CCSP : Certified Cloud Security Professional (CCSP) : Part 25

CCSP : Certified Cloud Security Professional (CCSP) : Part 25

1. In addition to battery backup, a UPS can offer which capability?

   • Breach alert
   • Confidentiality
   • Communication redundancy
   • Line conditioning

   Explanation: 
   A UPS can provide line conditioning, adjusting power so that it is optimized for the devices it serves and smoothing any power fluctuations; it does not offer any of the other listed functions.

2. For performance purposes, OS monitoring should include all of the following except:

   • Disk space
   • Disk I/O usage
   • CPU usage
   • Print spooling
   Explanation: 
   Print spooling is not a metric for system performance; all the rest are.

3. Identity and access management (IAM) is a security discipline that ensures which of the following?

   • That all users are properly authorized
   • That the right individual gets access to the right resources at the right time for the right reasons.
   • That all users are properly authenticated
   • That unauthorized users will get access to the right resources at the right time for the right reasons
   Explanation: 
   Options A and C are also correct, but included in B, making B the best choice. D is incorrect, because we don’t want unauthorized users gaining access.

4. Maintenance mode requires all of these actions except:

   • Remove all active production instances
   • Ensure logging continues
   • Initiate enhanced security controls
   • Prevent new logins
   Explanation: 
   While the other answers are all steps in moving from normal operations to maintenance mode, we do not necessarily initiate any enhanced security controls.

5. What is one of the reasons a baseline might be changed?

   • Numerous change requests
   • To reduce redundancy
   • Natural disaster
   • Power fluctuation
   Explanation: 
   If the CMB is receiving numerous change requests to the point where the amount of requests would drop by modifying the baseline, then that is a good reason to change the baseline. None of the other reasons should involve the baseline at all.

6. In a federated identity arrangement using a trusted third-party model, who is the identity provider and who is the relying party?

   • The users of the various organizations within the federations within the federation/a CASB
   • Each member organization/a trusted third party
   • Each member organization/each member organization
   • A contracted third party/the various member organizations of the federation
   Explanation: 
   In a trusted third-party model of federation, each member organization outsources the review and approval task to a third party they all trust. This makes the third party the identifier (it issues and manages identities for all users in all organizations in the federation), and the various member organizations are the relying parties (the resource providers that share resources based on approval from the third party).

7. Database activity monitoring (DAM) can be:

   • Host-based or network-based
   • Server-based or client-based
   • Used in the place of encryption
   • Used in place of data masking
   Explanation: 
   We don’t use DAM in place of encryption or masking; DAM augments these options without replacing them. We don’t usually think of the database interaction as client-server, so A is the best answer.

8. The BC/DR kit should include all of the following except:

   • Annotated asset inventory
   • Flashlight
   • Hard drives
   • Documentation equipment
   Explanation: 
   While hard drives may be useful in the kit (for instance, if they store BC/DR data such as inventory lists, baselines, and patches), they are not necessarily required. All the other items should be included.

9. The baseline should cover which of the following?

   • Data breach alerting and reporting
   • All regulatory compliance requirements
   • As many systems throughout the organization as possible
   • A process for version control
   Explanation: 
   The more systems that be included in the baseline, the more cost-effective and scalable the baseline is. The baseline does not deal with breaches or version control; those are the provinces of the security office and CMB, respectively. Regulatory compliance might (and usually will) go beyond the baseline and involve systems, processes, and personnel that are not subject to the baseline.

10. Which of the following roles is responsible for creating cloud components and the testing and validation of services?

    • Cloud auditor
    • Inter-cloud provider
    • Cloud service broker
    • Cloud service developer
    Explanation: 
    The cloud service developer is responsible for developing and creating cloud components and services, as well as for testing and validating services.

11. Which of the following storage types is most closely associated with a database-type storage implementation?

    • Object
    • Unstructured
    • Volume
    • Structured
    Explanation:
    Structured storage involves organized and categorized data, which most closely resembles and operates like a database system would.

12. A data custodian is responsible for which of the following?

    • Data context
    • Data content
    • The safe custody, transport, storage of the data, and implementation of business rules
    • Logging access and alerts
    Explanation: 
    A data custodian is responsible for the safe custody, transport, and storage of data, and the implementation of business roles.

13. Which of the following is the least challenging with regard to eDiscovery in the cloud?

    • Identifying roles such as data owner, controller and processor
    • Decentralization of data storage
    • Forensic analysis
    • Complexities of International law
    Explanation: 
    Forensic analysis is the least challenging of the answers provided as it refers to the analysis of data once it is obtained. The challenges revolve around obtaining the data for analysis due to the complexities of international law, the decentralization of data storage or difficulty knowing where to look, and identifying the data owner, controller, and processor.

14. What is the Cloud Security Alliance Cloud Controls Matrix (CCM)?

    • A set of software development life cycle requirements for cloud service providers
    • An inventory of cloud services security controls that are arranged into a hierarchy of security domains
    • An inventory of cloud service security controls that are arranged into separate security domains
    • A set of regulatory requirements for cloud service providers
    Explanation: 
    The CSA CCM is an inventory of cloud service security controls that are arranged into separate security domains, not a hierarchy.

15. Which of the following is a valid risk management metric?

    • KPI
    • KRI
    • SOC
    • SLA
    Explanation:
    KRI stands for key risk indicator. KRIs are the red flags if you will in the world of risk management. When these change, they indicate something is amiss and should be looked at quickly to determine if the change is minor or indicative of something important.

16. Which of the following is the best example of a key component of regulated PII?

    • Audit rights of subcontractors
    • Items that should be implemented
    • PCI DSS
    • Mandatory breach reporting
    Explanation: 
    Mandatory breach reporting is the best example of regulated PII components. The rest are generally considered components of contractual PII.

17. Which of the following components are part of what a CCSP should review when looking at contracting with a cloud service provider?

    • Redundant uplink grafts
    • Background checks for the provider’s personnel
    • The physical layout of the datacenter
    • Use of subcontractors
    Explanation: 
    The use of subcontractors can add risk to the supply chain and should be considered; trusting the provider’s management of their vendors and suppliers (including subcontractors) is important to trusting the provider. Conversely, the customer is not likely to be allowed to review the physical design of the datacenter (or, indeed, even know the exact location of the datacenter) or the personnel security specifics for the provider’s staff. “Redundant uplink grafts” is a nonsense term used as a distractor.

18. Which of the following is not a way to manage risk?

    • Transferring
    • Accepting
    • Mitigating
    • Enveloping
    Explanation: 
    Enveloping is a nonsense term, unrelated to risk management. The rest are not.

19. Which of the following terms is not associated with cloud forensics?

    • eDiscovery
    • Chain of custody
    • Analysis
    • Plausibility
    Explanation: 
    Plausibility, here, is a distractor and not specifically relevant to cloud forensics.

20. Which is the lowest level of the CSA STAR program?

    • Attestation
    • Self-assessment
    • Hybridization
    • Continuous monitoring
    Explanation: 
    The lowest level is Level 1, which is self-assessment, Level 2 is an external third-party attestation, and Level 3 is a continuous-monitoring program. Hybridization does not exist as part of the CSA STAR program.