CCSP exam

Which of the following is NOT one of five principles of SOC Type 2 audits?A . PrivacyB . Processing integrityC . FinancialD . SecurityView AnswerAnswer: C Explanation: The SOC Type 2 audits include five principles: security, privacy, processing integrity, availability, and confidentiality.

Which technique involves replacing values within a specific data field to protect sensitive data?A . AnonymizationB . MaskingC . TokenizationD . ObfuscationView AnswerAnswer: B Explanation: Masking involves replacing specific data within a data set with new values. For example, with credit card fields, as most who have ever purchased anything...

Modern web service systems are designed for high availability and resiliency. Which concept pertains to the ability to detect problems within a system, environment, or application and programmatically invoke redundant systems or processes for mitigation?A . ElasticityB . RedundancyC . Fault toleranceD . AutomationView AnswerAnswer: C Explanation: Fault tolerance allows...

From the perspective of compliance, what is the most important consideration when it comes to data center location?A . Natural disastersB . Utility accessC . JurisdictionD . Personnel accessView AnswerAnswer: C Explanation: Jurisdiction will dictate much of the compliance and audit requirements for a data center. Although all the aspects...

Which of the following threat types can occur when encryption is not properly applied or insecure transport mechanisms are used?A . Security misconfigurationB . Insecure direct object referencesC . Sensitive data exposureD . Unvalidated redirects and forwardsView AnswerAnswer: C Explanation: Sensitive data exposure occurs when information is not properly secured...

From a security perspective, what component of a cloud computing infrastructure represents the biggest concern?A . HypervisorB . Management planeC . Object storageD . EncryptionView AnswerAnswer: B Explanation: The management plane will have broad administrative access to all host systems throughout an environment; as such, it represents the most pressing...

Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?A . InjectionB . Missing function-level access controlC . Cross-site scriptingD . Cross-site request forgeryView...

Data center and operations design traditionally takes a tiered, topological approach. Which of the following standards is focused on that approach and is prevalently used throughout the industry?A . IDCAB . NFPAC . BICSID . Uptime InstituteView AnswerAnswer: D Explanation: The Uptime Institute publishes the most widely known and used...

The SOC Type 2 reports are divided into five principles. Which of the five principles must also be included when auditing any of the other four principles?A . ConfidentialityB . PrivacyC . SecurityD . AvailabilityView AnswerAnswer: C Explanation: Under the SOC guidelines, when any of the four principles other than...

How is an object stored within an object storage system?A . Key valueB . DatabaseC . LDAPD . Tree structureView AnswerAnswer: A Explanation: Object storage uses a flat structure with key values to store and access objects.