Practical CCSP Exam Questions 2021

NEW QUESTION 1
A typical DLP tool can enhance the organization’s efforts at accomplishing what legal task? Response:

• A. Evidence collection
• B. Delivering testimony
• C. Criminal prosecution
• D. Enforcement of intellectual property rights

Answer: A

NEW QUESTION 2
The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “security misconfiguration.”
Which of these is a technique to reduce the potential for a security misconfiguration? Response:

• A. Get regulatory approval for major configuration modifications.
• B. Update the BCDR plan on a timely basis.
• C. Train all users on proper security procedures.
• D. Perform periodic scans and audits of the environment.

Answer: D

NEW QUESTION 3
Which of the following threats from the OWASP Top Ten is the most difficult for an organization to protect against?
Response:

• A. Advanced persistent threats
• B. Account hijacking
• C. Malicious insiders
• D. Denial of service

Answer: C

NEW QUESTION 4
What are the objectives of change management? (Choose all that apply.)
Response:

• A. Respond to a customer’s changing business requirements while maximizing value and reducing incidents, disruption, and rework
• B. Ensure that changes are recorded and evaluated
• C. Respond to business and IT requests for change that will disassociate services with business needs
• D. Ensure that all changes are prioritized, planned, tested, implemented, documented, and reviewed in a controlled manner

Answer: AB

NEW QUESTION 5
There are two general types of smoke detectors. Which type uses a small portion of radioactive material? Response:

• A. Photoelectric
• B. Ionization
• C. Electron pulse
• D. Integral field

Answer: B

NEW QUESTION 6
What is used with a single sign-on system for authentication after the identity provider has successfully authenticated a user?
Response:

• A. Token
• B. Key
• C. XML
• D. SAML

Answer: A

NEW QUESTION 7
What is the most secure form of code testing and review? Response:

• A. Open source
• B. Proprietary/internal
• C. Neither open source nor proprietary
• D. Combination of open source and proprietary

Answer: D

NEW QUESTION 8
Which of the following is a method for apportioning resources that involves prioritizing resource requests to resolve contention situations?
Response:

• A. Reservations
• B. Shares
• C. Cancellations
• D. Limits

Answer: B

NEW QUESTION 9
What are the phases of a software development lifecycle process model? Response:

• A. Planning and requirements analysis, define, design, develop, testing, and maintenance
• B. Define, planning and requirements analysis, design, develop, testing, and maintenance
• C. Planning and requirements analysis, define, design, testing, develop, and maintenance
• D. Planning and requirements analysis, design, define, develop, testing, and maintenance

Answer: A

NEW QUESTION 10
Your organization has made it a top priority that any cloud environment being considered to host production systems have guarantees that resources will always be available for allocation when needed.
Which of the following concepts will you need to ensure is part of the contract and SLA? Response:

• A. Limits
• B. Shares
• C. Resource pooling
• D. Reservations

Answer: D

NEW QUESTION 11
Which of the following is not a feature of SAST? Response:

• A. Source code review
• B. Team-building efforts
• C. “White-box” testing
• D. Highly skilled, often expensive outside consultants

Answer: B

NEW QUESTION 12
The final phase of the cloud data lifecycle is the destroy phase, where data is ultimately deleted and done so in a secure manner to ensure it cannot be recovered or reconstructed. Which cloud service category poses the most challenges to data destruction or the cloud customer?

• A. Platform
• B. Software
• C. Infrastructure
• D. Desktop

Answer: B

NEW QUESTION 13
Which of the following is a possible negative aspect of bit-splitting?

• A. Greater chance of physical theft of assets
• B. Loss of public image
• C. Some risk to availability, depending on the implementation
• D. A small fire hazard

Answer: C

NEW QUESTION 14
Single sign-on systems work by authenticating users from a centralized location or using a centralized method, and then allowing applications that trust the system to grant those users access. What would be passed between the authentication system and the applications to grant a user access?
Response:

• A. Ticket
• B. Certificate
• C. Credential
• D. Token

Answer: D

NEW QUESTION 15
When considering the option to migrate from an on-premises environment to a hosted cloud service, an organization should weigh the risks of allowing external entities to access the cloud data for collaborative purposes against ______.
Response:

• A. Not securing the data in the legacy environment
• B. Disclosing the data publicly
• C. Inviting external personnel into the legacy workspace in order to enhance collaboration
• D. Sending the data outside the legacy environment for collaborative purposes

Answer: D

NEW QUESTION 16
All of the following are identity federation standards commonly found in use today except ______.
Response:

• A. WS-Federation
• B. OpenID
• C. OAuth
• D. PGP

Answer: D

NEW QUESTION 17
During the assessment phase of a risk evaluation, what are the two types of tests that are performed? Response:

• A. Internal and external
• B. Technical and managerial
• C. Physical and logical
• D. Qualitative and quantitative

Answer: D