[Sep 07, 2022] Latest Questions CCSP Guide to Prepare Free Practice Tests [Q189-Q205]

[Sep 07, 2022] Latest Questions CCSP Guide to Prepare Free Practice Tests

Reliable CCSP Dumps Questions Available as Web-Based Practice Test Engine

What are the prerequisites for this CCSP exam? What experience, if any, do I need in order to take the ISC CCSP exam?

The candidate must have a minimum of four years of work experience in security (or equivalent job-share experience) and study well with our ISC CCSP Dumps before taking the exam. It is also recommended that you have at least eight years of IT experience in total (or equivalent job-share experience) out of which four years must be specifically of information systems security; one-year managing networked environments supporting 10 or more users; six months leading a team that is responsible for information systems security.
If you are a student, you would need at least six months of the above-mentioned experience. For people who hold any other type of professional certification such as CCSP, CISSP, Security+, etc. you must have at least three years of work experience in security (or equivalent job-share experience) before taking the exam. It is also recommended that you have at least four years of IT experience in total (or equivalent job-share experience) out of which two years must be specifically of information systems security; one-year managing networked environments supporting 10 or more users; six months leading a team that is responsible for information systems security.
If you are a student, you would need at least six months of the above-mentioned experience. If you have a degree in Information Security or Computer Science, ISC Foundation will waive any experience requirement.

QUESTION 189
When using transparent encryption of a database, where does the encryption engine reside?
Response:

 At the application using the database

 On the instance(s) attached to the volume

 In a key management system

 Within the database

QUESTION 190
What process is used within a clustered system to provide high availability and load balancing?

 Dynamic balancing

 Dynamic clustering

 Dynamic optimization

 Dynamic resource scheduling

Explanation
Explanation:
Dynamic resource scheduling (DRS) is used within all clustering systems as the method for clusters to provide high availability, scaling, management, and workload distribution and balancing of jobs and processes. From a physical infrastructure perspective, DRS is used to balance compute loads between physical hosts in a cloud to maintain the desired thresholds and limits on the physical hosts.

QUESTION 191
Which value refers to the percentage of production level restoration needed to meet BCDR objectives?

 RPO

 RTO

 RSL

 SRE

The recovery service level (RSL) is a percentage measure of the total typical production service level that needs to be restored to meet BCDR objectives in the case of a failure.

QUESTION 192
A UPS should have enough power to last how long?

 One day

 12 hours

 Long enough for graceful shutdown

 10 minutes

Team-building has nothing to do with SAST; all the rest of the answers are characteristics of SAST.

QUESTION 193
Who is ultimately responsible for a data breach that includes personally identifiable information (PII), in the event of negligence on the part of the cloud provider?

 The user

 The subject

 The cloud provider

 The cloud customer

QUESTION 194
In a cloud environment, encryption should be used for all the following, except:

 Secure sessions/VPN

 Long-term storage of data

 Near-term storage of virtualized images

 Profile formatting

Explanation/Reference:
Explanation:
All of these activities should incorporate encryption, except for profile formatting, which is a made-up term.

QUESTION 195
Which aspect of SaaS will alleviate much of the time and energy organizations spend on compliance (specifically baselines)?

 Maintenance

 Licensing

 Standardization

 Development

With the entire software platform being controlled by the cloud provider, the standardization of configurations and versioning is done automatically for the cloud customer. This alleviates the customer’s need to track upgrades and releases for its own systems and development; instead, the onus is on the cloud provider.
Although licensing is the responsibility of the cloud customer within SaaS, it does not have an impact on compliance requirements. Within SaaS, development and maintenance of the system are solely the responsibility of the cloud provider.

QUESTION 196
Deviations from the baseline should be investigated and __________________.

 Revealed

 Documented

 Encouraged

 Enforced

All deviations from the baseline should be documented, including details of the investigation and outcome. We do not enforce or encourage deviations. Presumably, we would already be aware of the deviation, so
“revealing” is not a reasonable answer.

QUESTION 197
One of the security challenges of operating in the cloud is that additional controls must be placed on file storage systems because ____________.
Response:

 File stores are always kept in plain text in the cloud

 There is no way to sanitize file storage space in the cloud

 Virtualization necessarily prevents the use of application-based security controls

 Virtual machines are stored as snapshotted files when not in use

QUESTION 198
What is a key capability or characteristic of PaaS?

 Support for a homogenous environment

 Support for a single programming language

 Ability to reduce lock-in

 Ability to manually scale

PaaS should have the following key capabilities and characteristics:
– Support multiple languages and frameworks: PaaS should support multiple programming languages and frameworks, thus enabling the developers to code in whichever language they prefer or the design requirements specify. In recent times, significant strides and efforts have been taken to ensure that open source stacks are both supported and utilized, thus reducing “lock-in” or issues with interoperability when changing CSPs.
– Multiple hosting environments: The ability to support a wide variety of underlying hosting environments for the platform is key to meeting customer requirements and demands. Whether public cloud, private cloud, local hypervisor, or bare metal, supporting multiple hosting environments allows the application developer or administrator to migrate the application when and as required. This can also be used as a form of contingency and continuity and to ensure the ongoing availability.
– Flexibility: Traditionally, platform providers provided features and requirements that they felt suited the client requirements, along with what suited their service offering and positioned them as the provider of choice, with limited options for the customers to move easily. This has changed drastically, with extensibility and flexibility now afforded to meeting the needs and requirements of developer audiences. This has been heavily influenced by open source, which allows relevant plug-ins to be quickly and efficiently introduced into the platform.
– Allow choice and reduce lock-in: PaaS learns from previous horror stories and restrictions, proprietary meant red tape, barriers, and restrictions on what developers could do when it came to migration or adding features and components to the platform. Although the requirement to code to specific APIs was made available by the providers, they could run their apps in various environments based on commonality and standard API structures, ensuring a level of consistency and quality for customers and users.
– Ability to auto-scale: This enables the application to seamlessly scale up and down as required to accommodate the cyclical demands of users. The platform will allocate resources and assign these to the application as required. This serves as a key driver for any seasonal organizations that experience spikes and drops in usage.

QUESTION 199
Cloud environments pose many unique challenges for a data custodian to properly adhere to policies and the use of data. What poses the biggest challenge for a data custodian with a PaaS implementation, over and above the same concerns with IaaS?

 Access to systems

 Knowledge of systems

 Data classification rules

 Contractual requirements

QUESTION 200
Why does a Type 2 hypervisor typically offer less security control than a Type 1 hypervisor?

 A Type 2 hypervisor runs on top of another operating system and is dependent on the security of the OS for its own security.

 A Type 2 hypervisor allows users to directly perform some functions with their own access.

 A Type 2 hypervisor is open source, so attackers can more easily find exploitable vulnerabilities with that access.

 A Type 2 hypervisor is always exposed to the public Internet for federated identity access.

Explanation
A Type 2 hypervisor differs from a Type 1 hypervisor in that it runs on top of another operating system rather than directly tied into the underlying hardware of the virtual host servers. With this type of implementation, additional security and architecture concerns come into play because the interaction between the operating system and the hypervisor becomes a critical link. The hypervisor no longer has direct interaction and control over the underlying hardware, which means that some performance will be lost due to the operating system in the middle needing its own resources, patching requirements, and operational oversight.

QUESTION 201
Within a SaaS environment, what is the responsibility on the part of the cloud customer in regard to procuring the software used?

 Maintenance

 Licensing

 Development

 Purchasing

Explanation/Reference:
Explanation:
Within a SaaS implementation, the cloud customer licenses the use of the software from the cloud provider because SaaS delivers a fully functional application to the customer. With SaaS, the cloud provider is responsible for the entire software application and any necessary infrastructure to develop, run, and maintain it. The purchasing, development, and maintenance are fully the responsibility of the cloud provider.

QUESTION 202
Which of the following aspects of cloud computing would make it more likely that a cloud provider would be unwilling to satisfy specific certification requirements?

 Regulation

 Multitenancy

 Virtualization

 Resource pooling

Explanation
With cloud providers hosting a number of different customers, it would be impractical for them to pursue additional certifications based on the needs of a specific customer. Cloud environments are built to a common denominator to serve the greatest number of customers. Especially within a public cloud model, it is not possible or practical for a cloud provider to alter its services for specific customer demands. Resource pooling and virtualization within a cloud environment would be the same for all customers, and would not impact certifications that a cloud provider might be willing to pursue. Regulations would form the basis for certification problems and would be a reason for a cloud provider to pursue specific certifications to meet customer requirements.

QUESTION 203
When using an Infrastructure as a Service (IaaS) solution, what is the capability provided to the customer?
Response:

 To provision processing, storage, networks, and other fundamental computing resources when the consumer is not able to deploy and run arbitrary software, which can include operating systems and applications.

 To provision processing, storage, networks, and other fundamental computing resources when the provider is able to deploy and run arbitrary software, which can include operating systems and applications.

 To provision processing, storage, networks, and other fundamental computing resources when the auditor is able to deploy and run arbitrary software, which can include operating systems and applications.

 To provision processing, storage, networks, and other fundamental computing resources when the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.

QUESTION 204
What is the best approach for dealing with services or utilities that are installed on a system but not needed to perform their desired function?

 Remove

 Monitor

 Disable

 Stop

Explanation/Reference:
Explanation:
The best practice is to totally remove any unneeded services and utilities on a system to prevent any chance of compromise or use. If they are just disabled, it is possible for them to be inadvertently started again at any point, or another exploit could be used to start them again. Removing also negates the need to patch and maintain them going forward.

QUESTION 205
The share phase of the cloud data lifecycle involves allowing data to leave the application, to be shared with external systems, services, or even other vendors/contractors.
What technology would be useful for protecting data at this point?

 IDS

 DLP

 IPS

 WAF

Explanation
Data loss prevention (DLP) solutions allow for control of data outside of the application or original system.
They can enforce granular control such as printing, copying, and being read by others, as well as forcing expiration of access. Intrusion detection system (IDS) and intrusion prevention system (IPS) solutions are used for detecting and blocking suspicious and malicious traffic, respectively, whereas a web application firewall (WAF) is used for enforcing security or other controls on web-based applications.

 Loading …

Difficulty in writing the ISC CCSP Certification Exam

The CCSP exam is an exam for professionals, and it includes passing a written test and an in-person interview.
There are many difficulties that arise when writing the CCSP exam, such as ethics among other things. This is due to the fact that there are many experts in this field which result in some of these people having very more experience than others. Other issues include lack of prep time between preparing for writing the final project report for the certifications as well as the number of certain topics covered by this task. CCSP Dumps will help you in overcoming all these difficulties.

The difficulties in writing the ISC CCSP Exam could include the following:

• The exam is not available to be taken online.
• There is no classroom or study center that can be used.
• All test questions are released at the same time.
• The exam is only open for a month, two times a year.
• You have to understand very complex material on computer systems before taking the written CCSP exam, which many people could find challenging.

Correct and Up-to-date ISC CCSP BrainDumps: https://www.topexamcollection.com/CCSP-vce-collection.html