Certified Cloud Security Professional (CCSP) v1.0 (CCSP)

Page:    1 / 35   
Total 512 questions

Which of the following are the storage types associated with IaaS?

  • A. Volume and object
  • B. Volume and label
  • C. Volume and container
  • D. Object and target

Answer : A

Which technology can be useful during the "share" phase of the cloud data lifecycle to continue to protect data as it leaves the original system and security controls?

  • A. IPS
  • B. WAF
  • C. DLP
  • D. IDS

Answer : C

Data loss prevention (DLP) can be applied to data that is leaving the security enclave to continue to enforce access restrictions and policies on other clients and systems.

Which of the following storage types is most closely associated with a traditional file system and tree structure?

  • A. Volume
  • B. Unstructured
  • C. Object
  • D. Structured

Answer : A

Volume storage works as a virtual hard drive that is attached to a virtual machine. The operating system sees the volume the same as how a traditional drive on a physical server would be seen.

Which of the following represents a prioritization of applications or cloud customers for the allocation of additional requested resources when there is a limitation on available resources?

  • A. Provision
  • B. Limit
  • C. Reservation
  • D. Share

Answer : D

The concept of shares within a cloud environment is used to mitigate and control the request for resource allocations from customers that the environment may not have the current capability to allow. Shares work by prioritizing hosts within a cloud environment through a weighting system that is defined by the cloud provider. When periods of high utilization and allocation are reached, the system automatically uses scoring of each host based on its share value to determine which hosts get access to the limited resources still available. The higher the value a particular host has, the more resources it will be allowed to utilize.

Which type of audit report does many cloud providers use to instill confidence in their policies, practices, and procedures to current and potential customers?

  • A. SAS-70
  • B. SOC 2
  • C. SOC 1
  • D. SOX

Answer : B

One approach that many cloud providers opt to take is to undergo a SOC 2 audit and make the report available to cloud customers and potential cloud customers as a way of providing security confidence without having to open their systems or sensitive information to the masses.

Which of the following statements accurately describes VLANs?

  • A. They are not restricted to the same data center or the same racks.
  • B. They are not restricted to the name rack but restricted to the same data center.
  • C. They are restricted to the same racks and data centers.
  • D. They are not restricted to the same rack but restricted to same switches.

Answer : A

A virtual area network (VLAN) can span any networks within a data center, or it can span across different physical locations and data centers.

What must be secured on physical hardware to prevent unauthorized access to systems?

  • A. BIOS
  • B. SSH
  • C. RDP
  • D. ALOM

Answer : A

BIOS is the firmware that governs the physical initiation and boot up of a piece of hardware. If it is compromised, an attacker could have access to hosted systems and make configurations changes to expose or disable some security elements on the system.

What type of PII is regulated based on the type of application or per the conditions of the specific hosting agreement?

  • A. Specific
  • B. Contractual
  • C. regulated
  • D. Jurisdictional

Answer : B

Contractual PII has specific requirements for the handling of sensitive and personal information, as defined at a contractual level. These specific requirements will typically document the required handling procedures and policies to deal with PII. They may be in specific security controls and configurations, required policies or procedures, or limitations on who may gain authorized access to data and systems.

Which of the following security technologies is commonly used to give administrators access into trust zones within an environment?

  • A. VPN
  • B. WAF
  • C. IPSec
  • D. HTTPS

Answer : A

Virtual private networks (VPNs) are commonly used to allow access into trust zones. Via a VPN, access can be controlled and logged and only allowed through secure channels by authorized users. It also adds an additional layer of encryption and protection to communications.

Which concept BEST describes the capability for a cloud environment to automatically scale a system or application, based on its current resource demands?

  • A. On-demand self-service
  • B. Resource pooling
  • C. Measured service
  • D. Rapid elasticity

Answer : D

Rapid elasticity allows a cloud environment to automatically add or remove resources to or from a system or application based on its current demands. Whereas a traditional data center model would require standby hardware and substantial effort to add resources in response to load increases, a cloud environment can easily and rapidly expand to meet resources demands, so long as the application is properly implemented for it.

If you're using iSCSI in a cloud environment, what must come from an external protocol or application?

  • A. Kerberos support
  • B. CHAP support
  • C. Authentication
  • D. Encryption

Answer : D

iSCSI does not natively support encryption, so another technology such as IPsec must be used to encrypt communications.

Which of the following pertains to a macro level approach to data center design rather than the traditional tiered approach to data centers?

  • A. IDCA
  • B. NFPA
  • C. BICSI
  • D. Uptime Institute

Answer : A

The standards put out by the International Data Center Authority (IDCA) have established the Infinity Paradigm, which is intended to be a comprehensive data center design and operations framework. The Infinity Paradigm shifts away from many models that rely on tiered architecture for data centers, where each successive tier increases redundancy. Instead, it emphasizes data centers being approached at a macro level, without a specific and isolated focus on certain aspects to achieve tier status.

What does the REST API support that SOAP does NOT support?

  • A. Caching
  • B. Encryption
  • C. Acceleration
  • D. Redundancy

Answer : A

The SOAP protocol does not support caching, whereas the REST API does.

Why does a Type 1 hypervisor typically offer tighter security controls than a Type 2 hypervisor?

  • A. A Type 1 hypervisor also controls patching of its hosted virtual machines ensure they are always secure.
  • B. A Type 1 hypervisor is tied directly to the bare metal and only runs with code necessary to perform its specific mission.
  • C. A Type 1 hypervisor performs hardware-level encryption for tighter security and efficiency.
  • D. A Type 1 hypervisor only hosts virtual machines with the same operating systems as the hypervisor.

Answer : B

Type 1 hypervisors run directly on top of the bare metal and only contain the code and functions required to perform their purpose. They do not rely on any other systems or contain extra features to secure.

Which of the following are the storage types associated with PaaS?

  • A. Structured and freeform
  • B. Volume and object
  • C. Structured and unstructured
  • D. Database and file system

Answer : C

Page:    1 / 35   
Total 512 questions