CCSP : Certified Cloud Security Professional (CCSP) : Part 02

CCSP : Certified Cloud Security Professional (CCSP) : Part 02

1. Within an Infrastructure as a Service model, which of the following would NOT be a measured service?

   • CPU
   • Storage
   • Number of users
   • Memory

   Explanation: 
   Within IaaS, the number of users on a system is not relevant to the particular hosting model in regard to cloud resources. IaaS is focused on infrastructure needs of a system or application. Therefore, a factor such as the number of users that could affect licensing requirements, for example, would apply to the SaaS model, or in some instances to PaaS.

2. Which of the following is NOT a criterion for data within the scope of eDiscovery?

   • Possession
   • Custody
   • Control
   • Archive
   Explanation: 
   eDiscovery pertains to information and data that is in the possession, control, and custody of an organization.

3. Which United States law is focused on accounting and financial practices of organizations?

   • Safe Harbor
   • GLBA
   • SOX
   • HIPAA
   Explanation:​
   The Sarbanes-Oxley (SOX) Act is not an act that pertains to privacy or IT security directly, but rather regulates accounting and financial practices used by organizations. It was passed to protect stakeholders and shareholders from improper practices and errors, and it sets forth rules for compliance, regulated and enforced by the Securities and Exchange Commission (SEC). The main influence on IT systems and operations is the requirements it sets for data retention, specifically in regard to what types of records must be preserved and for how long.

4. What type of masking strategy involves making a separate and distinct copy of data with masking in place?

   • Dynamic
   • Replication
   • Static
   • Duplication
   Explanation:​
   With static masking, a separate and distinct copy of the data set is created with masking in place. This is typically done through a script or other process that takes a standard data set, processes it to mask the appropriate and predefined fields, and then outputs the data set as a new one with the completed masking done.

5. Which of the following storage types is most closely associated with a database-type storage implementation?

   • Object
   • Unstructured
   • Volume
   • Structured
   Explanation:
   Structured storage involves organized and categorized data, which most closely resembles and operates like a database system would.

6. Which of the following roles is responsible for overseeing customer relationships and the processing of financial transactions?

   • Cloud service manager
   • Cloud service deployment
   • Cloud service business manager
   • Cloud service operations manager
   Explanation:
   The cloud service business manager is responsible for overseeing business plans and customer relationships as well as processing financial transactions.

7. Which protocol does the REST API depend on?

   • HTTP
   • XML
   • SAML
   • SSH
   Explanation:
   Representational State Transfer (REST) is a software architectural scheme that applies the components, connectors, and data conduits for many web applications used on the Internet. It uses and relies on the HTTP protocol and supports a variety of data formats.

8. Which United States program was designed to enable organizations to bridge the gap between privacy laws and requirements of the United States and the European Union?

   • GLBA
   • HIPAA
   • Safe Harbor
   • SOX
   Explanation: 
   Due to the lack of an adequate privacy law or protection at the federal level in the United States, European privacy regulations generally prohibit the exporting or sharing of PII from Europe with the United States. Participation in the Safe Harbor program is voluntary on behalf of an organization, but it does require them to conform to specific requirements and policies that mirror those from the EU. Thus, organizations can fulfill requirements for data sharing and export and possibly serve customers in the EU.

9. What is the biggest benefit to leasing space in a data center versus building or maintain your own?

   • Certification
   • Costs
   • Regulation
   • Control
   Explanation: 
   When leasing space in a data center, an organization can avoid the enormous startup and building costs associated with a data center, and can instead leverage economies of scale by grouping with other organizations and sharing costs.

10. Which of the following security measures done at the network layer in a traditional data center are also applicable to a cloud environment?

    • Dedicated switches
    • Trust zones
    • Redundant network circuits
    • Direct connections
    Explanation: 
    Trust zones can be implemented to separate systems or tiers along logical lines for great security and access controls. Each zone can then have its own security controls and monitoring based on its particular needs.

11. Which aspect of cloud computing will be most negatively impacted by vendor lock-in?

    • Elasticity
    • Reversibility
    • Interoperability
    • Portability
    Explanation: 
    A cloud customer utilizing proprietary APIs or services from one cloud provider that are unlikely to be available from another cloud provider will most negatively impact portability.

12. Which of the following APIs are most commonly used within a cloud environment?

    • REST and SAML
    • SOAP and REST
    • REST and XML
    • XML and SAML
    Explanation: 
    Simple Object Access Protocol (SOAP) and Representational State Transfer (REST) are the most commonly used APIs within a cloud environment. Extensible Markup Language (XML) and Security Assertion Markup Language (SAML) are both standards for exchanging encoded data between two parties, with XML being for more general use and SAML focused on authentication and authorization data.

13. Which of the following attempts to establish an international standard for eDiscovery processes and best practices?

    • ISO/IEC 31000
    • ISO/IEC 27050
    • ISO/IEC 19888
    • ISO/IEC 27001
    Explanation: 
    ISO/IEC 27050 strives to establish an internationally accepted standard for eDiscovery processes and best practices. It encompasses all steps of the eDiscovery process: identification, preservation, collection, processing, review, analysis, and the final production of the requested data.

14. Which of the following roles is responsible for obtaining new customers and securing contracts and agreements?

    • Inter-cloud provider
    • Cloud service broker
    • Cloud auditor
    • Cloud service developer
    Explanation:
    The cloud service broker is responsible for obtaining new customers, analyzing the marketplace, and securing contracts and agreements.

15. Which term relates to the application of scientific methods and practices to evidence?

    • Forensics
    • Methodical
    • Theoretical
    • Measured
    Explanation: 
    Forensics is the application of scientific and methodical processes to identify, collect, preserve, analyze, and summarize/report digital information and evidence.

16. Which of the following roles involves the provisioning and delivery of cloud services?

    • Cloud service deployment manager
    • Cloud service business manager
    • Cloud service manager
    • Cloud service operations manager
    Explanation: 
    The cloud service manager is responsible for the delivery of cloud services, the provisioning of cloud services, and the overall management of cloud services.

17. What is the primary reason that makes resolving jurisdictional conflicts complicated?

    • Different technology standards
    • Costs
    • Language barriers
    • Lack of international authority
    Explanation: 
    With international operations, systems ultimately cross many jurisdictional boundaries, and many times, they conflict with each other. The major hurdle to overcome for an organization is the lack of an ultimate international authority to mediate such conflicts, with a likely result of legal efforts in each jurisdiction.

18. GAAPs are created and maintained by which organization?

    • ISO/IEC
    • AICPA
    • PCI Council
    • ISO
    Explanation: 
    The AICPA is the organization responsible for generating and maintaining what are the Generally Accepted Accounting Practices in the United States.

19. Which of the following roles is responsible for preparing systems for the cloud, administering and monitoring services, and managing inventory and assets?

    • Cloud service business manager
    • Cloud service deployment manager
    • Cloud service operations manager
    • Cloud service manager
    Explanation: 
    The cloud service operations manager is responsible for preparing systems for the cloud, administering and monitoring services, providing audit data as requested or required, and managing inventory and assets.

20. Which protocol allows a system to use block-level storage as if it was a SAN, but over TCP network traffic instead?

    • SATA
    • iSCSI
    • TLS
    • SCSI
    Explanation: 
    iSCSI is a protocol that allows for the transmission and use of SCSI commands and features over a TCP-based network. iSCSI allows systems to use block-level storage that looks and behaves as a SAN would with physical servers, but to leverage the TCP network within a virtualized environment and cloud.