
CCSP問題集PDFは最新 [2024年最新] 究極な学習ガイド
CCSP試験問題集PDFは更新された問題集でしかも合格保証付き
ISC CCSP認定試験では、クラウドデータセキュリティ、クラウドプラットフォーム、インフラストラクチャセキュリティ、クラウドアプリケーションセキュリティ、コンプライアンス、法的、リスク管理など、クラウドセキュリティに関連するさまざまなトピックを対象としています。この試験は、クラウドコンピューティングに関連するセキュリティの課題とベストプラクティスを理解する候補者の能力をテストするように設計されています。認定試験は、クラウドセキュリティの概念、原則、およびベストプラクティスに関する候補者の理解をテストするように設計されています。
質問 # 476
Halon is now illegal to use for data center fire suppression. What is the reason it was outlawed?
- A. It causes undue damage to electronic systems.
- B. It does not adequately suppress fires.
- C. It can harm the environment.
- D. It poses a threat to health and human safety when deployed.
正解:C
質問 # 477
An SLA contains the official requirements for contract performance and satisfaction between the cloud provider and cloud customer.
Which of the following would NOT be a component with measurable metrics and requirements as part of an SLA?
- A. Network
- B. Users
- C. Memory
- D. CPU
正解:B
解説:
Dealing with users or user access would not be an appropriate item for inclusion in an SLA specifically.
However, user access and user experience would be covered indirectly through other metrics.
Memory, CPU, and network resources are all typically included within an SLA for availability and response times when dealing with any incidents.
質問 # 478
A federated identity system is composed of three main components. Which of the following is NOT one of the three main components?
- A. User
- B. Identity provider
- C. Relying party
- D. API
正解:D
質問 # 479
During which stage of the SDLC process should security be consulted and begin its initial involvement?
- A. Testing
- B. Design
- C. Requirement gathering
- D. Development
正解:C
質問 # 480
What is the experimental technology that might lead to the possibility of processing encrypted data without having to decrypt it first?
- A. AES
- B. One-time pads
- C. Homomorphic encryption
- D. Link encryption
正解:C
解説:
AES is an encryption standard. Link encryption is a method for protecting communications traffic. One-time pads are an encryption method.
質問 # 481
Why are PaaS environments at a higher likelihood of suffering backdoor
vulnerabilities?
- A. They are often used for software development.
- B. They have multitenancy.
- C. They rely on virtualization.
- D. They are scalable.
正解:A
質問 # 482
What is the cloud service model in which the customer is responsible for administration of the OS?
- A. PaaS
- B. SaaS
- C. IaaS
- D. QaaS
正解:C
解説:
In IaaS, the cloud provider only owns the hardware and supplies the utilities. The customer is responsible for the OS, programs, and data. In PaaS and SaaS, the provider also owns the OS.
There is no QaaS.
That is a red herring.
質問 # 483
Which of the following is NOT an application or utility to apply and enforce baselines on a system?
- A. Active Directory
- B. GitHub
- C. Puppet
- D. Chef
正解:B
解説:
GitHub is an application for code collaboration, including versioning and branching of code trees. It is not used for applying or maintaining system configurations.
質問 # 484
Which of the following is a file server that provides data access to multiple, heterogeneous machines/users on the network?
- A. Storage area network (SAN)
- B. Content delivery network (CDN)
- C. Network-attached storage (NAS)
- D. Hardware security module (HSM)
正解:C
質問 # 485
What process is used within a clustered system to provide high availability and load balancing?
- A. Dynamic clustering
- B. Dynamic optimization
- C. Dynamic balancing
- D. Dynamic resource scheduling
正解:D
解説:
Dynamic resource scheduling (DRS) is used within all clustering systems as the method for clusters to provide high availability, scaling, management, and workload distribution and balancing of jobs and processes. From a physical infrastructure perspective, DRS is used to balance compute loads between physical hosts in a cloud to maintain the desired thresholds and limits on the physical hosts.
質問 # 486
Which of the following practices can enhance both operational capabilities and configuration management efforts?
Response:
- A. Regular backups
- B. Multifactor authentication
- C. File hashes
- D. Constant uptime
正解:C
質問 # 487
What is a cloud storage architecture that manages the data in a hierarchy of files?
Response:
- A. File-based storage
- B. CDN
- C. Object-based storage
- D. Database
正解:A
質問 # 488
What is the first stage of the cloud data lifecycle where security controls can be implemented?
- A. Store
- B. Use
- C. Share
- D. Create
正解:A
解説:
The "store" phase of the cloud data lifecycle, which typically occurs simultaneously with the
"create" phase, or immediately thereafter, is the first phase where security controls can be implemented. In most case, the manner in which the data is stored will be based on its classification.
質問 # 489
Which of the following contract terms most incentivizes the cloud provider to meet the requirements listed in the SLA?
- A. Regulatory oversight
- B. Desire to maintain customer satisfaction
- C. Financial penalties
- D. Performance details
正解:C
質問 # 490
Which kind of SSAE report comes with a seal of approval from a certified auditor?
Response:
- A. SOC 2
- B. SOC 3
- C. SOC 4
- D. SOC 1
正解:B
質問 # 491
What type of storage structure does object storage employ to maintain files?
- A. Hierarchical
- B. tree
- C. Directory
- D. Flat
正解:D
解説:
Object storage uses a flat file system to hold storage objects; it assigns files a key value that is then used to access them, rather than relying on directories or descriptive filenames. Typical storage layouts such as tree, directory, and hierarchical structures are used within volume storage, whereas object storage maintains a flat structure with key values.
質問 # 492
Your organization is considering a move to a cloud environment and is looking for certifications or audit reports from cloud providers to ensure adequate security controls and processes. Which of the following is NOT a security certification or audit report that would be pertinent?
- A. PCI DSS
- B. SOC Type 2
- C. FedRAMP
- D. FIPS 140-2
正解:D
質問 # 493
You are the security manager for a small retail business involved mainly in direct e- commerce transactions with individual customers (members of the public). The bulk of your market is in Asia, but you do fulfill orders globally.
Your company has its own data center located within its headquarters building in Hong Kong, but it also uses a public cloud environment for contingency backup and archiving purposes. Your company has decided to expand its business to include selling and monitoring life-support equipment for medical providers.
What characteristic do you need to ensure is offered by your cloud provider?
Response:
- A. Prevention of ransomware infections
- B. Full automation of security controls within the cloud data center
- C. Global remote access
- D. Tier 4 of the Uptime Institute certifications
正解:D
質問 # 494
Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?
- A. Sensitive data exposure
- B. Security misconfiguration
- C. Insecure direct object references
- D. Unvalidated redirect and forwards
正解:C
解説:
Explanation/Reference:
Explanation:
An insecure direct object reference occurs when a developer has in their code a reference to something on the application side, such as a database key, the directory structure of the application, configuration information about the hosting system, or any other information that pertains to the workings of the application that should not be exposed to users or the network. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, allowing spoofing for malware of phishing attacks.
Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data. Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner.
質問 # 495
The management plane is used to administer a cloud environment and perform administrative tasks across a variety of systems, but most specifically it's used with the hypervisors. What does the management plane typically leverage for this orchestration?
- A. APIs
- B. TLS
- C. XML
- D. Scripts
正解:A
解説:
The management plane uses APIs to execute remote calls across the cloud environment to various management systems, especially hypervisors. This allows a centralized administrative interface, often a web portal, to orchestrate tasks throughout an enterprise. Scripts may be utilized to execute API calls, but they are not used directly to interact with systems. XML is used for data encoding and transmission, but not for executing remote calls. TLS is used to encrypt communications and may be used with API calls, but it is not the actual process for executing commands.
質問 # 496
Designers making applications for the cloud have to take into consideration risks and operational constraints that did not exist or were not as pronounced in the legacy environment.
Which of the following is an element cloud app designers may have to consider incorporating in software for the cloud that might not have been as important in the legacy environment?
Response:
- A. Encryption for data at rest and in motion
- B. DDoS resistance
- C. Field validation
- D. IAM capability
正解:A
質問 # 497
The share phase of the cloud data lifecycle involves allowing data to leave the application, to be shared with external systems, services, or even other vendors/contractors.
What technology would be useful for protecting data at this point?
- A. IDS
- B. IPS
- C. WAF
- D. DLP
正解:D
解説:
Data loss prevention (DLP) solutions allow for control of data outside of the application or original system.
They can enforce granular control such as printing, copying, and being read by others, as well as forcing expiration of access. Intrusion detection system (IDS) and intrusion prevention system (IPS) solutions are used for detecting and blocking suspicious and malicious traffic, respectively, whereas a web application firewall (WAF) is used for enforcing security or other controls on web- based applications.
質問 # 498
A web application firewall (WAF) can understand and act on ________ traffic.
Response:
- A. SMTP
- B. ICMP
- C. HTTP
- D. Malicious
正解:C
質問 # 499
The management plane is used to administer a cloud environment and perform administrative tasks across a variety of systems, but most specifically it's used with the hypervisors.
What does the management plane typically leverage for this orchestration?
- A. APIs
- B. TLS
- C. XML
- D. Scripts
正解:A
解説:
Explanation
The management plane uses APIs to execute remote calls across the cloud environment to various management systems, especially hypervisors. This allows a centralized administrative interface, often a web portal, to orchestrate tasks throughout an enterprise. Scripts may be utilized to execute API calls, but they are not used directly to interact with systems. XML is used for data encoding and transmission, but not for executing remote calls. TLS is used to encrypt communications and may be used with API calls, but it is not the actual process for executing commands.
質問 # 500
......
あなたを合格させるISC試験にはCCSP試験問題集:https://jp.fast2test.com/CCSP-premium-file.html
CCSP試験問題集でISC練習テスト問題:https://drive.google.com/open?id=1T72lzLdKPltNLzYOKHYgZPdouvVfe2Vx