CCSP Combined not multi-choice

25. Many organizations will have different environments for development versus production, even using different cloud providers or different systems between the two. Which of the following would be the BEST reason to have both production systems and development systems hosted within the same cloud environment?

APIs

21. Although indirect identifiers cannot alone point to an individual, the more of them known can lead to a specific identity. Which strategy can be used to avoid such a connection being made?

Anonymization

36. Which of the following concepts pertains to the ability to verify that proper controls and policies are in place on a system or application?

Auditability

34. Which concept is focused on ensuring that users are given the appropriate rights to data and functions within an application?

Authorization

29. What is the main drawback to having a remote key management service in production use, versus a local one?

Availability

16. What type of system is exposed to the public Internet but to maintain security is designed to perform just a specific function and has security controls and monitoring in place specifically focused on that capability?

Bastion

3. Where would be the most appropriate location for an XML firewall within a system architecture?

Between the firewalls and application servers

2. Limits within a cloud environment can be either hard limits or limits capable of adjusting to current demands and circumstances. Which of the following concepts encapsulates allowing a limit to adjust to current circumstances, without the actual limit value changing?

Borrowing

6. What does the TLS protocol use for authentication between two parties?

Certificates

12. Without direct access by customers to the underlying infrastructure of a cloud environment, coupled with their limited knowledge of many operations and configurations, what can be used for customers to gain assurance of security controls and implementations?

Certifications

9. Which component of the ITIL framework includes dependency checks?

Change management

2. When DLP is used to protect data in use, where would the DLP solution and software be deployed?

Client

2. Which security concept pertains to protecting sensitive information from disclosure but also ensuring it is accessible to the appropriate parties?

Confidentiality

23. Which of the following is a major concern with cloud storage communications over iSCSI that must be addressed through additional technologies?

Confidentiality

10. Which of the following types of threats is focused on compromising the client rather than the server or application itself?

Cross-site scripting

5. Which type of testing involves externally attacking the security of a system but without actually attempting to alter systems or fully execute malicious actions?

DAST

20. Data is used by many different roles within an organization. Although all roles have the responsibility for protecting the data and conforming to any policies governing its use or access, which role is specifically responsible for determining the appropriate controls to be applied as well as appropriate use?

Data owner

24. Your new project and its data have regulations that dictate what type of records must be maintained and for how long. Which term refers to this concept?

Data retention

24. Which of the following choices represents the D component of the STRIDE threat model from OWASP?

DoS

13. When using an e-commerce site, you see your credit card information with all but the last four digits replaced with asterisks. What kind of data masking is being employed by the application?

Dynamic

30. Which of the following laws pertains to the protection and confidentiality of PII, related specifically to financial institutions?

GLBA

7. Which stage of the BCDR process takes into account the RPO and RTO requirements set forth by management and stakeholders?

Gathering requirements

25. Which type of new and emerging encryption allows for the manipulation and accessing of data without having to unencrypt it first?

Homomorphic

37. Which type of cloud deployment requires the least amount of involvement from the cloud provider to make logs available to the cloud customer?

IaaS

28. A federated identity system is composed of two main components. Which of the following pairs represents the correct two components?

Identity provider and relying party

31. Which cloud service category is object storage associated with?

Infrastructure

48. You are reviewing the standard offerings from a prospective cloud provider, and one area of log collection promises full and complete access to operating system logs for all provisioned systems. Which cloud service category is this MOST likely referring to?

Infrastructure

33. With volume storage, a slice of storage space is allocated to a system to be used in whatever manner is necessary for that particular system and its requirements. What is this slice of storage referred to as?

LUN - logical unit number

10. Which concept ensures that enough resources are available to the many tenants within a cloud environment and that a single system, service, or customer does not consume too many resources?

Limit

25. Which concept pertains to cloud customers paying only for the resources they use and consume, and only for the duration they are using them?

Measured service

18. Which of the following aspects of cloud computing makes data in transit (DIT) between internal servers more of a risk than in a traditional data center?

Multi-tenancy

8. When a DLP solution is used to protect data in transit, where is the optimal place to deploy the DLP components?

Network perimeter

26. Which concept refers to the ability to confirm and validate the original source of data or an operation to sufficiently meet the required level of assurance?

Nonrepudiation

3. Which of the following aspects of an application is MOST likely to be a component of measured service with all SaaS implementations?

Number of users

3. Which cloud storage type uses an opaque value or descriptor to categorize and organize data?

Object

7. Which cloud storage method utilizes a key value to access data from an application or client?

Object

28. Different storage paradigms within a cloud environment handle formatting, allocation, and security controls differently. What handles these aspects for volume storage?

Operating system of host

20. Which of the following core concepts of cloud computing is NOT something that orchestration would play a role in?

PORTABILITY

9. You have been tasked by management to run security tests against an application using the same toolsets and methodologies that a legitimate attacker would use, including actually attempting to leverage successful exploits. Which type of testing would this entail?

Penetration testing

17. Your company is focused on software development, and your main focus is keeping the costs of development as low as possible to maximize profit. Which cloud service category would be the most appropriate to use for this goal?

Platform

12. When resource limitations surpass the thresholds determined by the cloud provider and shares need to be invoked, which of the following is the driving factor for the determination of share allocations?

Prioritization weighting

Your company has undertaken a full study of moving services to a cloud environment, but due to budget constraints, the project has been delayed. You now have received budget money and a demand that the cloud services be set up as soon as possible. Which cloud service category would be your best option under the circumstances?

Public

29. Which concept involves the ability for a system to respond to attack methods being used against it and automatically alter security configurations and countermeasures to compensate for them?

RASP

22. A primary focus during a BCDR situation is for systems and applications to meet an acceptable level of operations. Which value represents this status?

RPO

11. One of the most crucial metrics for a BCDR plan is how long it takes for services to be restored to a point of satisfaction for management. Which metric represents this point and value?

RTO

20. During a periodic or specific testing of a BCDR plan, which of the following pairs of objectives is the main metric used for the overall evaluation of the plan?

RTO and RPO

32. A common strategy employed when using cloud services for BCDR strategies is to only maintain images offline at the cloud provider, or to only have a minimal set of systems running until needed. With the strategy of only running a minimal level of systems until needed, which aspect of cloud computing would be most beneficial during an actual BCDR situation?

Rapid elasticity

19. Which of the following represents the R component of the DREAD threat risk modeling system?

Reproducability

11. Which concept refers to the ability to validate and prove that a specific entity did not perform operations on a system?

Repudiation

14. What standard is used between different entities within a federated system to exchange information about authentication and user attributes?

SAML

1. You have a new application that is about to be put into production and used by customers. Management would like to undertake an exhaustive test of the system by assessing the known controls and configurations as well as reviewing the source code and components. Which type of testing would this represent?

SAST

18. Which type of testing tends to produce the best and most comprehensive results for discovering system vulnerabilities?

SAST

5. What concept allows users or support staff to change some network configurations without having access to the actual networking hardware and administrative interfaces?

SDN

23. Which of the following laws is highly related to the preservation and retention of electronic records?

SOX

30. Which cloud service category is MOST likely to use a client-side key management system?

SaaS

41. The final phase of the cloud data lifecycle is the destroy phase, where data is ultimately deleted and done so in a secure manner to ensure it cannot be recovered or reconstructed. Which cloud service category poses the most challenges to data destruction or the cloud customer?

SaaS

9. Which cloud service category brings with it the most expensive startup costs, but also the lowest costs for ongoing support and maintenance staff?

SaaS

15. Which concept is often used to isolate and separate information or processes within an environment for either security concerns or regulatory requirements?

Sandboxing

9. When system resource utilization is experiencing heavy demand, possibly nearing the overall full capacity of the cloud environment, which of the following concepts will set the prioritization as to which virtual hosts receive the requested resources?

Shares

50. Which type of masking would be appropriate for the creation of data sets for testing purposes, where the same structure and size are of importance?

Static

38. You are reviewing literature from a cloud service provider and its main pitch to you involves its offerings for a "fully installed and implemented application hosting and deployment framework." Based on your understanding of cloud features, which storage types are you expecting to see offered with this solution?

Structured and Unstructured

38. Single sign-on systems work by authenticating users from a centralized location or using a centralized method, and then allowing applications that trust the system to grant those users access. What would be passed between the authentication system and the applications to grant a user access?

Token

45. Which of the following data protection methodologies maintains the ability to connect back values to the original values?

Tokenization

10. Encryption solutions can be embedded within database operations that will serve to protect data in a manner that is not noticeable to the user. What kind of encryption strategy is this?

Transparent

6. The Safe Harbor program was developed to bridge the gap in privacy regulations between two different jurisdictions. Which two jurisdictions are involved in the program?

US and EU

31. What concept is used for network segregation and isolation within a cloud environment?

VLAN

25. Without the ability to segregate networks physically within a cloud environment, what concept is heavily used for network isolation and segmentation?

VLANs

31. With cloud systems making exclusive use of broad network access, which technology is commonly used for support personnel to access systems for maintenance and administration?

VPN

15. In order to move quickly from your traditional data center to a cloud environment, you want your storage to resemble the same directory structure you currently have. Which cloud storage type will be your best option?

Volume

27. Your application has been a continued target for SQL injection attempts. Which of the following technologies would be best used to combat the likeliness of a successful SQL injection exploit from occurring?

WAF

37. The Simple Object Access Protocol (SOAP) allows programs from different environments or platforms to communicate seamlessly with each other over HTTP. If you are using SOAP, which data format are you using for information exchange?

XML

28. Which quality of a SIEM solution allows administrators to find broad attacks against an infrastructure that may go unnoticed if they're only looking at a single host?

aggregation

1. Which concept of cloud computing pertains to the ability for a cloud customer and users to access their services through a variety of different devices and locations?

broad network access

35. Which component of ITIL involves the constant evaluation of the correctness of the level of provisioned resources?

capacity management

17. Which of the following is NOT one of the types of unexpected events that continuity management deals with?

changes

5. What is a very common method of verifying the integrity of a file that has been downloaded from a site or vendor distribution, to ensure it has not been modified during transmission?

checksum

10. What will determine the responsibilities for both the cloud provider and the cloud customer in the event of litigation impacting a system or service?

contract

17. What vehicle will delineate the responsibilities for compliance and data collection pursuant to an eDiscovery request?

contract

10. Which process is used to properly maintain balanced resources across a cloud environment and to respond to changing needs from conditions due to auto-scaling?

dynamic optimization

16. What is the process that requires searching, identifying, collecting, and securing electronic data or records for use within criminal or civil legal matters?

eDiscovery

17. What is the primary security mechanism used to protect SOAP and REST APIs?

encryption

34. Which of the following is a very common complaint concerning the use of an IDS?

false positives

35. What type of identity system allows trust and verifications between the authentication systems of multiple organizations?

federated

27. Software-defined networking (SDN) is intended to separate different network capabilities and allow for the granting of granular configurations, permissions, and features to non-network staff or customers. Which network capability is separated from forwarding of traffic?

filtering

1. Which TLS protocol is responsible for performing authentication between parties and determining encryption algorithms?

handshake

27. Which of the following technologies is commonly used to learn about the methods or sources attackers are using against a system in order to find better configurations or security strategies to use for protection?

honeypot

10. Which type of cloud service category would having a vendor-neutral encryption scheme for data at rest (DAR) be the MOST important?

hybrid

23. A variety of limits can be set within a cloud environment. Which of the following is NOT a unit where a limit can be set?

hypervisor

16. Within a cloud environment, what is the most widely used protocol for communication with storage devices?

iSCSI

26. It was discovered that an attacker was able to send properly formatted SQL code through your web application in order to obtain the entire schema of the underlying database. What type of attack does this best represent?

injection

6. Which concept of cloud computing pertains to the ability to reuse components and services of an application for other purposes?

interoperability

13. Cloud environments pose many unique challenges for a data custodian to properly adhere to policies and the use of data. What poses the biggest challenge for a data custodian with a PaaS implementation, over and above the same concerns with IaaS?

knowledge of systems

4. When you are changing to a different data center for a disaster recovery scenario, which of the following could pose a challenge to the authentication systems over a geographic distance?

latency

3. At which layer does the IPSec protocol operate to encrypt and protect communications between two parties?

network

25. During the assessment phase of a risk evaluation, what are the two types of tests that are performed?

qualitative and quantitative

11. Which TLS protocol handles the secure communications between parties, specifically the send/receive operations?

record

13. Which metric is used to determine whether BCDR objectives have been met and measures the percentage of production-level restoration required for success?

recovery service level - RSL

20. With PaaS, which strategy is most commonly used for the deployment of operating system patches?

reimaging

23. Which component consumes assertions from identity providers and makes a determination as to whether to grant access, and at what level, if applicable to a user?

relying party

3. When dealing with a cloud environment that has resource pooling and multitenancy, a cloud customer may want contractual assurances that sufficient resources to start and operate their services will always be available. What is this type of assurance called?

reservation

30. A denial of service (DoS) attack can potentially impact all customers within a cloud environment with the continued allocation of additional resources. Which of the following can be useful for a customer to protect themselves from a DoS attack against another customer?

reservation

4. In a traditional data center, resources are owned, controlled, and maintained by a single entity for their exclusive use for services and systems. Within a cloud environment, this infrastructure is shared among many different customers. What is this concept called?

resource pooling

9. What principle must always been included with an SOC 2 report?

security

19. What does the risk assessment-related acronym SLE stand for?

single loss expectancy

24. Which risk response involves the use of insurance as a possible strategy for an organization?

transference

30. What type of testing runs known attacks and signatures against a system to determine a risk rating based upon discovered weaknesses?

vulnerability scanning

32. What type of device is often leveraged to assist legacy applications that may not have the programmatic capability to process assertions from modern web services?

xml accelerator

12. DNSSEC relies on digital signatures and allows a client lookup to validate a DNS resolution back to its authoritative source. What is this process called?

zone signing