CCSP Practice Test

Which Common Criteria Evaluation Assurance Level (EAL) is granted to those
products that are formally verified in terms of design and tested by an independent
third party?

A.

1

B.

3

C.

5

D.

7

Which of the following best describes data masking?
Response:

A.

A method where the last few numbers in a dataset are not obscured. These are often
used for authentication.

B.

A method for creating similar but inauthentic datasets used for software testing and user
training.

C.

A method used to protect prying eyes from data such as social security numbers and
credit card data.

D.

Data masking involves stripping out all similar digits in a string of numbers so as to
obscure the original number.

The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common
threats to organizations participating in cloud computing.
According to the CSA, what is one reason the threat of insecure interfaces and APIs
is so prevalent in cloud computing?
Response:

A.

Most of the cloud customer’s interaction with resources will be performed through APIs.

B.

APIs are inherently insecure.

C.

Attackers have already published vulnerabilities for all known APIs.

D.

APIs are known carcinogens.

You are the security policy lead for your organization, which is considering
migrating from your on-premises, legacy environment into the cloud. You are
reviewing the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a tool for
your organization.
Which of the following benefits will the CSA CCM offer your organization?Response:

A.

Simplifying regulatory compliance

B.

Collecting multiple data streams from your log files

C.

Ensuring that the baseline configuration is applied to all systems

D.

Enforcing contract terms between your organization and the cloud provider

SOX was enacted because of which of the following?
Response:

A.

Poor BOD oversight

B.

Lack of independent audits

C.

Poor financial controls

D.

All of the above