Free CCSP Exam Braindumps

- (Exam Topic 1)
Which of the following threat types can occur when encryption is not properly applied or insecure transport mechanisms are used?

1. A. Security misconfiguration
2. B. Insecure direct object references
3. C. Sensitive data exposure
4. D. Unvalidated redirects and forwards

Correct Answer: C
Sensitive data exposure occurs when information is not properly secured through encryption and secure transport mechanisms; it can quickly become an easy and broad method for attackers to compromise information. Web applications must enforce strong encryption and security controls on the application side, but secure methods of communications with browsers or other clients used to access the information are also required. Security misconfiguration occurs when applications and systems are not properly configured for security, often a result of misapplied or inadequate baselines. Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, thus allowing spoofing for malware or phishing attacks.

- (Exam Topic 4)
All of these are methods of data discovery, except:

1. A. Label-based
2. B. User-based
3. C. Content-based
4. D. Metadata-based

Correct Answer: B
All the others are valid methods of data discovery; user-based is a red herring with no meaning.

- (Exam Topic 1)
What is the first stage of the cloud data lifecycle where security controls can be implemented?

1. A. Use
2. B. Store
3. C. Share
4. D. Create

Correct Answer: B
The "store" phase of the cloud data lifecycle, which typically occurs simultaneously with the "create" phase, or immediately thereafter, is the first phase where security controls can be implemented. In most case, the manner in which the data is stored will be based on its classification.

- (Exam Topic 4)
Which of the following is the concept of segregating information or processes, within the same system or application, for security reasons?

1. A. Cell blocking
2. B. Sandboxing
3. C. Pooling
4. D. Fencing

Correct Answer: B
Sandboxing involves the segregation and isolation of information or processes from other information or processes within the same system or application, typically for security concerns. Sandboxing is generally used for data isolation (for example, keeping different communities and populations of users isolated from others with similar data). In IT terminology, pooling typically means bringing together and consolidating resources or services, not segregating or separating them. Cell blocking and fencing are both erroneous terms.

- (Exam Topic 4)
Identity and access management (IAM) is a security discipline that ensures which of the following?

1. A. That all users are properly authorized
2. B. That the right individual gets access to the right resources at the right time for the right reasons.
3. C. That all users are properly authenticated
4. D. That unauthorized users will get access to the right resources at the right time for the right reasons

Correct Answer: B
Options A and C are also correct, but included in B, making B the best choice. D is incorrect, because we don’t want unauthorized users gaining access.