Free CCSP Exam Braindumps

Pass your Certified Cloud Security Professional exam with these free Questions and Answers

Page 2 of 103
QUESTION 1

- (Exam Topic 3)
You were recently hired as a project manager at a major university to implement cloud services for the academic and administrative systems. Because the load and demand for services at a university are very cyclical in nature, commensurate with the academic calendar, which of the following aspects of cloud computing would NOT be a primary benefit to you?

  1. A. Measured service
  2. B. Broad network access
  3. C. Resource pooling
  4. D. On-demand self-service

Correct Answer: B
Broad network access to cloud services, although it is an integral aspect of cloud computing, would not being a specific benefit to an organization with cyclical business needs. The other options would allow for lower costs during periods of low usage as well as provide the ability to expand services quickly and easily when needed for peak periods. Measured service allows a cloud customer to only use the resources it needs at the time, and resource pooling allows a cloud customer to access resources as needed. On-demand self-service enables the cloud customer to change its provisioned resources on its own, without the need to interact with the staff from the cloud provider.

QUESTION 2

- (Exam Topic 4)
Gathering business requirements can aid the organization in determining all of this information about organizational assets, except:

  1. A. Full inventory
  2. B. Criticality
  3. C. Value
  4. D. Usefulness

Correct Answer: D
When we gather information about business requirements, we need to do a complete inventory, receive accurate valuation of assets (usually from the owners of those assets), and assess criticality; this collection of information does not tell us, objectively, how useful an asset is, however.

QUESTION 3

- (Exam Topic 2)
What is an often overlooked concept that is essential to protecting the confidentiality of data?

  1. A. Strong password
  2. B. Training
  3. C. Security controls
  4. D. Policies

Correct Answer: B
While the main focus of confidentiality revolves around technological requirements or particular security methods, an important and often overlooked aspect of safeguarding data confidentiality is appropriate and comprehensive training for those with access to it. Training should be focused on the safe handling of sensitive information overall, including best practices for network activities as well as physical security of the devices or workstations used to access the application.

QUESTION 4

- (Exam Topic 4)
Security is a critical yet often overlooked consideration for BCDR planning. At which stage of the planning process should security be involved?

  1. A. Scope definition
  2. B. Requirements gathering
  3. C. Analysis
  4. D. Risk assessment

Correct Answer: A
Defining the scope of the plan is the very first step in the overall process. Security should be included from the very earliest stages and throughout the entire process. Bringing in security at a later stage can lead to additional costs and time delays to compensate for gaps in planning. Risk assessment, requirements gathering, and analysis are all later steps in the process, and adding in security at any of those points can potentially cause increased costs and time delays.

QUESTION 5

- (Exam Topic 3)
Many aspects and features of cloud computing can make eDiscovery compliance more difficult or costly. Which aspect of cloud computing would be the MOST complicating factor?

  1. A. Measured service
  2. B. Broad network access
  3. C. Multitenancy
  4. D. Portability

Correct Answer: C
With multitenancy, multiple customers share the same physical hardware and systems. With the nature of a cloud environment and how it writes data across diverse systems that are shared by others, the process of eDiscovery becomes much more complicated. Administrators cannot pull physical drives or easily isolate which data to capture. They not only have to focus on which data they need to collect, while ensuring they find all of it, but they also have to make sure that other data is not accidently collected and exposed along with it. Measured service is the aspect of a cloud where customers only pay for the services they are actually using, and for the duration of their use. Portability refers to the ease with which an application or service can be moved among different cloud providers. Broad network access refers to the nature of cloud services being accessed via the public Internet, either with or without secure tunneling technologies. None of these concepts would pertain to eDiscovery.

Page 2 of 103

Post your Comments and Discuss ISC2 CCSP exam with other Community members: