ISC2 CCSP Exam Practice Test Instant Access

Question 1

Which of the following best describes SAML?

AA standard used for directory synchronization

BA standard for developing secure application management logistics

CA standard for exchanging usernames and passwords across devices.

DA standards for exchanging authentication and authorization data between security domains.

Answer : D

Question 2

Which of the following best describes the purpose and scope of ISO/IEC 27034-1?

ADescribes international privacy standards for cloud computing

BServes as a newer replacement for NIST 800-52 r4

CProvides on overview of network and infrastructure security designed to secure cloud applications.

DProvides an overview of application security that introduces definitive concepts, principles, and processes involved in application security.

Answer : D

Question 3

A UPS should have enough power to last how long?

AOne day

B12 hours

CLong enough for graceful shutdown

D10 minutes

Answer : C

Question 4

Which of the following best describes the Organizational Normative Framework (ONF)?

AA set of application security, and best practices, catalogued and leveraged by the organization

BA container for components of an application's security, best practices catalogued and leveraged by the organization

CA framework of containers for some of the components of application security, best practices, catalogued and leveraged by the organization

DA framework of containers for all components of application security, best practices, catalogued and leveraged by the organization.

Answer : D

Option B is incorrect, because it refers to a specific applications security elements, meaning it is about an ANF, not the ONF. C is true, but not as complete as D, making D the better choice. C suggests that the framework contains only ''some'' of the components, which is why B (which describes ''all'' components) is better

Question 5

Deviations from the baseline should be investigated and __________________.

ARevealed

BDocumented

CEncouraged

DEnforced

Answer : B

All deviations from the baseline should be documented, including details of the investigation and outcome. We do not enforce or encourage deviations. Presumably, we would already be aware of the deviation, so ''revealing'' is not a reasonable answer.

Question 6

The application normative framework is best described as which of the following?

AA superset of the ONF

BA stand-alone framework for storing security practices for the ONF

CThe complete ONF

DA subnet of the ONF

Answer : D

Remember, there is a one-to-many ratio of ONF to ANF; each organization has one ONF and many ANFs (one for each application in the organization). Therefore, the ANF is a subset of the ONF.

Question 7

In addition to whatever audit results the provider shares with the customer, what other mechanism does the customer have to ensure trust in the provider's performance and duties?

AHIPAA

BThe contract

CStatutes

DSecurity control matrix

Answer : B

The contract between the provider and customer enhances the customer's trust by holding the provider financially liable for negligence or inadequate service (although the customer remains legally liable for all inadvertent disclosures). Statutes, however, largely leave customers liable. The security control matrix is a tool for ensuring compliance with regulations. HIPAA is a statute.

ISC2 CCSP Certified Cloud Security Professional Exam Practice Test