ISC2 CCSP Exam Practice Test Instant Access

Question 1

Which of the following is not a risk management framework?

ACOBIT

BHex GBL

CISO 31000:2009

DNIST SP 800-37

Answer : B

Hex GBL is a reference to a computer part in Terry Pratchett's fictional Discworld universe. The rest are not.

Question 2

Which of the following is the best example of a key component of regulated PII?

AAudit rights of subcontractors

BItems that should be implemented

CPCI DSS

DMandatory breach reporting

Answer : D

Mandatory breach reporting is the best example of regulated PII components. The rest are generally considered components of contractual PII.

Question 3

Which of the following is a valid risk management metric?

AKPI

BKRI

CSOC

DSLA

Answer : B

KRI stands for key risk indicator. KRIs are the red flags if you will in the world of risk management. When these change, they indicate something is amiss and should be looked at quickly to determine if the change is minor or indicative of something important.

Question 4

What is the Cloud Security Alliance Cloud Controls Matrix (CCM)?

AA set of software development life cycle requirements for cloud service providers

BAn inventory of cloud services security controls that are arranged into a hierarchy of security domains

CAn inventory of cloud service security controls that are arranged into separate security domains

DA set of regulatory requirements for cloud service providers

Answer : C

The CSA CCM is an inventory of cloud service security controls that are arranged into separate security domains, not a hierarchy.

Question 5

Which of the following is the least challenging with regard to eDiscovery in the cloud?

AIdentifying roles such as data owner, controller and processor

BDecentralization of data storage

CForensic analysis

DComplexities of International law

Answer : C

Forensic analysis is the least challenging of the answers provided as it refers to the analysis of data once it is obtained. The challenges revolve around obtaining the data for analysis due to the complexities of international law, the decentralization of data storage or difficulty knowing where to look, and identifying the data owner, controller, and processor.

Question 6

As a result of scandals involving publicly traded corporations such as Enron, WorldCom, and Adelphi, Congress passed legislation known as:

ASOX

BHIPAA

CFERPA

DGLBA

Answer : A

Sarbanes-Oxley was a direct response to corporate scandals. FERPA is related to education. GLBA is about the financial industry. HIPAA is about health care.

Question 7

The cloud customer's trust in the cloud provider can be enhanced by all of the following except:

ASLAs

BShared administration

CAudits

Dreal-time video surveillance

Answer : D

Video surveillance will not provide meaningful information and will not enhance trust. All the others will do it.

ISC2 CCSP Certified Cloud Security Professional Exam Practice Test