
[2023年04月]更新のISC CCSP試験基本問題には解答が付きます
2023年最新の実際に出るISC CCSP試験問題集と解答
質問 70
Data masking can be used to provide all of the following functionality, except:
- A. Enforcing least privilege
- B. Authentication of privileged users
- C. test data in sandboxed environments
- D. Secure remote access
正解: B
解説:
Data masking does not support authentication in any way. All the others are excellent use cases for data masking.
質問 71
Which of the following characteristics is associated with digital rights management (DRM) solutions (sometimes referred to as information rights management, or IRM)?
Response:
- A. Persistence
- B. Resistance
- C. Influence
- D. Trepidation
正解: A
質問 72
In which of the following situations does the data owner have to administer the OS?
Response:
- A. PaaS
- B. Offsite archive
- C. SaaS
- D. IaaS
正解: D
質問 73
Which data state would be most likely to use digital signatures as a security protection mechanism?
- A. Data in transit
- B. Archived
- C. Data in use
- D. Data at rest
正解: C
解説:
Explanation
During the data-in-use state, the information has already been accessed from storage and transmitted to the service, so reliance on a technology such as digital signatures is imperative to ensure security and complement the security methods used during previous states. Data in transit relies on technologies such as TLS to encrypt network transmission of packets for security. Data at rest primarily uses encryption for stored file objects.
Archived data would be the same as data at rest.
質問 74
Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders?
- A. Russia
- B. France
- C. Germany
- D. United States
正解: A
解説:
Explanation/Reference:
Explanation:
Signed into law and effective starting on September 1, 2015, Russian Law 526-FZ establishes that any collecting, storing, or processing of personal information or data on Russian citizens must be done from systems and databases that are physically located with the Russian Federation.
質問 75
A user signs on to a cloud-based social media platform. In another browser tab, the user finds an article worth posting to the social media platform. The user clicks on the platform's icon listed on the article's website, and the article is automatically posted to the user's account on the social media platform.
This is an example of what?
Response:
- A. Single sign-on
- B. Identity federation
- C. Insecure direct identifiers
- D. Cross-site scripting
正解: B
質問 76
Which of the following is NOT an application or utility to apply and enforce baselines on a system?
- A. GitHub
- B. Chef
- C. Puppet
- D. Active Directory
正解: A
解説:
Explanation
GitHub is an application for code collaboration, including versioning and branching of code trees. It is not used for applying or maintaining system configurations.
質問 77
Which component of ITIL pertains to planning, coordinating, executing, and validating changes and rollouts to production environments?
- A. Problem management
- B. Release management
- C. Change management
- D. Availability management
正解: B
解説:
Explanation
Release management involves planning, coordinating, executing, and validating changes and rollouts to the production environment. Change management is a higher-level component than release management and also involves stakeholder and management approval, rather than specifically focusing the actual release itself.
Availability management is focused on making sure system resources, processes, personnel, and toolsets are properly allocated and secured to meet SLA requirements. Problem management is focused on identifying and mitigating known problems and deficiencies before they occur.
質問 78
Which data state would be most likely to use TLS as a protection mechanism?
- A. Data in use
- B. Archived
- C. Data in transit
- D. Data at rest
正解: C
解説:
Explanation/Reference:
Explanation:
TLS would be used with data in transit, when packets are exchanged between clients or services and sent across a network. During the data-in-use state, the data is already protected via a technology such as TLS as it is exchanged over the network and then relies on other technologies such as digital signatures for protection while being used. The data-at-rest state primarily uses encryption for stored file objects.
Archived data would be the same as data at rest.
質問 79
Which of the following roles is responsible for preparing systems for the cloud, administering and monitoring services, and managing inventory and assets?
- A. Cloud service business manager
- B. Cloud service deployment manager
- C. Cloud service manager
- D. Cloud service operations manager
正解: D
解説:
Explanation/Reference:
Explanation:
The cloud service operations manager is responsible for preparing systems for the cloud, administering and monitoring services, providing audit data as requested or required, and managing inventory and assets.
質問 80
What are the U.S. State Department controls on technology exports known as?
- A. EAL
- B. DRM
- C. ITAR
- D. EAR
正解: D
解説:
Explanation/Reference:
Explanation:
ITAR is a Department of State program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.
質問 81
The GAPP framework was developed through a joint effort between the major Canadian and American professional accounting associations in order to assist their members with managing and preventing risks to the privacy of their data and customers.
Which of the following is the meaning of GAPP?
- A. Generally accepted privacy principles
- B. General accounting personal privacy
- C. Generally accepted privacy practices
- D. General accounting privacy policies
正解: A
質問 82
Which protocol does the REST API depend on?
- A. HTTP
- B. SAML
- C. SSH
- D. XML
正解: A
解説:
Representational State Transfer (REST) is a software architectural scheme that applies the components, connectors, and data conduits for many web applications used on the Internet. It uses and relies on the HTTP protocol and supports a variety of data formats.
質問 83
Which data state would be most likely to use TLS as a protection mechanism?
- A. Data in use
- B. Archived
- C. Data in transit
- D. Data at rest
正解: C
解説:
Explanation
TLS would be used with data in transit, when packets are exchanged between clients or services and sent across a network. During the data-in-use state, the data is already protected via a technology such as TLS as it is exchanged over the network and then relies on other technologies such as digital signatures for protection while being used. The data-at-rest state primarily uses encryption for stored file objects. Archived data would be the same as data at rest.
質問 84
Which crucial aspect of cloud computing can be most threatened by insecure APIs?
- A. Elasticity
- B. Resource pooling
- C. Redundancy
- D. Automation
正解: D
解説:
Cloud environments depend heavily on API calls for management and automation. Any vulnerability with the APIs can cause significant risk and exposure to all tenants of the cloud environment. Resource pooling and elasticity could both be impacted by insecure APIs, as both require automation and orchestration to operate properly, but automation is the better answer here. Redundancy would not be directly impacted by insecure APIs.
質問 85
DRM solutions should generally include all the following functions, except:
- A. Automatic self-destruct
- B. Persistency
- C. Automatic expiration
- D. Dynamic policy control
正解: A
質問 86
If a key feature of cloud computing that your organization desires is the ability to scale and expand without limit or concern about available resources, which cloud deployment model would you MOST likely be considering?
- A. Public
- B. Private
- C. Hybrid
- D. Community
正解: A
解説:
Explanation
Public clouds, such as AWS and Azure, are massive systems run by major corporations, and they account for a significant share of Internet traffic and services. They are always expanding, offer enormous resources to customers, and are the least likely to run into resource constraints compared to the other deployment models.
Private clouds would likely have the resources available for specific uses and could not be assumed to have a large pool of resources available for expansion. A community cloud would have the same issues as a private cloud, being targeted to similar organizations. A hybrid cloud, because it spans multiple clouds, would not fit the bill either, without the use of individual cloud models.
質問 87
What are the U.S. State Department controls on technology exports known as?
- A. EAL
- B. ITAR
- C. EAR
- D. DRM
正解: B
解説:
Explanation
Explanation:
ITAR is a Department of State program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.
質問 88
Which of the following aspects of the BC/DR process poses a risk to the organization?
Response:
- A. Preplacement of response assets
- B. Budgeting for disaster
- C. Full testing of the plan
- D. Threat intelligence gathering
正解: C
質問 89
What type of storage structure does object storage employ to maintain files?
- A. Hierarchical
- B. Directory
- C. Flat
- D. tree
正解: C
解説:
Object storage uses a flat file system to hold storage objects; it assigns files a key value that is then used to access them, rather than relying on directories or descriptive filenames. Typical storage layouts such as tree, directory, and hierarchical structures are used within volume storage, whereas object storage maintains a flat structure with key values.
質問 90
When data discovery is undertaken, three main approaches or strategies are commonly used to determine what the type of data, its format, and composition are for the purposes of classification.
Which of the following is NOT one of the three main approaches to data discovery?
- A. Hashing
- B. Labels
- C. Content analysis
- D. Metadata
正解: A
解説:
Hashing involves taking a block of data and, through the use of a one-way operation, producing a fixed- size value that can be used for comparison with other data. It is used primarily for protecting data and allowing for rapid comparison when matching data values such as passwords. Labels involve looking for header information or other categorizations of data to determine its type and possible classifications.
Metadata involves looking at information attributes of the data, such as creator, application, type, and so on, in determining classification. Content analysis involves examining the actual data itself for its composition and classification level.
質問 91
Which data sanitation method is also commonly referred to as "zeroing"?
- A. Deleting
- B. Nullification
- C. Blanking
- D. Overwriting
正解: D
解説:
The zeroing of data--or the writing of null values or arbitrary data to ensure deletion has been fully completed--is officially referred to as overwriting. Nullification, deleting, and blanking are provided as distractor terms.
質問 92
What type of segregation and separation of resources is needed within a cloud environment for multitenancy purposes versus a traditional data center model?
- A. Security
- B. Virtual
- C. Logical
- D. Physical
正解: C
解説:
Explanation
Cloud environments lack the ability to physically separate resources like a traditional data center can. To compensate, cloud computing logical segregation concepts are employed. These include VLANs, sandboxing, and the use of virtual network devices such as firewalls.
質問 93
......
合格保証付きのISC Cloud Security CCSP試験問題集:https://jp.fast2test.com/CCSP-premium-file.html
CCSP練習テストエンジンで今すぐ使おう830試験問題:https://drive.google.com/open?id=1HuIQVRHsJX1NRKlLAQ0GB8sQYKn7sfYe