ISC CCSP Exam Practice Questions (P. 1)
- Full Access (512 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #1
Which of the following roles is responsible for creating cloud components and the testing and validation of services?
- ACloud auditor
- BInter-cloud provider
- CCloud service broker
- DCloud service developerMost Voted
Correct Answer:
D
The cloud service developer is responsible for developing and creating cloud components and services, as well as for testing and validating services.
D
The cloud service developer is responsible for developing and creating cloud components and services, as well as for testing and validating services.
send
light_mode
delete
Question #2
What is the best source for information about securing a physical asset's BIOS?
- ASecurity policies
- BManual pages
- CVendor documentationMost Voted
- DRegulations
Correct Answer:
C
Vendor documentation from the manufacturer of the physical hardware is the best source of best practices for securing the BIOS.
C
Vendor documentation from the manufacturer of the physical hardware is the best source of best practices for securing the BIOS.
send
light_mode
delete
Question #3
Which of the following is not a component of contractual PII?
- AScope of processing
- BValue of dataMost Voted
- CLocation of data
- DUse of subcontractors
Correct Answer:
C
The value of data itself has nothing to do with it being considered a part of contractual
C
The value of data itself has nothing to do with it being considered a part of contractual
send
light_mode
delete
Question #4
Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment, and only for the duration that they are consuming them?
- AConsumable service
- BMeasured serviceMost Voted
- CBillable service
- DMetered service
Correct Answer:
B
Measured service is where cloud services are delivered and billed in a metered way, where the cloud customer only pays for those that they actually use, and for the duration of time that they use them.
B
Measured service is where cloud services are delivered and billed in a metered way, where the cloud customer only pays for those that they actually use, and for the duration of time that they use them.
send
light_mode
delete
Question #5
Which of the following roles involves testing, monitoring, and securing cloud services for an organization?
- ACloud service integrator
- BCloud service business manager
- CCloud service user
- DCloud service administratorMost Voted
Correct Answer:
D
The cloud service administrator is responsible for testing cloud services, monitoring services, administering security for services, providing usage reports on cloud services, and addressing problem reports
D
The cloud service administrator is responsible for testing cloud services, monitoring services, administering security for services, providing usage reports on cloud services, and addressing problem reports
send
light_mode
delete
Question #6
What is the only data format permitted with the SOAP API?
- AHTML
- BSAML
- CXSML
- DXMLMost Voted
Correct Answer:
D
The SOAP protocol only supports the XML data format.
D
The SOAP protocol only supports the XML data format.
send
light_mode
delete
Question #7
Which data formats are most commonly used with the REST API?
- AJSON and SAML
- BXML and SAML
- CXML and JSONMost Voted
- DSAML and HTML
Correct Answer:
C
JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the most commonly used data formats for the Representational State Transfer
(REST) API, and are typically implemented with caching for increased scalability and performance.
C
JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the most commonly used data formats for the Representational State Transfer
(REST) API, and are typically implemented with caching for increased scalability and performance.
send
light_mode
delete
Question #8
Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?
- AInjection
- BMissing function-level access controlMost Voted
- CCross-site request forgery
- DCross-site scripting
Correct Answer:
B
It is imperative that an application perform checks when each function or portion of the application is accessed, to ensure that the user is properly authorized to access it. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted.
B
It is imperative that an application perform checks when each function or portion of the application is accessed, to ensure that the user is properly authorized to access it. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted.
send
light_mode
delete
Question #9
Which of the following roles involves overseeing billing, purchasing, and requesting audit reports for an organization within a cloud environment?
- ACloud service user
- BCloud service business manager
- CCloud service administrator
- DCloud service integrator
Correct Answer:
B
The cloud service business manager is responsible for overseeing business and billing administration, purchasing cloud services, and requesting audit reports when necessary
B
The cloud service business manager is responsible for overseeing business and billing administration, purchasing cloud services, and requesting audit reports when necessary
send
light_mode
delete
Question #10
What is the biggest concern with hosting a key management system outside of the cloud environment?
- AConfidentiality
- BPortability
- CAvailabilityMost Voted
- DIntegrity
Correct Answer:
C
When a key management system is outside of the cloud environment hosting the application, availability is a primary concern because any access issues with the encryption keys will render the entire application unusable.
C
When a key management system is outside of the cloud environment hosting the application, availability is a primary concern because any access issues with the encryption keys will render the entire application unusable.
send
light_mode
delete
All Pages