Dumps4free
Discount Offer
Go Back on CCSP Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99



Pass exam with Dumps4free or we will provide you with three additional months of access for FREE.

CCSP Practice Test

Whether you're a beginner or brushing up on skills, our CCSP practice exam is your key to success. Our comprehensive question bank covers all key topics, ensuring you’re fully prepared.


Page 26 out of 103 Pages

Topic 2, Exam Pool B

Your organization is considering a move to a cloud environment and is looking for
certifications or audit reports from cloud providers to ensure adequate security controls and
processes.
Which of the following is NOT a security certification or audit report that would be
pertinent?
Response:


A.

FedRAMP


B.

PCI DSS


C.

FIPS 140-2


D.

SOC Type 2





C.   

FIPS 140-2



You are a consultant performing an external security review on a large manufacturing firm.
You determine that its newest assembly plant, which cost $24 million, could be completely
destroyed by a fire but that a fire suppression system could effectively protect the plant.
The fire suppression system costs $15 million. An insurance policy that would cover the full
replacement cost of the plant costs $1 million per month.
In order to establish the true annualized loss expectancy (ALE), you would need all of the
following information except ____________.
Response:


A.

The amount of revenue generated by the plant


B.

The rate at which the plant generates revenue


C.

The length of time it would take to rebuild the plant


D.

The amount of product the plant creates





D.   

The amount of product the plant creates



Designers making applications for the cloud have to take into consideration risks and
operational constraints that did not exist or were not as pronounced in the legacy
environment.
Which of the following is an element cloud app designers may have to consider
incorporating in software for the cloud that might not have been as important in the legacy
environment?
Response:


A.

IAM capability


B.

DDoS resistance


C.

Encryption for data at rest and in motion


D.

Field validation





C.   

Encryption for data at rest and in motion



The Open Web Application Security Project (OWASP) Top Ten is a list of web application
security threats that is composed by a member-driven OWASP committee of application
development experts and published approximately every 24 months. The 2013 OWASP
Top Ten list includes “using components with known vulnerabilities.”
Why would an organization ever use components with known vulnerabilities to create
software?
Response:


A.

The organization is insured.


B.

The particular vulnerabilities only exist in a context not being used by developers.


C.

Some vulnerabilities only exist in foreign countries.


D.

A component might have a hidden vulnerability.





B.   

The particular vulnerabilities only exist in a context not being used by developers.



Which type of threat is often used in conjunction with phishing attempts and is often viewed
as greatly increasing the likeliness of success?
Response:


A.

Unvalidated redirects and forwards


B.

Cross-site request forgery


C.

Cross-site scripting


D.

Insecure direct object references





A.   

Unvalidated redirects and forwards




Page 26 out of 103 Pages
Previous