CCSP

Which phase of the cloud data lifecycle represents the first instance where security controls can be implemented?A . UseB . ShareC . StoreD . CreateView AnswerAnswer: C Explanation: The store phase occurs immediately after the create phase, and as data is committed to storage structures, the first opportunity for security...

When dealing with PII, which category pertains to those requirements that can carry legal sanctions or penalties for failure to adequately safeguard the data and address compliance requirements?A . ContractualB . JurisdictionalC . RegulatedD . LegalView AnswerAnswer: C Explanation: Regulated PII pertains to data that is outlined in law and...

What type of PII is controlled based on laws and carries legal penalties for noncompliance with requirements?A . ContractualB . RegulatedC . SpecificD . JurisdictionalView AnswerAnswer: B Explanation: Regulated PII involves those requirements put forth by specific laws or regulations, and unlike contractual PII, where a violation can lead to...

Which technology is NOT commonly used for security with data in transit?A . DNSSECB . IPsecC . VPND . HTTPSView AnswerAnswer: A Explanation: DNSSEC relates to the integrity of DNS resolutions and the prevention of spoofing or redirection, and does not pertain to the actual security of transmissions or the...

Which of the following would NOT be considered part of resource pooling with an Infrastructure as a Service implementation?A . StorageB . ApplicationC . MamoryD . CPUView AnswerAnswer: B Explanation: Infrastructure as a Service pools the compute resources for platforms and applications to build upon, including CPU, memory, and storage....

Which data formats are most commonly used with the REST API?A . JSON and SAMLB . XML and SAMLC . XML and JSOND . SAML and HTMLView AnswerAnswer: C Explanation: JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the most commonly used data formats for the Representational State...

Which of the following threat types involves an application that does not validate authorization for portions of itself beyond when the user first enters it?A . Cross-site request forgeryB . Missing function-level access controlC . InjectionD . Cross-site scriptingView AnswerAnswer: B Explanation: It is imperative that applications do checks when...

Which of the following threat types involves the sending of commands or arbitrary data through input fields in an application in an attempt to get that code executed as part of normal processing?A . Cross-site scriptingB . Missing function-level access controlC . InjectionD . Cross-site forgeryView AnswerAnswer: C Explanation: An...

Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?A . FunctionalityB . Programming languagesC . Software platformD . Security requirementsView AnswerAnswer: D Explanation: Security requirements should be incorporated into the software development lifecycle (SDLC) from the earliest requirement gathering stage and...

Although much of the attention given to data security is focused on keeping data private and only accessible by authorized individuals, of equal importance is the trustworthiness of the data. Which concept encapsulates this?A . ValidityB . IntegrityC . AccessibilityD . ConfidentialityView AnswerAnswer: B Explanation: Integrity refers to the trustworthiness...