究極のガイド準備CCSP認証試験ISC Cloud Securityは2024年更新 [Q83-Q102]

Share

究極のガイド準備CCSP認証試験ISC Cloud Securityは2024年更新

リアルCCSP問題集でISC正確なアンサーは最新問題は2024年更新


CCSP認定プログラムは、サイバーセキュリティの分野の主要な組織である国際情報システムセキュリティ認証コンソーシアム(ISC)²によって開発されています。このプログラムは、クラウドベースの環境を確保するために必要な実用的なスキルだけでなく、クラウドセキュリティの概念と原則を包括的に理解することを候補者に提供するように設計されています。この認定は、クラウドセキュリティソリューションの設計、実装、および管理を担当する専門家を対象としています。


ISC CCSP試験に受験資格を得るためには、ITまたは情報セキュリティの分野で最低5年の経験が必要であり、そのうちクラウドコンピューティングの分野で最低3年の経験が必要です。また、クラウドセキュリティの原理、概念、および技術について深い理解を持っている必要があります。


ISC CCSP 資格認定は、クラウドコンピューティングの運用やソリューションに関わる IT プロフェッショナル、セキュリティプロフェッショナル、および幹部に最適です。CCSP 資格を取得することにより、個人はクラウドコンピューティングソリューションのセキュリティに関する専門知識とコミットメントを証明し、キャリアの見通しを向上させ、雇用主にとっての価値を示すことができます。

 

質問 # 83
Which of the following is not one of the defined security controls domains within the Cloud Controls Matrix, published by the Cloud Security Alliance?

  • A. Financial
  • B. Identity and access management
  • C. Human resources
  • D. Mobile security

正解:A


質問 # 84
Which of the following security measures done at the network layer in a traditional data center are also applicable to a cloud environment?

  • A. Direct connections
  • B. Redundant network circuits
  • C. Trust zones
  • D. Dedicated switches

正解:C

解説:
Trust zones can be implemented to separate systems or tiers along logical lines for great security and access controls. Each zone can then have its own security controls and monitoring based on its particular needs.


質問 # 85
From a security perspective, what component of a cloud computing infrastructure represents the biggest concern?

  • A. Object storage
  • B. Management plane
  • C. Hypervisor
  • D. Encryption

正解:B

解説:
The management plane will have broad administrative access to all host systems throughout an environment; as such, it represents the most pressing security concerns. A compromise of the management plane can directly lead to compromises of any other systems within the environment. Although hypervisors represent a significant security concern to an environment because their compromise would expose any virtual systems hosted within them, the management plane is a better choice in this case because it controls multiple hypervisors. Encryption and object storage both represent lower-level security concerns.


質問 # 86
Different security testing methodologies offer different strategies and approaches to testing systems, requiring security personnel to determine the best type to use for their specific circumstances.
What does dynamic application security testing (DAST) NOT entail that SAST does?

  • A. Scanning
  • B. Probing
  • C. Discovery
  • D. Knowledge of the system

正解:D

解説:
Dynamic application security testing (DAST) is considered "black-box" testing and begins with no inside knowledge of the application or its configurations. Everything about it must be discovered during its testing.
As with most types of testing, dynamic application security testing (DAST) involves probing, scanning, and a discovery process for system information.


質問 # 87
Which regulatory system pertains to the protection of healthcare data?

  • A. HAS
  • B. HIPAA
  • C. HITECH
  • D. HFCA

正解:B

解説:
Explanation
The Health Insurance Portability and Accountability Act (HIPAA) sets stringent requirements in the United States for the protection of healthcare records.


質問 # 88
Which of the following would probably best aid an organization in deciding whether to migrate from a legacy environment to a particular cloud provider?
Response:

  • A. The cost/benefit measure of closing the organization's relocation site (hot site/warm site) and using the cloud for disaster recovery instead
  • B. SLA satisfaction surveys from other (current and past) cloud customers
  • C. Rate sheets comparing a cloud provider to other cloud providers
  • D. Cloud provider offers to provide engineering assistance during the migration

正解:B


質問 # 89
Which of the following approaches would NOT be considered sufficient to meet the requirements of secure data destruction within a cloud environment?

  • A. Deletion
  • B. Overwriting
  • C. Zeroing
  • D. Cryptographic erasure

正解:A

解説:
Deletion merely removes the pointers to data on a system; it does nothing to actually remove and sanitize the data. As such, the data remains in a recoverable state, and more secure methods are needed to ensure it has been destroyed and is not recoverable by another party.


質問 # 90
Your new CISO is placing increased importance and focus on regulatory compliance as your applications and systems move into cloud environments.
Which of the following would NOT be a major focus of yours as you develop a project plan to focus on regulatory compliance?

  • A. Data in use
  • B. Data in transit
  • C. Data custodian
  • D. Data at rest

正解:C

解説:
Explanation/Reference:
Explanation:
The jurisdictions where data is being stored, processed, or consumed are the ones that dictate the regulatory frameworks and compliance requirements, regardless of who the data owner or custodian might be. The other concepts for protecting data would all play a prominent role in regulatory compliance with a move to the cloud environment. Each concept needs to be evaluated based on the new configurations as well as any potential changes in jurisdiction or requirements introduced with the move to a cloud.


質問 # 91
Which of the following jurisdictions lacks a comprehensive national policy on data privacy and the protection of personally identifiable information (PII)?

  • A. Asian-Pacific Economic Cooperation
  • B. Russia
  • C. European Union
  • D. United States

正解:D

解説:
The United States has a myriad of regulations focused on specific types of data, such as healthcare and financial, but lacks an overall comprehensive privacy law on the national level.
The European Union, the Asian-Pacific Economic Cooperation, and Russia all have national privacy protections and regulations for the handling the PII data of their citizens.


質問 # 92
Which of the following is not a factor an organization might use in the cost-benefit analysis when deciding whether to migrate to a cloud environment?
Response:

  • A. Branding associated with which cloud provider might be selected
  • B. Shifting from capital expenditures to support IT investment to operational expenditures
  • C. The time savings and efficiencies offered by the cloud service
  • D. Pooled resources in the cloud

正解:A


質問 # 93
A DLP solution/implementation has three main components.
Which of the following is NOT one of the three main components?

  • A. Discovery and classification
  • B. Enforcement
  • C. Monitoring
  • D. Auditing

正解:D

解説:
Explanation
Auditing, which can be supported to varying degrees by DLP solutions, is not a core component of them. Data loss prevention (DLP) solutions have core components of discovery and classification, enforcement, and monitoring. Discovery and classification are concerned with determining which data should be applied to the DLP policies, and then determining its classification level. Monitoring is concerned with the actual watching of data and how it's used through its various stages. Enforcement is the actual application of policies determined from the discovery stage and then triggered during the monitoring stage.


質問 # 94
What is the risk to the organization posed by dashboards that display data discovery results?
Response:

  • A. Raised incidence of physical theft
  • B. Flawed management decisions based on massaged displays
  • C. Increased chance of external penetration
  • D. Higher likelihood of inadvertent disclosure

正解:B


質問 # 95
A cloud data encryption situation where the cloud customer retains control of the encryption keys and the cloud provider only processes and stores the data could be considered a
____________.
Response:

  • A. Hybrid cloud deployment model
  • B. Risk
  • C. Threat
  • D. Case of infringing on the rights of the provider

正解:A


質問 # 96
Maintenance mode requires all of these actions except:

  • A. Initiate enhanced security controls
  • B. Prevent new logins
  • C. Remove all active production instances
  • D. Ensure logging continues

正解:A

解説:
Explanation/Reference:
Explanation:
While the other answers are all steps in moving from normal operations to maintenance mode, we do not necessarily initiate any enhanced security controls.


質問 # 97
Which of the following threat types can occur when encryption is not properly applied or insecure transport mechanisms are used?

  • A. Insecure direct object references
  • B. Sensitive data exposure
  • C. Security misconfiguration
  • D. Unvalidated redirects and forwards

正解:B

解説:
Explanation
Sensitive data exposure occurs when information is not properly secured through encryption and secure transport mechanisms; it can quickly become an easy and broad method for attackers to compromise information. Web applications must enforce strong encryption and security controls on the application side, but secure methods of communications with browsers or other clients used to access the information are also required. Security misconfiguration occurs when applications and systems are not properly configured for security, often a result of misapplied or inadequate baselines. Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, thus allowing spoofing for malware or phishing attacks.


質問 # 98
Which data formats are most commonly used with the REST API?

  • A. SAML and HTML
  • B. JSON and SAML
  • C. XML and SAML
  • D. XML and JSON

正解:D

解説:
Explanation/Reference:
Explanation:
JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the most commonly used data formats for the Representational State Transfer (REST) API, and are typically implemented with caching for increased scalability and performance.


質問 # 99
Which of the following is NOT a regulatory system from the United States federal government?

  • A. SOX
  • B. HIPAA
  • C. FISMA
  • D. PCI DSS

正解:D

解説:
The payment card industry data security standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry regulatory standard, not a governmental one.


質問 # 100
You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
In order to get truly holistic coverage of your environment, you should be sure to include
__________ as a step in the deployment process.
Response:

  • A. Adoption of the tool in all routers between your users and the cloud provider
  • B. All of your customers to install the tool
  • C. Installation of the solution on all assets in the cloud data center
  • D. Getting signed user agreements from all users

正解:D


質問 # 101
Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?

  • A. One week
  • B. One month
  • C. Six months
  • D. One year

正解:C

解説:
SOC Type 2 reports are focused on the same policies and procedures, as well as their effectiveness, as SOC Type 1 reports, but are evaluated over a period of at least six consecutive months, rather than a finite point in time.


質問 # 102
......

ISC Cloud Security CCSP試験練習問題集:https://jp.fast2test.com/CCSP-premium-file.html

CCSPプレミアム資料テストPDFで無料問題集お試しセット:https://drive.google.com/open?id=1T72lzLdKPltNLzYOKHYgZPdouvVfe2Vx


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어