[2024年11月03日] 更新されたCCSP試験PDF問題集にはFast2test合格保証付き [Q77-Q95]

Share

[2024年11月03日] 更新されたCCSP試験PDF問題集にはFast2test合格保証付き

あなたを合格させるISC試験にはCCSP試験問題集

質問 # 77
With software-defined networking, what aspect of networking is abstracted from the forwarding of traffic?

  • A. Filtering
  • B. Routing
  • C. Firewalling
  • D. Session

正解:A

解説:
With software-defined networking (SDN), the filtering of network traffic is separated from the forwarding of network traffic so that it can be independently administered.


質問 # 78
The most pragmatic option for data disposal in the cloud is which of the following?

  • A. Cold fusion
  • B. Overwriting
  • C. Melting
  • D. Cryptoshredding

正解:D

解説:
We don't have physical ownership, control, or even access to the devices holding the data, so physical destruction, including melting, is not an option. Overwriting is a possibility, but it is complicated by the difficulty of locating all the sectors and storage areas that might have contained our data, and by the likelihood that constant backups in the cloud increase the chance we'll miss something as it's being overwritten. Cryptoshredding is the only reasonable alternative. Cold fusion is a red herring.


質問 # 79
Which type of testing tends to produce the best and most comprehensive results for discovering system vulnerabilities?

  • A. Dynamic
  • B. Static
  • C. Pen
  • D. Vulnerability

正解:B


質問 # 80
Which aspect of archiving must be tested regularly for the duration of retention requirements?

  • A. Availability
  • B. Portability
  • C. Auditability
  • D. Recoverability

正解:D

解説:
Explanation
In order for any archiving system to be deemed useful and compliant, regular tests must be performed to ensure the data can still be recovered and accessible, should it ever be needed, for the duration of the retention requirements.


質問 # 81
Which of the following is a commonly used tool for maintaining system configurations?

  • A. Conductor
  • B. Puppet
  • C. Orchestrator
  • D. Maestro

正解:B

解説:
Explanation/Reference:
Explanation:
Puppet is a commonly used tool for maintaining system configurations based on policies, and done so from a centralized authority.


質問 # 82
Which of the following statements best describes a Type 1 hypervisor?

  • A. The hypervisor software runs within an operating system tied to the hardware.
  • B. The hypervisor software runs on top of an application layer.
  • C. The hypervisor software runs directly on "bare metal" without an intermediary.
  • D. The hypervisor software runs as a client on a server and needs an external service to administer it.

正解:C

解説:
With a Type 1 hypervisor, the hypervisor software runs directly on top of the bare-metal system, without any intermediary layer or hosting system. None of these statements describes a Type 1 hypervisor.


質問 # 83
From the perspective of compliance, what is the most important consideration when it comes to data center location?

  • A. Utility access
  • B. Jurisdiction
  • C. Personnel access
  • D. Natural disasters

正解:B

解説:
Jurisdiction will dictate much of the compliance and audit requirements for a data center. Although all the aspects listed are very important to security, from a strict compliance perspective, jurisdiction is the most important. Personnel access, natural disasters, and utility access are all important operational considerations for selecting a data center location, but they are not related to compliance issues like jurisdiction is.


質問 # 84
What concept does the A represent within the DREAD model?

  • A. Affinity
  • B. Authentication
  • C. Affected users
  • D. Authorization

正解:C

解説:
Explanation
The concept of affected users measures the percentage of users who would be impacted by a successful exploit. Scoring ranges from 0, which would impact no users, to 10, which would impact all users. None of the other options provided is the correct term.


質問 # 85
Different security testing methodologies offer different strategies and approaches to testing systems, requiring security personnel to determine the best type to use for their specific circumstances.
What does dynamic application security testing (DAST) NOT entail that SAST does?

  • A. Knowledge of the system
  • B. Scanning
  • C. Discovery
  • D. Probing

正解:A

解説:
Explanation
Dynamic application security testing (DAST) is considered "black-box" testing and begins with no inside knowledge of the application or its configurations. Everything about it must be discovered during its testing.
As with most types of testing, dynamic application security testing (DAST) involves probing, scanning, and a discovery process for system information.


質問 # 86
Which of the following is NOT a component of access control?

  • A. Authentication
  • B. Federation
  • C. Authorization
  • D. Accounting

正解:B

解説:
Explanation
Federation is not a component of access control. Instead, it is used to allow users possessing credentials from other authorities and systems to access services outside of their domain. This allows for access and trust without the need to create additional, local credentials. Access control encompasses not only the key concepts of authorization and authentication, but also accounting. Accounting consists of collecting and maintaining logs for both authentication and authorization for operational and regulatory requirements.


質問 # 87
Which United States law is focused on data related to health records and privacy?

  • A. Safe Harbor
  • B. HIPAA
  • C. GLBA
  • D. SOX

正解:B

解説:
Explanation/Reference:
Explanation:
The Health Insurance Portability and Accountability Act (HIPAA) requires the U.S. Federal Department of Health and Human Services to publish and enforce regulations pertaining to electronic health records and identifiers between patients, providers, and insurance companies. It is focused on the security controls and confidentiality of medical records, rather than the specific technologies used, so long as they meet the requirements of the regulations.


質問 # 88
Designers making applications for the cloud have to take into consideration risks and operational constraints that did not exist or were not as pronounced in the legacy environment.
Which of the following is an element cloud app designers may have to consider incorporating in software for the cloud that might not have been as important in the legacy environment?
Response:

  • A. DDoS resistance
  • B. IAM capability
  • C. Encryption for data at rest and in motion
  • D. Field validation

正解:C


質問 # 89
The European Union is often considered the world leader in regard to the privacy of personal data and has declared privacy to be a "human right." In what year did the EU first assert this principle?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:C

解説:
Explanation
The EU passed Directive 95/46 EC in 1995, which established data privacy as a human right. The other years listed are incorrect.


質問 # 90
What type of PII is controlled based on laws and carries legal penalties for noncompliance with requirements?

  • A. Regulated
  • B. Contractual
  • C. Specific
  • D. Jurisdictional

正解:A

解説:
Explanation
Regulated PII involves those requirements put forth by specific laws or regulations, and unlike contractual PII, where a violation can lead to contractual penalties, a violation of regulated PII can lead to fines or even criminal charges in some jurisdictions. PII regulations can depend on either the jurisdiction that applies to the hosting location or application or specific legislation based on the industry or type of data used.


質問 # 91
Without the extensive funds of a large corporation, a small-sized company could gain considerable and cost-effective services for which of the following concepts by moving to a cloud environment?

  • A. Development
  • B. Security
  • C. Testing
  • D. Regulatory

正解:B

解説:
Cloud environments, regardless of the specific deployment model used, have extensive and robust security controls in place, especially in regard to physical and infrastructure security. A small company can leverage the extensive security controls and monitoring provided by a cloud provider, which they would unlikely ever be able to afford on their own. Moving to a cloud would not result in any gains for development and testing because these areas require the same rigor regardless of where deployment and hosting occur. Regulatory compliance in a cloud would not be a gain for an organization because it would likely result in additional oversight and auditing as well as require the organization to adapt to a new environment.


質問 # 92
All of these are methods of data discovery, except:

  • A. Content-based
  • B. Metadata-based
  • C. User-based
  • D. Label-based

正解:C

解説:
All the others are valid methods of data discovery; user-based is a red herring with no meaning.


質問 # 93
Which of the following terms is not associated with cloud forensics?

  • A. eDiscovery
  • B. Analysis
  • C. Chain of custody
  • D. Plausibility

正解:D

解説:
Explanation
Explanation:
Plausibility, here, is a distractor and not specifically relevant to cloud forensics.


質問 # 94
Every security program and process should have which of the following?

  • A. Multifactor authentication
  • B. Homomorphic encryption
  • C. Foundational policy
  • D. Severe penalties

正解:C

解説:
Explanation
Policy drives all programs and functions in the organization; the organization should not conduct any operations that don't have a policy governing them. Penalties may or may not be an element of policy, and severity depends on the topic. Multifactor authentication and homomorphic encryption are red herrings here.


質問 # 95
......

最新でリアルなCCSP試験問題集解答:https://jp.fast2test.com/CCSP-premium-file.html

CCSP試験問題集でISC練習テスト問題:https://drive.google.com/open?id=1dT1IAXnAkyeoXSiDYaU2Ti4mGMLNfO8N


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어