Certified Cloud Security Professional – CCSP – Question062

Which technology can be useful during the "share" phase of the cloud data lifecycle to continue to protect data as it leaves the original system and security controls?

A. IPS
B. WAF
C. DLP
D. IDS

Correct Answer: C

Explanation:

Explanation: Data loss prevention (DLP) can be applied to data that is leaving the security enclave to continue to enforce access restrictions and policies on other clients and systems.

Certified Cloud Security Professional – CCSP – Question061

Which of the following are the storage types associated with IaaS?

A. Volume and object
B. Volume and label
C. Volume and container
D. Object and target

Correct Answer: A

Certified Cloud Security Professional – CCSP – Question060

Which of the following does NOT relate to the hiding of sensitive data from data sets?

A. Obfuscation
B. Federation
C. Masking
D. Anonymization

Correct Answer: B

Explanation:

Explanation: Federation pertains to authenticating systems between different organizations.

Certified Cloud Security Professional – CCSP – Question059

Which of the following roles is responsible for peering with other cloud services and providers?

A. Cloud auditor
B. Inter-cloud provider
C. Cloud service broker
D. Cloud service developer

Correct Answer: B

Explanation:

Explanation: The inter-cloud provider is responsible for peering with other cloud services and providers, as well as overseeing and managing federations and federated services.

Certified Cloud Security Professional – CCSP – Question058

Which of the following represents a control on the maximum amount of resources that a single customer, virtual machine, or application can consume within a cloud environment?

A. Share
B. Reservation
C. Provision
D. Limit

Correct Answer: D

Explanation:

Explanation: Limits are put in place to enforce a maximum on the amount of memory or processing a cloud customer can use. This can be done either on a virtual machine or as a comprehensive whole for a customer, and is meant to ensure that enormous cloud resources cannot be allocated or consumed by a single host or customer to the detriment of other hosts and customers.

Certified Cloud Security Professional – CCSP – Question057

Which of the following is considered an internal redundancy for a data center?

A. Power distribution units
B. Network circuits
C. Power substations
D. Generators

Correct Answer: A

Explanation:

Explanation: Power distribution units are internal to a data center and supply power to internal components such as racks, appliances, and cooling systems. As such, they are considered an internal redundancy.

Certified Cloud Security Professional – CCSP – Question056

Which of the following may unilaterally deem a cloud hosting model inappropriate for a system or application?

A. Multitenancy
B. Certification
C. Regulation
D. Virtualization

Correct Answer: C

Explanation:

Explanation: Some regulations may require specific security controls or certifications be used for hosting certain types of data or functions, and in some circumstances they may be requirements that are unable to be met by any cloud provider.

Certified Cloud Security Professional – CCSP – Question055

Which type of cloud model typically presents the most challenges to a cloud customer during the "destroy" phase of the cloud data lifecycle?

A. IaaS
B. DaaS
C. SaaS
D. PaaS

Correct Answer: C

Explanation:

Explanation: With many SaaS implementations, data is not isolated to a particular customer but rather is part of the overall application. When it comes to data destruction, a particular challenge is ensuring that all of a customer’s data is completely destroyed while not impacting the data of other customers.

Certified Cloud Security Professional – CCSP – Question054

What are the two protocols that TLS uses?

A. Handshake and record
B. Transport and initiate
C. Handshake and transport
D. Record and transmit

Correct Answer: A

Explanation:

Explanation: TLS uses the handshake protocol to establish and negotiate the TLS connection, and it uses the record protocol for the secure transmission of data.

Certified Cloud Security Professional – CCSP – Question053

Which of the following actions will NOT make data part of the "create" phase of the cloud data lifecycle?

A. Modifying metadata
B. Importing data
C. Modifying data
D. Constructing new data

Correct Answer: A

Explanation:

Explanation: Although the initial phase is called “create,” it can also refer to modification. In essence, any time data is considered “new,” it is in the create phase. This can come from data that is newly created, data that is imported into a system and is new to that system, or data that is already present and modified into a new form or value. Modifying the metadata does not change the actual data.