Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CCSPFree trialFree trial

By isc
Aug, 2025

Verified

25Q per page

Question 26

What process is used within a clustered system to provide high availability and load balancing?

  • A: Dynamic balancing
  • B: Dynamic clustering
  • C: Dynamic optimization
  • D: Dynamic resource scheduling

Question 27

Which of the following is NOT a function performed by the handshake protocol of TLS?

  • A: Key exchange
  • B: Encryption
  • C: Negotiation of connection
  • D: Establish session ID

Question 28

Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?

  • A: Six months
  • B: One month
  • C: One year
  • D: One week

Question 29

What changes are necessary to application code in order to implement DNSSEC?

  • A: Adding encryption modules
  • B: Implementing certificate validations
  • C: Additional DNS lookups
  • D: No changes are needed.

Question 30

Which type of controls are the SOC Type 1 reports specifically focused on?

  • A: Integrity
  • B: PII
  • C: Financial
  • D: Privacy

Question 31

Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?

  • A: Integrity
  • B: Availability
  • C: Confidentiality
  • D: Nonrepudiation

Question 32

Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?

  • A: Data center security
  • B: Human resources
  • C: Mobile security
  • D: Budgetary and cost controls

Question 33

Which security concept, if implemented correctly, will protect the data on a system, even if a malicious actor gains access to the actual system?

  • A: Sandboxing
  • B: Encryption
  • C: Firewalls
  • D: Access control

Question 34

Which of the following is the sole responsibility of the cloud provider, regardless of which cloud model is used?

  • A: Platform
  • B: Data
  • C: Physical environment
  • D: Infrastructure

Question 35

What does the management plane typically utilize to perform administrative functions on the hypervisors that it has access to?

  • A: Scripts
  • B: RDP
  • C: APIs
  • D: XML

Question 36

Which of the following is NOT a factor that is part of a firewall configuration?

  • A: Encryption
  • B: Port
  • C: Protocol
  • D: Source IP

Question 37

Which of the cloud deployment models involves spanning multiple cloud environments or a mix of cloud hosting models?

  • A: Community
  • B: Public
  • C: Hybrid
  • D: Private

Question 38

Which of the following is NOT one of five principles of SOC Type 2 audits?

  • A: Privacy
  • B: Processing integrity
  • C: Financial
  • D: Security

Question 39

Which aspect of cloud computing makes data classification even more vital than in a traditional data center?

  • A: Interoperability
  • B: Virtualization
  • C: Multitenancy
  • D: Portability

Question 40

What concept does the "T" represent in the STRIDE threat model?

  • A: TLS
  • B: Testing
  • C: Tampering with data
  • D: Transport

Question 41

Which of the following would be a reason to undertake a BCDR test?

  • A: Functional change of the application
  • B: Change in staff
  • C: User interface overhaul of the application
  • D: Change in regulations

Question 42

What is the biggest challenge to data discovery in a cloud environment?

  • A: Format
  • B: Ownership
  • C: Location
  • D: Multitenancy

Question 43

Which crucial aspect of cloud computing can be most threatened by insecure APIs?

  • A: Automation
  • B: Redundancy
  • C: Resource pooling
  • D: Elasticity

Question 44

Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?

  • A: Functionality
  • B: Programming languages
  • C: Software platform
  • D: Security requirements

Question 45

Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and roles, as well as to ensuring they are successful and properly performed?

  • A: Service-level agreements
  • B: Governance
  • C: Regulatory requirements
  • D: Auditability

Question 46

What is a serious complication an organization faces from the perspective of compliance with international operations?

  • A: Different certifications
  • B: Multiple jurisdictions
  • C: Different capabilities
  • D: Different operational procedures

Question 47

Which regulatory system pertains to the protection of healthcare data?

  • A: HIPAA
  • B: HAS
  • C: HITECH
  • D: HFCA

Question 48

Which aspect of cloud computing makes it very difficult to perform repeat audits over time to track changes and compliance?

  • A: Virtualization
  • B: Multitenancy
  • C: Resource pooling
  • D: Dynamic optimization

Question 49

Which security concept would business continuity and disaster recovery fall under?

  • A: Confidentiality
  • B: Availability
  • C: Fault tolerance
  • D: Integrity

Question 50

Which of the following is NOT an application or utility to apply and enforce baselines on a system?

  • A: Chef
  • B: GitHub
  • C: Puppet
  • D: Active Directory
Page 2 of 21 • Questions 26-50 of 511
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!