CCSP : Certified Cloud Security Professional (CCSP) : Part 09
-
Which security concept is focused on the trustworthiness of data?
- Integrity
- Availability
- Nonrepudiation
- Confidentiality
Explanation:
Integrity is focused on the trustworthiness of data as well as the prevention of unauthorized modification or tampering of it. A prime consideration for maintaining integrity is an emphasis on the change management and configuration management aspects of operations, so that all modifications are predictable, tracked, logged, and verified, whether they are performed by actual human users or systems processes and scripts. -
Which OSI layer does IPsec operate at?
- Network
- transport
- Application
- Presentation
Explanation:
A major difference between IPsec and other protocols such as TLS is that IPsec operates at the Internet network layer rather than the application layer, allowing for complete end-to-end encryption of all communications and traffic. -
Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met?
- Regulatory requirements
- SLAs
- Auditability
- Governance
Explanation:
Whereas a contract spells out general terms and costs for services, the SLA is where the real meat of the business relationship and concrete requirements come into play. The SLA spells out in clear terms the minimum requirements for uptime, availability, processes, customer service and support, security controls and requirements, auditing and reporting, and potentially many other areas that define the business relationship and the success of it. -
Which of the following service capabilities gives the cloud customer the most control over resources and configurations?
- Desktop
- Platform
- Infrastructure
- Software
Explanation:
The infrastructure service capability gives the cloud customer substantial control in provisioning and configuring resources, including processing, storage, and network resources. -
What concept does the “I” represent with the STRIDE threat model?
- Integrity
- Information disclosure
- IT security
- Insider threat
Explanation:
Perhaps the biggest concern for any user is having their personal and sensitive information disclosed by an application. There are many aspects of an application to consider with security and protecting this information, and it is very difficult for any application to fully ensure security from start to finish. The obvious focus is on security within the application itself, as well as protecting and storing the data. -
At which stage of the BCDR plan creation phase should security be included in discussions?
- Define scope
- Analyze
- Assess risk
- Gather requirements
Explanation:
Security should be included in discussions from the very first phase when defining the scope. Adding security later is likely to incur additional costs in time and money, or will result in an incomplete or inadequate plan. -
Which approach is typically the most efficient method to use for data discovery?
- Metadata
- Content analysis
- Labels
- ACLs
Explanation:
Metadata is data about data. It contains information about the type of data, how it is stored and organized, or information about its creation and use. -
Which of the following features is a main benefit of PaaS over IaaS?
- Location independence
- High-availability
- Physical security requirements
- Auto-scaling
Explanation:
With PaaS providing a fully configured and managed framework, auto-scaling can be implemented to programmatically adjust resources based on the current demands of the environment. -
Which audit type has been largely replaced by newer approaches since 2011?
- SOC Type 1
- SSAE-16
- SAS-70
- SOC Type 2
Explanation:
SAS-70 reports were replaced in 2011 with the SSAE-16 reports throughout the industry. -
Which of the following can be useful for protecting cloud customers from a denial-of-service (DoS) attack against another customer hosted in the same cloud?
- Reservations
- Measured service
- Limits
- Shares
Explanation:
Reservations ensure that a minimum level of resources will always be available to a cloud customer for them to start and operate their services. In the event of a DoS attack against one customer, they can guarantee that the other customers will still be able to operate. -
Which of the following service capabilities gives the cloud customer the least amount of control over configurations and deployments?
- Platform
- Infrastructure
- Software
- Desktop
Explanation:
The software service capability gives the cloud customer a fully established application, where only minimal user configuration options are allowed. -
What does the “SOC” acronym refer to with audit reports?
- Service Origin Confidentiality
- System Organization Confidentiality
- Service Organizational Control
- System Organization Control
-
What does the REST API use to protect data transmissions?
- NetBIOS
- VPN
- Encapsulation
- TLS
Explanation:
Representational State Transfer (REST) uses TLS for communication over secured channels. Although REST also supports SSL, at this point SSL has been phased out due to vulnerabilities and has been replaced by TLS. -
What strategy involves replacing sensitive data with opaque values, usually with a means of mapping it back to the original value?
- Masking
- Anonymization
- Tokenization
- Obfuscation
Explanation:
Tokenization is the practice of utilizing a random and opaque “token” value in data to replace what otherwise would be a sensitive or protected data object. The token value is usually generated by the application with a means to map it back to the actual real value, and then the token value is placed in the data set with the same formatting and requirements of the actual real value so that the application can continue to function without different modifications or code changes. -
With software-defined networking, what aspect of networking is abstracted from the forwarding of traffic?
- Routing
- Session
- Filtering
- Firewalling
Explanation:
With software-defined networking (SDN), the filtering of network traffic is separated from the forwarding of network traffic so that it can be independently administered. -
Which of the following does NOT fall under the “IT” aspect of quality of service (QoS)?
- Applications
- Key performance indicators (KPIs)
- Services
- Security
Explanation:
KPIs fall under the “business” aspect of QoS, along with monitoring and measuring of events and business processes. Services, security, and applications are all core components and concepts of the “IT” aspect of QoS. -
What does dynamic application security testing (DAST) NOT entail?
- Scanning
- Probing
- Discovery
- Knowledge of the system
Explanation:
Dynamic application security testing (DAST) is considered “black box” testing and begins with no inside knowledge of the application or its configurations. Everything about the application must be discovered during the testing. -
Where is an XML firewall most commonly deployed in the environment?
- Between the application and data layers
- Between the IPS and firewall
- Between the presentation and application layers
- Between the firewall and application server
Explanation:
XML firewalls are most commonly deployed in line between the firewall and application server to validate XML code before it reaches the application. -
What type of masking strategy involves replacing data on a system while it passes between the data and application layers?
- Dynamic
- Static
- Replication
- Duplication
Explanation:
With dynamic masking, production environments are protected with the masking process being implemented between the application and data layers of the application. This allows for a masking translation to take place live in the system and during normal application processing of data. -
Which of the following is a widely used tool for code development, branching, and collaboration?
- GitHub
- Maestro
- Orchestrator
- Conductor
Explanation:
GitHub is an open source tool that developers leverage for code collaboration, branching, and versioning.
Subscribe
0 Comments
Newest