ISC2 CCSP Exam Practice Test Instant Access

Question 1

Which of the following is not a risk management framework?

ACOBIT

BHex GBL

CISO 31000:2009

DNIST SP 800-37

Answer : B

Hex GBL is a reference to a computer part in Terry Pratchett's fictional Discworld universe. The rest are not.

Question 2

Which of the following is the best example of a key component of regulated PII?

AAudit rights of subcontractors

BItems that should be implemented

CPCI DSS

DMandatory breach reporting

Answer : D

Mandatory breach reporting is the best example of regulated PII components. The rest are generally considered components of contractual PII.

Question 3

Which of the following is a valid risk management metric?

AKPI

BKRI

CSOC

DSLA

Answer : B

KRI stands for key risk indicator. KRIs are the red flags if you will in the world of risk management. When these change, they indicate something is amiss and should be looked at quickly to determine if the change is minor or indicative of something important.

Question 4

What is the Cloud Security Alliance Cloud Controls Matrix (CCM)?

AA set of software development life cycle requirements for cloud service providers

BAn inventory of cloud services security controls that are arranged into a hierarchy of security domains

CAn inventory of cloud service security controls that are arranged into separate security domains

DA set of regulatory requirements for cloud service providers

Answer : C

The CSA CCM is an inventory of cloud service security controls that are arranged into separate security domains, not a hierarchy.

Question 5

Which of the following is the least challenging with regard to eDiscovery in the cloud?

AIdentifying roles such as data owner, controller and processor

BDecentralization of data storage

CForensic analysis

DComplexities of International law

Answer : C

Forensic analysis is the least challenging of the answers provided as it refers to the analysis of data once it is obtained. The challenges revolve around obtaining the data for analysis due to the complexities of international law, the decentralization of data storage or difficulty knowing where to look, and identifying the data owner, controller, and processor.

Question 6

A UPS should have enough power to last how long?

AOne day

B12 hours

CLong enough for graceful shutdown

D10 minutes

Answer : C

Question 7

Which of the following best describes the Organizational Normative Framework (ONF)?

AA set of application security, and best practices, catalogued and leveraged by the organization

BA container for components of an application's security, best practices catalogued and leveraged by the organization

CA framework of containers for some of the components of application security, best practices, catalogued and leveraged by the organization

DA framework of containers for all components of application security, best practices, catalogued and leveraged by the organization.

Answer : D

Option B is incorrect, because it refers to a specific applications security elements, meaning it is about an ANF, not the ONF. C is true, but not as complete as D, making D the better choice. C suggests that the framework contains only ''some'' of the components, which is why B (which describes ''all'' components) is better

ISC2 Certified Cloud Security Professional Exam Practice Test