ISC-CCSP

CCSP On large distributed systems with pooled resources, cloud computing relies on extensive orchestration to maintain the environment and the constant provisioning of resources.Which of the following is crucial to the orchestration and automation of networking resources within a cloud?

CCSP BCDR strategies do not typically involve the entire operations of an organization, but only those deemed critical to their business.Which concept pertains to the amount of services that need to be recovered to meet BCDR objectives?

CCSP During the course of an audit, which of the following would NOT be an input into the control requirements used as part of a gap analysis.

CCSP The GAPP framework was developed through a joint effort between the major Canadian and American professional accounting associations in order to assist their members with managing and preventing risks to the privacy of their data and customers.Which of the following is the meaning of GAPP?

CCSP Which protocol operates at the network layer and provides for full point-to-point encryption of all communications and transmissions?

CCSP When data discovery is undertaken, three main approaches or strategies are commonly used to determine what the type of data, its format, and composition are for the purposes of classification.Which of the following is NOT one of the three main approaches to data discovery?

CCSP There are many situations when testing a BCDR plan is appropriate or mandated.Which of the following would not be a necessary time to test a BCDR plan?

CCSP Key maintenance and security are paramount within a cloud environment due to the widespread use of encryption for both data and transmissions.Which of the following key-management systems would provide the most robust control over and ownership of the key-management processes for the cloud customer?

CCSP Security is a critical yet often overlooked consideration for BCDR planning.At which stage of the planning process should security be involved?

CCSP Which type of testing uses the same strategies and toolsets that hackers would use?

CCSP Which of the following statements about Type 1 hypervisors is true?

CCSP Which format is the most commonly used standard for exchanging information within a federated identity system?

CCSP Which ITIL component is focused on anticipating predictable problems and ensuring that configurations and operations are in place to prevent these problems from ever occurring?

CCSP Which of the following areas of responsibility would be shared between the cloud customer and cloud provider within the Software as a Service (SaaS) category?

CCSP When a system needs to be exposed to the public Internet, what type of secure system would be used to perform only the desired operations?

CCSP With the rapid emergence of cloud computing, very few regulations were in place that pertained to it specifically, and organizations often had to resort to using a collection of regulations that were not specific to cloud in order to drive audits and policies.Which standard from the ISO/IEC was designed specifically for cloud computing?

CCSP Which of the following is NOT considered a type of data loss?

CCSP Which of the following jurisdictions lacks a comprehensive national policy on data privacy and the protection of personally identifiable information (PII)?

CCSP Which component of ITIL involves planning for the restoration of services after an unexpected outage or incident?

CCSP Which component of ITIL pertains to planning, coordinating, executing, and validating changes and rollouts to production environments?

CCSP What process entails taking sensitive data and removing the indirect identifiers from each data object so that the identification of a single entity would not be possible?

CCSP Because cloud providers will not give detailed information out about their infrastructures and practices to the general public, they will often use established auditing reports to ensure public trust, where the reputation of the auditors serves for assurance.Which type of audit reports can be used for general public trust assurances?

CCSP Which of the following concepts is NOT one of the core components to an encryption system architecture?

CCSP For optimal security, trust zones are used for network segmentation and isolation. They allow for the separation of various systems and tiers, each with its own security level.Which of the following is typically used to allow administrative personnel access to trust zones?

CCSP Which of the following is NOT a major regulatory framework?

CCSP As part of the auditing process, getting a report on the deviations between intended configurations and actual policy is often crucial for an organization.What term pertains to the process of generating such a report?

CCSP An audit scope statement defines the limits and outcomes from an audit.Which of the following would NOT be included as part of an audit scope statement?

CCSP What concept and operational process must be spelled out clearly, as far as roles and responsibilities go, between the cloud provider and cloud customer for the mitigation of any problems or security events?

CCSP Your new CISO is placing increased importance and focus on regulatory compliance as your applications and systems move into cloud environments.Which of the following would NOT be a major focus of yours as you develop a project plan to focus on regulatory compliance?

CCSP Cloud systems are increasingly used for BCDR solutions for organizations.What aspect of cloud computing makes their use for BCDR the most attractive?