Certified Cloud Security Professional – CCSP – Question492

A data custodian is responsible for which of the following?

A.
Data context
B. Data content
C. The safe custody, transport, storage of the data, and implementation of business rules
D. Logging access and alerts

Correct Answer: C

Explanation:

Explanation: A data custodian is responsible for the safe custody, transport, and storage of data, and the implementation of business roles.

Certified Cloud Security Professional – CCSP – Question491

Which of the following storage types is most closely associated with a database-type storage implementation?

A.
Object
B. Unstructured
C. Volume
D. Structured

Correct Answer: D

Explanation:

Explanation: Structured storage involves organized and categorized data, which most closely resembles and operates like a database system would.

Certified Cloud Security Professional – CCSP – Question490

Which of the following roles is responsible for creating cloud components and the testing and validation of services?

A.
Cloud auditor
B. Inter-cloud provider
C. Cloud service broker
D. Cloud service developer

Correct Answer: D

Explanation:

Explanation: The cloud service developer is responsible for developing and creating cloud components and services, as well as for testing and validating services.

Certified Cloud Security Professional – CCSP – Question489

The baseline should cover which of the following?

A.
Data breach alerting and reporting
B. All regulatory compliance requirements
C. As many systems throughout the organization as possible
D. A process for version control

Correct Answer: C

Explanation:

Explanation: The more systems that be included in the baseline, the more cost-effective and scalable the baseline is. The baseline does not deal with breaches or version control; those are the provinces of the security office and CMB, respectively. Regulatory compliance might (and usually will) go beyond the baseline and involve systems, processes, and personnel that are not subject to the baseline.

Certified Cloud Security Professional – CCSP – Question488

The BC/DR kit should include all of the following except:

A.
Annotated asset inventory
B. Flashlight
C. Hard drives
D. Documentation equipment

Correct Answer: C

Explanation:

Explanation: While hard drives may be useful in the kit (for instance, if they store BC/DR data such as inventory lists, baselines, and patches), they are not necessarily required. All the other items should be included.

Certified Cloud Security Professional – CCSP – Question487

Database activity monitoring (DAM) can be:

A.
Host-based or network-based
B. Server-based or client-based
C. Used in the place of encryption
D. Used in place of data masking

Correct Answer: A

Explanation:

Explanation: We don’t use DAM in place of encryption or masking; DAM augments these options without replacing them. We don’t usually think of the database interaction as client-server, so A is the best answer.

Certified Cloud Security Professional – CCSP – Question486

In a federated identity arrangement using a trusted third-party model, who is the identity provider and who is the relying party?

A.
The users of the various organizations within the federations within the federation/a CASB
B. Each member organization/a trusted third party
C. Each member organization/each member organization
D. A contracted third party/the various member organizations of the federation

Correct Answer: D

Explanation:

Explanation: In a trusted third-party model of federation, each member organization outsources the review and approval task to a third party they all trust. This makes the third party the identifier (it issues and manages identities for all users in all organizations in the federation), and the various member organizations are the relying parties (the resource providers that share resources based on approval from the third party).

Certified Cloud Security Professional – CCSP – Question485

What is one of the reasons a baseline might be changed?

A.
Numerous change requests
B. To reduce redundancy
C. Natural disaster
D. Power fluctuation

Correct Answer: A

Explanation:

Explanation: If the CMB is receiving numerous change requests to the point where the amount of requests would drop by modifying the baseline, then that is a good reason to change the baseline. None of the other reasons should involve the baseline at all.

Certified Cloud Security Professional – CCSP – Question484

Maintenance mode requires all of these actions except:

A.
Remove all active production instances
B. Ensure logging continues
C. Initiate enhanced security controls
D. Prevent new logins

Correct Answer: C

Explanation:

Explanation: While the other answers are all steps in moving from normal operations to maintenance mode, we do not necessarily initiate any enhanced security controls.

Certified Cloud Security Professional – CCSP – Question483

Identity and access management (IAM) is a security discipline that ensures which of the following?

A.
That all users are properly authorized
B. That the right individual gets access to the right resources at the right time for the right reasons.
C. That all users are properly authenticated
D. That unauthorized users will get access to the right resources at the right time for the right reasons

Correct Answer: B

Explanation:

Explanation: Options A and C are also correct, but included in B, making B the best choice. D is incorrect, because we don’t want unauthorized users gaining access.