ISC-CCSP

CCSP Your IT steering committee has, at a high level, approved your project to begin using cloud services. However, the committee is concerned with getting locked into a single cloud provider and has flagged the ability to easily move between cloud providers as a top priority. It also wants to save costs by reusing components.Which cross-cutting aspect of cloud computing would be your primary focus as your project plan continues to develop and you begin to evaluate cloud providers?

CCSP Which of the following provides assurance, to a predetermined acceptable level of certainty, that an entity is indeed who they claim to be?

CCSP Whereas a contract articulates overall priorities and requirements for a business relationship, which artifact enumerates specific compliance requirements, metrics, and response times?

CCSP When an organization is considering the use of cloud services for BCDR planning and solutions, which of the following cloud concepts would be the most important?

CCSP What masking strategy involves the replacing of sensitive data at the time it is accessed and used as it flows between the data and application layers of a service?

CCSP Which of the following would be considered an example of insufficient due diligence leading to security or operational problems when moving to a cloud?

CCSP Which aspect of cloud computing serves as the biggest challenge to using DLP to protect data at rest?

CCSP What category of PII data can carry potential fines or even criminal charges for its improper use or disclosure?

CCSP A variety of security systems can be integrated within a network--some that just monitor for threats and issue alerts, and others that take action based on signatures, behavior, and other types of rules to actively stop potential threats.Which of the following types of technologies is best described here?

CCSP Upon completing a risk analysis, a company has four different approaches to addressing risk. Which approach it takes will be based on costs, available options, and adherence to any regulatory requirements from independent audits.Which of the following groupings correctly represents the four possible approaches?

CCSP Which of the following is NOT a component of access control?

CCSP What concept does the A represent within the DREAD model?

CCSP With an application hosted in a cloud environment, who could be the recipient of an eDiscovery order?

CCSP Which ITIL component focuses on ensuring that system resources, processes, and personnel are properly allocated to meet SLA requirements?

CCSP Which ITIL component is an ongoing, iterative process of tracking all deployed and configured resources that an organization uses and depends on, whether they are hosted in a traditional data center or a cloud?

CCSP When beginning an audit, both the system owner and the auditors must agree on various aspects of the final audit report.Which of the following would NOT be something that is predefined as part of the audit agreement?

CCSP Which of the following is the concept of segregating information or processes, within the same system or application, for security reasons?

CCSP Which cloud service category most commonly uses client-side key management systems?

CCSP Apart from using encryption at the file system level, what technology is the most widely used to protect data stored in an object storage system?

CCSP Which of the following types of data would fall under data rights management (DRM) rather than information rights management (IRM)?

CCSP Different security testing methodologies offer different strategies and approaches to testing systems, requiring security personnel to determine the best type to use for their specific circumstances.What does dynamic application security testing (DAST) NOT entail that SAST does?

CCSP You need to gain approval to begin moving your company's data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from the cloud provider as a precondition.Which of the following cloud concepts would this pertain to?

CCSP What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?

CCSP A main objective for an organization when utilizing cloud services is to avoid vendor lock-in so as to ensure flexibility and maintain independence.Which core concept of cloud computing is most related to vendor lock-in?

CCSP Which of the following areas of responsibility always falls completely under the purview of the cloud provider, regardless of which cloud service category is used?

CCSP What type of masking would you employ to produce a separate data set for testing purposes based on production data without any sensitive information?

CCSP Which aspect of data poses the biggest challenge to using automated tools for data discovery and programmatic data classification?

CCSP When an organization is considering a cloud environment for hosting BCDR solutions, which of the following would be the greatest concern?

CCSP Just like the risk management process, the BCDR planning process has a defined sequence of steps and processes to follow to ensure the production of a comprehensive and successful plan.Which of the following is the correct sequence of steps for a BCDR plan?

CCSP What type of solution is at the core of virtually all directory services?