CCSP exam

Three central concepts define what type of data and information an organization is responsible for pertaining to eDiscovery. Which of the following are the three components that comprise required disclosure?A . Possession, ownership, controlB . Ownership, use, creationC . Control, custody, useD . Possession, custody, controlView AnswerAnswer: D Explanation: Data...

Which of the cloud cross-cutting aspects relates to the requirements placed on a system or application by law, policy, or requirements from standards?A . regulatory requirementsB . AuditabilityC . Service-level agreementsD . GovernanceView AnswerAnswer: A Explanation: Regulatory requirements are those imposed upon businesses and their operations either by law, regulation,...

Which is the appropriate phase of the cloud data lifecycle for determining the data's classification?A . CreateB . UseC . ShareD . StoreView AnswerAnswer: A Explanation: Any time data is created, modified, or imported, the classification needs to be evaluated and set from the earliest phase to ensure security is...

With a cloud service category where the cloud customer is provided a full application framework into which to deploy their code and services, which storage types are MOST likely to be available to them?A . Structured and unstructuredB . Structured and hierarchicalC . Volume and databaseD . Volume and objectView...

Where is a DLP solution generally installed when utilized for monitoring data in use?A . Application serverB . Database serverC . Network perimeterD . User’s clientView AnswerAnswer: D Explanation: To monitor data in use, the DLP solution's optimal location would be on the user's client or workstation, where the data...

Which of the following is NOT a regulatory system from the United States federal government?A . PCI DSSB . FISMAC . SOXD . HIPAAView AnswerAnswer: A Explanation: The payment card industry data security standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry regulatory standard,...

Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?A . Data center securityB . Human resourcesC . Mobile securityD . Budgetary and cost controlsView AnswerAnswer: D Explanation: Budgetary and cost controls is not one of the domains outlined in the CCM.

What process is used within a clustered system to provide high availability and load balancing?A . Dynamic balancingB . Dynamic clusteringC . Dynamic optimizationD . Dynamic resource schedulingView AnswerAnswer: D Explanation: Dynamic resource scheduling (DRS) is used within all clustering systems as the method for clusters to provide high availability,...

Which of the following is NOT something that an HIDS will monitor?A . ConfigurationsB . User loginsC . Critical system filesD . Network trafficView AnswerAnswer: B Explanation: A host intrusion detection system (HIDS) monitors network traffic as well as critical system files and configurations.

What is a serious complication an organization faces from the compliance perspective with international operations?A . Multiple jurisdictionsB . Different certificationsC . Different operational proceduresD . Different capabilitiesView AnswerAnswer: A Explanation: When operating within a global framework, a security professional runs into a multitude of jurisdictions and requirements, which often...