Grab latest ISC CCSP Dumps as PDF Updated on 2021 [Q151-Q172]

Grab latest ISC CCSP Dumps as PDF Updated on 2021

Newly Released CCSP Dumps for ISC Cloud Security Certified

How to book the CCSP Exam

These are following steps for registering the ISC CCSP exam. Step 1: Visit to Pearson VUE Exam Registration Step 2: Signup/Login to Pearson VUE account Step 3: Search for ISC CCSP Exam Certifications Exam Step 4: Select Date, time and confirm with payment method

 

NEW QUESTION 151
What expectation of data custodians is made much more challenging by a cloud implementation, especially with PaaS or SaaS?

• A. Access to data
• B. Data classification
• C. Knowledge of systems
• D. Encryption requirements

Answer: C

Explanation:
Explanation
Under the Federal Rules of Civil Procedure, data custodians are assumed and expected to have full and comprehensive knowledge of the internal design and architecture of their systems. In a cloud environment, especially with PaaS and SaaS, it is impossible for the data custodian to have this knowledge because those systems are controlled by the cloud provider and protected as proprietary knowledge.

 

NEW QUESTION 152
Which ISO/IEC standards set documents the cloud definitions for staffing and official roles?
Response:

• A. ISO/IEC 27040
• B. ISO/IEC 17788
• C. ISO/IEC 27001
• D. ISO/IEC 17789

Answer: B

 

NEW QUESTION 153
Many aspects of cloud computing bring enormous benefits over a traditional data center, but also introduce new challenges unique to cloud computing.
Which of the following aspects of cloud computing makes appropriate data classification of high importance?

• A. Interoperability
• B. Multitenancy
• C. Reversibility
• D. Portability

Answer: B

Explanation:
Explanation
With multitenancy, where different cloud customers all share the same physical systems and networks, data classification becomes even more important to ensure that the appropriate security controls are applied immediately to prevent any potential leakage or exposure to other customers. Portability refers to the ability to move easily from one cloud provider to another. Interoperability refers to the ability to reuse components and services for different uses. Reversibility refers to the ability of the cloud customer to quickly and completely remove all data and services from a cloud provider and to verify the removal.

 

NEW QUESTION 154
What are the U.S. State Department controls on technology exports known as?

• A. DRM
• B. ITAR
• C. EAL
• D. EAR

Answer: B

Explanation:
ITAR is a Department of State program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.

 

NEW QUESTION 155
What sort of legal enforcement may the Payment Card Industry (PCI) Security Standards Council not bring to bear against organizations that fail to comply with the Payment Card Industry Data Security Standard (PCI DSS)?
Response:

• A. Fines
• B. Jail time
• C. Subject to increased audit frequency and scope
• D. Suspension of credit card processing privileges

Answer: B

 

NEW QUESTION 156
What is the biggest benefit to leasing space in a data center versus building or maintain your own?

• A. Control
• B. Costs
• C. Certification
• D. Regulation

Answer: B

Explanation:
Explanation
When leasing space in a data center, an organization can avoid the enormous startup and building costs associated with a data center, and can instead leverage economies of scale by grouping with other organizations and sharing costs.

 

NEW QUESTION 157
Where is a DLP solution generally installed when utilized for monitoring data in use?

• A. User's client
• B. Database server
• C. Application server
• D. Network perimeter

Answer: A

Explanation:
To monitor data in use, the DLP solution's optimal location would be on the user's client or workstation, where the data would be used or processed, and where it would be most vulnerable to access or exposure. The network perimeter is most appropriate for data in transit, and an application server would serve as middle stage between data at rest and data in use, but is a less correct answer than a user's client. A database server would be an example of a location appropriate for monitoring data at rest.

 

NEW QUESTION 158
Which cloud service category brings with it the most expensive startup costs, but also the lowest costs for ongoing support and maintenance staff?
Response:

• A. IaaS
• B. DaaS
• C. SaaS
• D. PaaS

Answer: C

 

NEW QUESTION 159
Which concept pertains to cloud customers paying only for the resources they use and consume, and only for the duration they are using them?
Response:

• A. Elasticity
• B. Measured service
• C. Portability
• D. Auto-scaling

Answer: B

 

NEW QUESTION 160
If a company needed to guarantee through contract and SLAs that a cloud provider would always have available sufficient resources to start their services and provide a certain level of provisioning, what would the contract need to refer to?

• A. Reservation
• B. Limit
• C. Assurance
• D. Guarantee

Answer: A

Explanation:
A reservation guarantees to a cloud customer that they will have access to a minimal level of resources to run their systems, which will help mitigate against DoS attacks or systems that consume high levels of resources.
A limit refers to the enforcement of a maximum level of resources that can be consumed by or allocated to a cloud customer, service, or system. Both guarantee and assurance are terms that sound similar to reservation, but they are not correct choices.

 

NEW QUESTION 161
Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight.
Which of the following is not a regulatory framework for more sensitive or specialized data?

• A. FIPS 140-2
• B. HIPAA
• C. FedRAMP
• D. PCI DSS

Answer: A

Explanation:
The FIPS 140-2 standard pertains to the certification of cryptographic modules and is not a regulatory framework. The Payment Card Industry Data Security Standard (PCI DSS), the Federal Risk and Authorization Management Program (FedRAMP), and the Health Insurance Portability and Accountability Act (HIPAA) are all regulatory frameworks for sensitive or specialized data.

 

NEW QUESTION 162
Aside from the fact that the cloud customer probably cannot locate/reach the physical storage assets of the cloud provider, and that wiping an entire storage space would impact other customers, why would degaussing probably not be an effective means of secure sanitization in the cloud?
Response:

• A. Federal law prohibits it in the United States.
• B. All the data storage space in the cloud is already gaussed.
• C. The blast radius is too wide.
• D. Cloud data storage may not be affected by degaussing.

Answer: D

 

NEW QUESTION 163
Which of the cloud deployment models offers the most control and input to the cloud customer as to how the overall cloud environment is implemented and configured?

• A. Private
• B. Public
• C. Community
• D. Hybrid

Answer: A

Explanation:
A private cloud model, and the specific contractual relationships involved, will give a cloud customer the most level of input and control over how the overall cloud environment is designed and implemented. This would be even more so in cases where the private cloud is owned and operated by the same organization that is hosting services within it.

 

NEW QUESTION 164
You are the security manager for a company that is considering cloud migration to an IaaS environment. You are assisting your company's IT architects in constructing the environment.
Which of the following options do you recommend?

• A. Unrestricted public access
• B. Enhanced productivity without encryption
• C. Use of a Type II hypervisor
• D. Use of a Type I hypervisor

Answer: D

 

NEW QUESTION 165
Which of the following attempts to establish an international standard for eDiscovery processes and best practices?

• A. ISO/IEC 27050
• B. ISO/IEC 27001
• C. ISO/IEC 31000
• D. ISO/IEC 19888

Answer: A

Explanation:
ISO/IEC 27050 strives to establish an internationally accepted standard for eDiscovery processes and best practices. It encompasses all steps of the eDiscovery process: identification, preservation, collection, processing, review, analysis, and the final production of the requested data.

 

NEW QUESTION 166
Which of the following is NOT an application or utility to apply and enforce baselines on a system?

• A. GitHub
• B. Chef
• C. Puppet
• D. Active Directory

Answer: A

Explanation:
GitHub is an application for code collaboration, including versioning and branching of code trees. It is not used for applying or maintaining system configurations.

 

NEW QUESTION 167
Which of the following best describes the purpose and scope of ISO/IEC 27034-1?

• A. Provides an overview of application security that introduces definitive concepts, principles, and processes involved in application security.
• B. Provides on overview of network and infrastructure security designed to secure cloud applications.
• C. Serves as a newer replacement for NIST 800-52 r4
• D. Describes international privacy standards for cloud computing

Answer: A

 

NEW QUESTION 168
Which of the following threats from the OWASP Top Ten is the most difficult for an organization to protect against?
Response:

• A. Account hijacking
• B. Malicious insiders
• C. Denial of service
• D. Advanced persistent threats

Answer: B

 

NEW QUESTION 169
What is an often overlooked concept that is essential to protecting the confidentiality of data?

• A. Training
• B. Policies
• C. Security controls
• D. Strong password

Answer: A

Explanation:
While the main focus of confidentiality revolves around technological requirements or particular security methods, an important and often overlooked aspect of safeguarding data confidentiality is appropriate and comprehensive training for those with access to it. Training should be focused on the safe handling of sensitive information overall, including best practices for network activities as well as physical security of the devices or workstations used to access the application.

 

NEW QUESTION 170
An audit scope statement defines the limits and outcomes from an audit.
Which of the following would NOT be included as part of an audit scope statement?

• A. Billing
• B. Certification
• C. Exclusions
• D. Reports

Answer: A

Explanation:
Explanation/Reference:
Explanation:
Billing for an audit, or other cost-related items, would not be part of an audit scope statement and would instead be handled prior to the actual audit as part of the contract between the organization and auditors.
Reports, exclusions to the scope of the audit, and required certifications on behalf of the systems or auditors are all crucial elements of an audit scope statement.

 

NEW QUESTION 171
Managed cloud services exist because the service is less expensive for each customer than creating the same services for themselves in a legacy environment. Using a managed service allows the customer to realize significant cost savings through the reduction of ____________.
Response:

• A. Security controls
• B. Data
• C. Risk
• D. Personnel

Answer: D

 

NEW QUESTION 172
......

Latest CCSP Exam Dumps ISC Exam from Training: https://www.dumpsking.com/CCSP-testking-dumps.html

Updated Verified CCSP dumps Q&As - 100% Pass: https://drive.google.com/open?id=1qkigRrJO5Sqwre-ny6T_mbcKeR_CCXvg