
CCSP問題集827問でISC Cloud Securityを確実実践
リアル最新CCSP試験問題CCSP問題集
質問 # 321
The most pragmatic option for data disposal in the cloud is which of the following?
- A. Cryptoshredding
- B. Melting
- C. Overwriting
- D. Cold fusion
正解:A
解説:
We don't have physical ownership, control, or even access to the devices holding the data, so physical destruction, including melting, is not an option. Overwriting is a possibility, but it is complicated by the difficulty of locating all the sectors and storage areas that might have contained our data, and by the likelihood that constant backups in the cloud increase the chance we'll miss something as it's being overwritten. Cryptoshredding is the only reasonable alternative.
Cold fusion is a red herring.
質問 # 322
Which kind of SSAE audit reviews controls dealing with the organization's controls for assuring the confidentiality, integrity, and availability of data?
- A. SOC 1
- B. SOC 4
- C. SOC 3
- D. SOC 2
正解:D
解説:
Explanation
SOC 2 deals with the CIA triad. SOC 1 is for financial reporting. SOC 3 is only an attestation by the auditor.
There is no SOC 4.
質問 # 323
The WS-Security standards are built around all of the following standards except which one?
- A. SAML
- B. WDSL
- C. XML
- D. SOAP
正解:A
解説:
Explanation/Reference:
Explanation:
The WS-Security specifications, as well as the WS-Federation system, are built upon XML, WDSL, and SOAP. SAML is a very similar protocol that is used as an alternative to WS.XML, WDSL, and SOAP are all integral to the WS-Security specifications.
質問 # 324
Which data state would be most likely to use digital signatures as a security protection mechanism?
- A. Data in use
- B. Archived
- C. Data in transit
- D. Data at rest
正解:A
解説:
Explanation
During the data-in-use state, the information has already been accessed from storage and transmitted to the service, so reliance on a technology such as digital signatures is imperative to ensure security and complement the security methods used during previous states. Data in transit relies on technologies such as TLS to encrypt network transmission of packets for security. Data at rest primarily uses encryption for stored file objects.
Archived data would be the same as data at rest.
質問 # 325
Other than cost savings realized due to measured service, what is another facet of cloud computing that will typically save substantial costs in time and money for an organization in the event of a disaster?
- A. Resource pooling
- B. Broad network access
- C. Interoperability
- D. Portability
正解:B
解説:
With a typical BCDR solution, an organization would need some number of staff to quickly travel to the location of the BCDR site to configure systems and applications for recovery. With a cloud environment, everything is done over broad network access, with no need (or even possibility) to travel to a remote site at any time.
質問 # 326
You are working for a cloud service provider and receive an eDiscovery order pertaining to one of your customers.
Which of the following would be the most appropriate action to take first?
- A. Copy the data
- B. Take a shapshot of the virtual machines
- C. Escrow the encryption keys
- D. Notify the customer
正解:D
解説:
Explanation/Reference:
Explanation:
When a cloud service provider receives an eDiscovery order pertaining to one of their customers, the first action they must take is to notify the customer. This allows the customer to be aware of what was received, as well as to conduct a review to determine if any challenges are necessary or warranted. Taking snapshots of virtual machines, copying data, and escrowing encryption keys are all processes involved in the actual collection of data and should not be performed until the customer has been notified of the request.
質問 # 327
From a legal perspective, what is the most important first step after an eDiscovery order has been received by the cloud provider?
- A. Data collection
- B. Key identification
- C. Notification
- D. Virtual image snapshots
正解:C
解説:
Explanation
The contract should include requirements for notification by the cloud provider to the cloud customer upon the receipt of such an order. This serves a few important purposes. First, it keeps communication and trust open between the cloud provider and cloud customers. Second, and more importantly, it allows the cloud customer to potentially challenge the order if they feel they have the grounds or desire to do so.
質問 # 328
With a cloud service category where the cloud customer is provided a full application framework into which to deploy their code and services, which storage types are MOST likely to be available to them?
- A. Structured and unstructured
- B. Volume and database
- C. Structured and hierarchical
- D. Volume and object
正解:A
解説:
The question is describing the Platform as a Service (PaaS) cloud offering, and as such, structured and unstructured storage types will be available to the customer. Volume and object are storage types associated with IaaS, and although the other answers present similar-sounding storage types, they are a mix of real and fake names.
質問 # 329
Which of the following cloud aspects complicates eDiscovery?
- A. On-demand self-service
- B. Multitenancy
- C. Resource pooling
- D. Measured service
正解:B
解説:
Explanation
Explanation:
With multitenancy, eDiscovery becomes more complicated because the data collection involves extra steps to ensure that only those customers or systems that are within scope are turned over to the requesting authority.
質問 # 330
What are the U.S. State Department controls on technology exports known as?
- A. EAL
- B. DRM
- C. EAR
- D. ITAR
正解:D
解説:
Explanation
ITAR is a Department of State program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.
質問 # 331
Which of the following is NOT a regulatory system from the United States federal government?
- A. SOX
- B. PCI DSS
- C. HIPAA
- D. FISMA
正解:B
解説:
Explanation
The payment card industry data security standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry regulatory standard, not a governmental one.
質問 # 332
An audit scope statement defines the limits and outcomes from an audit.
Which of the following would NOT be included as part of an audit scope statement?
- A. Billing
- B. Reports
- C. Exclusions
- D. Certification
正解:A
解説:
Billing for an audit, or other cost-related items, would not be part of an audit scope statement and would instead be handled prior to the actual audit as part of the contract between the organization and auditors.
Reports, exclusions to the scope of the audit, and required certifications on behalf of the systems or auditors are all crucial elements of an audit scope statement.
質問 # 333
What must be secured on physical hardware to prevent unauthorized access to systems?
- A. ALOM
- B. BIOS
- C. SSH
- D. RDP
正解:B
解説:
BIOS is the firmware that governs the physical initiation and boot up of a piece of hardware. If it is compromised, an attacker could have access to hosted systems and make configurations changes to expose or disable some security elements on the system.
質問 # 334
Which cloud storage type uses an opaque value or descriptor to categorize and organize data?
- A. Structured
- B. Object
- C. Volume
- D. Unstructured
正解:D
質問 # 335
Which of the following roles involves the connection and integration of existing systems and services to a cloud environment?
- A. Cloud service business manager
- B. Cloud service administrator
- C. Cloud service integrator
- D. Cloud service user
正解:C
解説:
The cloud service integrator is the official role that involves connecting and integrating existing systems and services with a cloud environment. This may involve moving services into a cloud environment, or connecting to external cloud services and capabilities from traditional data center-hosted services.
質問 # 336
What is a serious complication an organization faces from the perspective of compliance with international operations?
- A. Different capabilities
- B. Multiple jurisdictions
- C. Different operational procedures
- D. Different certifications
正解:B
解説:
Explanation/Reference:
Explanation:
When operating within a global framework, a security professional runs into a multitude of jurisdictions and requirements, and many times they might be in contention with one other or not clearly applicable. These requirements can include the location of the users and the type of data they enter into systems, the laws governing the organization that owns the application and any regulatory requirements they may have, as well as the appropriate laws and regulations for the jurisdiction housing the IT resources and where the data is actually stored, which might be multiple jurisdictions as well.
質問 # 337
Data labels could include all the following, except:
- A. Multifactor authentication
- B. Distribution limitations
- C. Confidentiality level
- D. Access restrictions
正解:A
解説:
All the others might be included in data labels, but multifactor authentication is a procedure used for access control, not a label.
質問 # 338
......
CCSP別格な問題集で最上級の成績にさせるCCSP問題:https://jp.fast2test.com/CCSP-premium-file.html
手に入れよう!最新CCSP認定の有効な試験問題集解答:https://drive.google.com/open?id=1T72lzLdKPltNLzYOKHYgZPdouvVfe2Vx