractors.
NEW QUESTION 270
What concept does the "A" represent in the DREAD model?
- A. Affected users
- B. Affinity
- C. Authentication
- D. Authorization
Answer: A
Explanation:
Explanation
Affected users refers to the percentage of users who would be impacted by a successful exploit. Scoring ranges from 0, which means no users are impacted, to 10, which means all users are impacted.
NEW QUESTION 271
Who will determine data classifications for the cloud customer?
- A. Regulators
- B. The cloud customer
- C. The cloud provider
- D. NIST
Answer: B
NEW QUESTION 272
Database activity monitoring (DAM) can be:
- A. Host-based or network-based
- B. Used in place of data masking
- C. Used in the place of encryption
- D. Server-based or client-based
Answer: A
Explanation:
Explanation
We don't use DAM in place of encryption or masking; DAM augments these options without replacing them.
We don't usually think of the database interaction as client-server, so A is the best answer.
NEW QUESTION 273
Which of the following roles would be responsible for managing memberships in federations and the use and integration of federated services?
- A. Cloud service integrator
- B. Inter-cloud provider
- C. Cloud service administrator
- D. Cloud service business manager
Answer: B
Explanation:
Explanation
The inter-cloud provider is responsible for peering with other cloud services and providers, as well as overseeing and managing federations and federated services. A cloud service administrator is responsible for testing, monitoring, and securing cloud services, as well as providing usage reporting and dealing with service problems. The cloud service integrator is responsible for connecting existing systems and services with a cloud. The cloud service business manager is responsible for overseeing the billing, auditing, and purchasing of cloud services.
NEW QUESTION 274
Which value refers to the amount of time it takes to recover operations in a BCDR situation to meet management's objectives?
- A. SRE
- B. RPO
- C. RSL
- D. RTO
Answer: D
Explanation:
Explanation/Reference:
Explanation:
The recovery time objective (RTO) is a measure of the amount of time it would take to recover operations in the event of a disaster to the point where management's objectives are met for BCDR.
NEW QUESTION 275
......
For more info visit:
CCSP Braindumps Real Exam Updated on Oct 22, 2021 with 830 Questions: https://www.free4torrent.com/CCSP-braindumps-torrent.html
Latest CCSP PDF Dumps & Real Tests Free Updated Today: https://drive.google.com/open?id=1p5NCwzIXHkJLfmjUB0nqb6oPcEahpBfI