CCSP Practice Test

One of the security challenges of operating in the cloud is that additional controls must be
placed on file storage systems because ____________.
Response:

A.

File stores are always kept in plain text in the cloud

B.

There is no way to sanitize file storage space in the cloud

C.

Virtualization necessarily prevents the use of application-based security controls

D.

Virtual machines are stored as snapshotted files when not in use

Data labels could include all the following, except:
Response:

A.

Source

B.

Delivery vendor

C.

Handling restrictions

D.

Jurisdiction

Which type of report is considered for “general” use and does not contain any
sensitive information?
Response:

A.

SOC 1

B.

SAS-70

C.

SOC 3

D.

SOC 2

Which standards body depends heavily on contributions and input from its open
membership base?
Response:

A.

NIST

B.

ISO

C.

ICANN

D.

CSA

The Open Web Application Security Project (OWASP) Top Ten is a list of web application
security threats that is composed by a member-driven OWASP committee of application
development experts and published approximately every 24 months. The 2013 OWASP
Top Ten list includes “unvalidated redirects and forwards.”
Which of the following is a good way to protect against this problem?
Response:

A.

Don’t use redirects/forwards in your applications.

B.

Refrain from storing credentials long term.

C.

Implement security incident/event monitoring (security information and event
management (SIEM)/security information management (SIM)/security event management
(SEM)) solutions.

D.

Implement digital rights management (DRM) solutions.