Browse Exams Pricing

ExamsCCSPQuestions

CCSP Exam Questions

876 real CCSP exam questions with expert-verified answers and explanations. Page 10 of 18.

Question #460Cloud Platform & Infrastructure Security
Which of the following pertains to fire safety standards within a data center, specifically with their enormous electrical consumption?
Data Center SecurityPhysical SecurityFire Safety Standards
Question #461Cloud Concepts, Architecture and Design
Which of the following roles involves the connection and integration of existing systems and services to a cloud environment?
Cloud rolesCloud integrationCloud service roles
Question #462Cloud Data Security
Which technique involves replacing values within a specific data field to protect sensitive data?
Data ProtectionData MaskingSensitive Data
Question #463Cloud Platform & Infrastructure Security
What expectation of data custodians is made much more challenging by a cloud implementation, especially with PaaS or SaaS?
Data custodiansShared responsibilityCloud service modelsPlatform security
Question #464Legal, Risk and Compliance
What type of PII is controlled based on laws and carries legal penalties for noncompliance with requirements?
PIIData ClassificationLegal ComplianceRegulatory Compliance
Question #465Cloud Concepts, Architecture and Design
Which if the following is NOT one of the three components of a federated identity system transaction?
Federated IdentityIdentity ManagementAuthenticationRelying Party
Question #466Cloud Security Operations
Which value refers to the amount of time it takes to recover operations in a BCDR situation to meet management's objectives?
BCDRRecovery Time ObjectiveRecovery PlanningDisaster Recovery
Question #467Cloud Concepts, Architecture and Design
Which of the cloud deployment models requires the cloud customer to be part of a specific group or organization in order to host cloud services within it?
Cloud Deployment ModelsCommunity CloudCloud Concepts
Question #468Cloud Concepts, Architecture and Design
What provides the information to an application to make decisions about the authorization level appropriate when granting access?
Identity ProviderAuthorizationAccess ManagementFederated Identity
Question #469Cloud Platform & Infrastructure Security
What is a standard configuration and policy set that is applied to systems and virtual machines called?
Security baselinesConfiguration managementSystem hardeningPolicy enforcement
Question #470Legal, Risk and Compliance
Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders?
Data residencyData localizationLegal requirementsCompliance
Question #471Cloud Concepts, Architecture and Design
Which of the cloud cross-cutting aspects relates to the ability to easily move services and applications between different cloud providers?
Cloud portabilityCloud computing conceptsMulti-cloud strategy
Question #472Legal, Risk and Compliance
Which type of audit report is considered a "restricted use" report for its intended audience?
SOC ReportsAudit ReportsComplianceCloud Auditing
Question #473Cloud Platform & Infrastructure Security
What is the concept of segregating information or processes, within the same system or application, for security reasons?
SandboxingSecurity IsolationProcess Isolation
Question #474Legal, Risk and Compliance
The European Union passed the first major regulation declaring data privacy to be a human right. In what year did it go into effect?
Data Privacy LawEU RegulationCompliance HistoryPrivacy Directives
Question #475Cloud Security Operations
Which of the following is NOT a key area for performance monitoring as far as an SLA is concerned?
Performance MonitoringService Level Agreement (SLA)Cloud OperationsResource Utilization
Question #476Legal, Risk and Compliance
Which of the following is the MOST important requirement and guidance for testing during an audit?
Audit testingComplianceRegulatory requirementsLegal guidance
Question #477Legal, Risk and Compliance
Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?
BCDRRPOData RecoveryDisaster Recovery
Question #478Cloud Application Security
What must SOAP rely on for security?
SOAP SecurityWeb Services SecurityEncryptionCloud Application Security
Question #479Cloud Platform and Infrastructure Security
Which of the following is a commonly used tool for maintaining system configurations?
Configuration ManagementDevOps ToolsInfrastructure as CodeSystem Configuration
Question #480Cloud Data Security
What type of data does data rights management (DRM) protect?
DRMDigital Rights ManagementContent ProtectionIntellectual Property
Question #481Legal, Risk and Compliance
Which of the following is a valid risk management metric?
Risk managementKey Risk IndicatorsMetrics
Question #482Legal, Risk and Compliance
From a security perspective, which of the following is a major concern when evaluating possible BCDR solutions?
Business Continuity and Disaster Recovery (BCDR)Data SovereigntyLegal and Regulatory ComplianceCloud Security Concerns
Question #483Legal, Risk and Compliance
Which of the following is NOT a focus or consideration of an internal audit?
Internal auditAudit scopeCertificationGovernance
Question #484Cloud Concepts, Architecture and Design
Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used?
Shared Responsibility ModelCloud Customer ResponsibilitiesData OwnershipCloud Service Models
Question #485Cloud Concepts, Architecture and Design
What process is used within a clustered system to provide high availability and load balancing?
ClusteringHigh AvailabilityLoad BalancingResource Scheduling
Question #486Cloud Data Security
Which of the following is NOT a function performed by the handshake protocol of TLS?
TLS HandshakeNetwork SecurityData in Transit SecurityCryptography
Question #487Legal, Risk and Compliance
Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?
SOC reportsAuditing standardsCompliance
Question #488Cloud Platform & Infrastructure Security
What changes are necessary to application code in order to implement DNSSEC?
DNSSECApplication SecurityNetwork ProtocolsDNS
Question #489Legal, Risk and Compliance
Which type of controls are the SOC Type 1 reports specifically focused on?
SOC reportsSOC 1Financial reportingCompliance
Question #490Cloud Data Security
Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?
ConfidentialityCIA TriadAccess ControlData Security Concepts
Question #491Legal, Risk and Compliance
Which of the following is NOT a domain of the Cloud Controls Matrix (CCM)?
Cloud Controls Matrix (CCM)CSASecurity frameworksCompliance
Question #492Cloud Data Security
Which security concept, if implemented correctly, will protect the data on a system, even if a malicious actor gains access to the actual system?
EncryptionData ProtectionSecurity ControlsData at Rest
Question #493Cloud Concepts, Architecture and Design
Which of the following is the sole responsibility of the cloud provider, regardless of which cloud model is used?
Shared Responsibility ModelCloud Provider ResponsibilitiesPhysical SecurityCloud Service Models
Question #494Cloud Platform & Infrastructure Security
Which of the following is NOT a factor that is part of a firewall configuration?
FirewallNetwork SecuritySecurity ControlsTraffic Filtering
Question #495Cloud Concepts, Architecture and Design
Which of the cloud deployment models involves spanning multiple cloud environments or a mix of cloud hosting models?
Cloud Deployment ModelsHybrid CloudCloud Concepts
Question #496Legal, Risk and Compliance
Which of the following is NOT one of five principles of SOC Type 2 audits?
SOC 2Trust Services CriteriaAuditingCompliance
Question #497Cloud Data Security
Which aspect of cloud computing makes data classification even more vital than in a traditional data center?
MultitenancyData ClassificationCloud Security RisksData Protection
Question #498Cloud Concepts, Architecture and Design
What concept does the "T" represent in the STRIDE threat model?
STRIDEThreat ModelingSecurity Assessment
Question #499Cloud Security Operations
Which of the following would be a reason to undertake a BCDR test?
BCDR testingBusiness ContinuityDisaster RecoveryApplication functionality changes
Question #500Cloud Concepts, Architecture and Design
What is the biggest challenge to data discovery in a cloud environment?
Data DiscoveryCloud StorageCloud Data ChallengesData Location
Question #501Legal, Risk and Compliance
What is the Cloud Security Alliance Cloud Controls Matrix (CCM)?
Cloud Security AllianceCloud Controls MatrixSecurity ControlsCompliance Frameworks
Question #502Cloud Application Security
Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?
Software Development Lifecycle (SDLC)Requirements AnalysisApplication SecurityNon-functional Requirements
Question #503Legal, Risk and Compliance
Which of the cloud cross-cutting aspects relates to the assigning of jobs, tasks, and roles, as well as to ensuring they are successful and properly performed?
GovernanceCloud GovernanceRoles and ResponsibilitiesAccountability
Question #504Legal, Risk and Compliance
Which regulatory system pertains to the protection of healthcare data?
HIPAAHealthcare data protectionRegulatory compliance
Question #505Cloud Platform & Infrastructure Security
Which aspect of cloud computing makes it very difficult to perform repeat audits over time to track changes and compliance?
Virtualization securityCloud auditingCompliance challengesChange tracking
Question #506Cloud Security Operations
Which security concept would business continuity and disaster recovery fall under?
Business ContinuityDisaster RecoveryAvailabilitySecurity Concepts
Question #507Cloud Platform & Infrastructure Security
Which of the following is NOT an application or utility to apply and enforce baselines on a system?
Configuration ManagementBaseline EnforcementSystem HardeningAutomation Tools
Question #508Cloud Concepts, Architecture and Design
Which of the cloud cross-cutting aspects relates to the ability for a cloud customer to easily remove their applications and data from a cloud environment?
Cloud conceptsReversibilityCloud exit
Question #509Cloud Data Security
Which of the following is NOT a function performed by the record protocol of TLS?
TLSRecord ProtocolNetwork SecurityData in Transit Protection

PreviousPage 10 of 18Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.