CCSP : Certified Cloud Security Professional (CCSP) : Part 07

CCSP : Certified Cloud Security Professional (CCSP) : Part 07

1. What process is used within a clustered system to provide high availability and load balancing?

   • Dynamic balancing
   • Dynamic clustering
   • Dynamic optimization
   • Dynamic resource scheduling

   Explanation:
   Dynamic resource scheduling (DRS) is used within all clustering systems as the method for clusters to provide high availability, scaling, management, and workload distribution and balancing of jobs and processes. From a physical infrastructure perspective, DRS is used to balance compute loads between physical hosts in a cloud to maintain the desired thresholds and limits on the physical hosts.

2. Which of the following is NOT a function performed by the handshake protocol of TLS?

   • Key exchange
   • Encryption
   • Negotiation of connection
   • Establish session ID
   Explanation:
   The handshake protocol negotiates and establishes the connection as well as handles the key exchange and establishes the session ID. It does not perform the actual encryption of data packets.

3. Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?

   • Six months
   • One month
   • One year
   • One week
   Explanation:
   SOC Type 2 reports are focused on the same policies and procedures, as well as their effectiveness, as SOC Type 1 reports, but are evaluated over a period of at least six consecutive months, rather than a finite point in time.

4. What changes are necessary to application code in order to implement DNSSEC?

   • Adding encryption modules
   • Implementing certificate validations
   • Additional DNS lookups
   • No changes are needed.
   Explanation:
   To implement DNSSEC, no additional changes are needed to applications or their code because the integrity checks are all performed at the system level.

5. Which type of controls are the SOC Type 1 reports specifically focused on?

   • Integrity
   • PII
   • Financial
   • Privacy
   Explanation:
   SOC Type 1 reports are focused specifically on internal controls as they relate to financial reporting.

6. Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?

   • Integrity
   • Availability
   • Confidentiality
   • Nonrepudiation
   Explanation:
   The main goal of confidentiality is to ensure that sensitive information is not made available or leaked to parties that should not have access to it, while at the same time ensuring that those with appropriate need and authorization to access it can do so in a manner commensurate with their needs and confidentiality requirements.

7. Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?

   • Data center security
   • Human resources
   • Mobile security
   • Budgetary and cost controls
   Explanation:
   Budgetary and cost controls is not one of the domains outlined in the CCM.

8. Which security concept, if implemented correctly, will protect the data on a system, even if a malicious actor gains access to the actual system?

   • Sandboxing
   • Encryption
   • Firewalls
   • Access control
   Explanation:
   In any environment, data encryption is incredibly important to prevent unauthorized exposure of data either internally or externally. If a system is compromised by an attack, having the data encrypted on the system will prevent its unauthorized exposure or export, even with the system itself being exposed.

9. Which of the following is the sole responsibility of the cloud provider, regardless of which cloud model is used?

   • Platform
   • Data
   • Physical environment
   • Infrastructure
   Explanation:

   Regardless of which cloud-hosting model is used, the cloud provider always has sole responsibility for the physical environment.

10. Which of the following is NOT a factor that is part of a firewall configuration?

    • Encryption
    • Port
    • Protocol
    • Source IP
    Explanation:
    Firewalls take into account source IP, destination IP, the port the traffic is using, as well as the network protocol (UDP/TCP). Whether or not the traffic is encrypted is not something a firewall is concerned with.

11. Which of the cloud deployment models involves spanning multiple cloud environments or a mix of cloud hosting models?

    • Community
    • Public
    • Hybrid
    • Private
    Explanation:
    A hybrid cloud model involves the use of more than one type of cloud hosting models, typically the mix of private and public cloud hosting models.

12. Which of the following is NOT one of five principles of SOC Type 2 audits?

    • Privacy
    • Processing integrity
    • Financial
    • Security
    Explanation:
    The SOC Type 2 audits include five principles: security, privacy, processing integrity, availability, and confidentiality.

13. Which aspect of cloud computing makes data classification even more vital than in a traditional data center?

    • Interoperability
    • Virtualization
    • Multitenancy
    • Portability
    Explanation:
    With multiple tenants within the same hosting environment, any failure to properly classify data may lead to potential exposure to other customers and applications within the same environment.

14. What concept does the “T” represent in the STRIDE threat model?

    • TLS
    • Testing
    • Tampering with data
    • Transport
    Explanation:
    Any application that sends data to the user will face the potential that the user could manipulate or alter the data, whether it resides in cookies, GET or POST commands, or headers, or manipulates client-side validations. If the user receives data from the application, it is crucial that the application validate and verify any data that is received back from the user.

15. Which of the following would be a reason to undertake a BCDR test?

    • Functional change of the application
    • Change in staff
    • User interface overhaul of the application
    • Change in regulations
    Explanation:
    Any time a major functional change of an application occurs, a new BCDR test should be done to ensure the overall strategy and process are still applicable and appropriate.

16. What is the biggest challenge to data discovery in a cloud environment?

    • Format
    • Ownership
    • Location
    • Multitenancy
    Explanation:
    With the distributed nature of cloud environments, the foremost challenge for data discovery is awareness of the location of data and keeping track of it during the constant motion of cloud storage systems.

17. Which crucial aspect of cloud computing can be most threatened by insecure APIs?

    • Automation
    • Redundancy
    • Resource pooling
    • Elasticity
    Explanation:
    Cloud environments depend heavily on API calls for management and automation. Any vulnerability with the APIs can cause significant risk and exposure to all tenants of the cloud environment.

18. Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?

    • Functionality
    • Programming languages
    • Software platform
    • Security requirements
    Explanation:
    Security requirements should be incorporated into the software development lifecycle (SDLC) from the earliest requirement gathering stage and should be incorporated prior to the requirement analysis phase.

19. Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and roles, as well as to ensuring they are successful and properly performed?

    • Service-level agreements
    • Governance
    • Regulatory requirements
    • Auditability
    Explanation:
    Governance at its core is the idea of assigning jobs, takes, roles, and responsibilities and ensuring they are satisfactory performed.

20. Which regulatory system pertains to the protection of healthcare data?

    • HIPAA
    • HAS
    • HITECH
    • HFCA
    Explanation:
    The Health Insurance Portability and Accountability Act (HIPAA) sets stringent requirements in the United States for the protection of healthcare records.