Certified Cloud Security Professional – CCSP – Question452

To address shared monitoring and testing responsibilities in a cloud configuration, the provider might offer all these to the cloud customer except:

A. Access to audit logs and performance data
B. DLP solution results
C. Security control administration
D. SIM, SEIM. and SEM logs

Correct Answer: C

Explanation:

Explanation: While the provider might share any of the other options listed, the provider will not share administration of security controls with the customer. Security controls are the sole province of the provider.

Certified Cloud Security Professional – CCSP – Question451

Which kind of SSAE audit reviews controls dealing with the organization’s controls for assuring the confidentiality, integrity, and availability of data?

A. SOC 1
B. SOC 2
C. SOC 3
D. SOC 4

Correct Answer: B

Explanation:

Explanation: SOC 2 deals with the CIA triad. SOC 1 is for financial reporting. SOC 3 is only an attestation by the auditor. There is no SOC 4.

Certified Cloud Security Professional – CCSP – Question450

The various models generally available for cloud BC/DR activities include all of the following except:

A. Private architecture, cloud backup
B. Cloud provider, backup from another cloud provider
C. Cloud provider, backup from same provider
D. Cloud provider, backup from private provider

Correct Answer: D

Explanation:

Explanation: This is not a normal configuration and would not likely provide genuine benefit.

Certified Cloud Security Professional – CCSP – Question449

All of these are methods of data discovery, except:

A. Label-based
B. User-based
C. Content-based
D. Metadata-based

Correct Answer: B

Explanation:

Explanation: All the others are valid methods of data discovery; user-based is a red herring with no meaning.

Certified Cloud Security Professional – CCSP – Question448

What are the U.S. Commerce Department controls on technology exports known as?

A. ITAR
B. DRM
C. EAR
D. EAL

Correct Answer: C

Explanation:

Explanation: EAR is a Commerce Department program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.

Certified Cloud Security Professional – CCSP – Question447

Data labels could include all the following, except:

A. Data value
B. Data of scheduled destruction
C. Date data was created
D. Data owner

Correct Answer: A

Explanation:

Explanation: All the others might be included in data labels, but we don’t usually include data value, since it is prone to change frequently, and because it might not be information we want to disclose to anyone who does not have need to know.

Certified Cloud Security Professional – CCSP – Question446

What are third-party providers of IAM functions for the cloud environment?

A. AESs
B. SIEMs
C. DLPs
D. CASBs

Correct Answer: D

Explanation:

Explanation: Data loss, leak prevention, and protection is a family of tools used to reduce the possibility of unauthorized disclosure of sensitive information. SIEMs are tools used to collate and manage log data. AES is an encryption standard.

Certified Cloud Security Professional – CCSP – Question445

What is the experimental technology that might lead to the possibility of processing encrypted data without having to decrypt it first?

A. One-time pads
B. Link encryption
C. Homomorphic encryption
D. AES

Correct Answer: C

Explanation:

Explanation: AES is an encryption standard. Link encryption is a method for protecting communications traffic. One-time pads are an encryption method.

Certified Cloud Security Professional – CCSP – Question444

Cryptographic keys should be secured ________________ .

A. To a level at least as high as the data they can decrypt
B. In vaults
C. With two-person integrity
D. By armed guards

Correct Answer: A

Explanation:

Explanation: The physical security of crypto keys is of some concern, but guards or vaults are not always necessary. Two-person integrity might be a good practice for protecting keys. The best answer to this question is option A, because it is always true, whereas the remaining options depend on circumstances.

Certified Cloud Security Professional – CCSP – Question443

What is the correct order of the phases of the data life cycle?

A. Create, Use, Store, Share, Archive, Destroy
B. Create, Archive, Store, Share, Use, Destroy
C. Create, Store, Use, Archive, Share, Destroy
D. Create, Store, Use, Share, Archive, Destroy

Correct Answer: D

Explanation:

Explanation: The other options are the names of the phases, but out of proper order.