Practice Exams:

Free CCSP Exam Braindumps

Pass your Certified Cloud Security Professional exam with these free Questions and Answers

Page 12 of 103
PDF with 512 Questions
QUESTION 51

- (Exam Topic 2)
Which of the cloud cross-cutting aspects relates to the requirements placed on a system or application by law, policy, or requirements from standards?

  1. A. regulatory requirements
  2. B. Auditability
  3. C. Service-level agreements
  4. D. Governance

Correct Answer: A
Regulatory requirements are those imposed upon businesses and their operations either by law, regulation, policy, or standards and guidelines. These requirements are specific either to the locality in which the company or application is based or to the specific nature of the data and transactions conducted.

QUESTION 52

- (Exam Topic 3)
Jurisdictions have a broad range of privacy requirements pertaining to the handling of personal data and information.
Which jurisdiction requires all storage and processing of data that pertains to its citizens to be done on hardware that is physically located within its borders?

  1. A. Japan
  2. B. United States
  3. C. European Union
  4. D. Russia

Correct Answer: D
The Russian government requires all data and processing of information about its citizens to be done solely on systems and applications that reside within the physical borders of the country. The United States, European Union, and Japan focus their data privacy laws on requirements and methods for the protection of data, rather than where the data physically resides.

QUESTION 53

- (Exam Topic 2)
Which process serves to prove the identity and credentials of a user requesting access to an application or data?

  1. A. Repudiation
  2. B. Authentication
  3. C. Identification
  4. D. Authorization

Correct Answer: B
Authentication is the process of proving whether the identity presented by a user is true and valid. This can be done through common mechanisms such as user ID and password combinations or with more secure methods such as multifactor authentication.

QUESTION 54

- (Exam Topic 2)
What does static application security testing (SAST) offer as a tool to the testers?

  1. A. Production system scanning
  2. B. Injection attempts
  3. C. Source code access
  4. D. Live testing

Correct Answer: C
Static application security testing (SAST) is conducted with knowledge of the system, including source code, and is done against offline systems.

QUESTION 55

- (Exam Topic 2)
Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?

  1. A. Platform
  2. B. Infrastructure
  3. C. Governance
  4. D. Application

Correct Answer: C
Regardless of which cloud-hosting model is used, the cloud customer always has sole responsibility for the governance of systems and data.

Page 12 of 103
PDF with 512 Questions

Post your Comments and Discuss ISC2 CCSP exam with other Community members: