Browse Exams Pricing

ExamsCCSPQuestions

CCSP Exam Questions

876 real CCSP exam questions with expert-verified answers and explanations. Page 15 of 18.

Question #710Legal, Risk and Compliance
Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight. Which of the following is not...
Regulatory frameworksCompliance standardsSensitive data protectionData privacy regulations
Question #711Cloud Data Security
Which data sanitation method is also commonly referred to as "zeroing"?
data sanitationoverwritingzeroingdata destruction
Question #712Cloud Application Security
What is the concept of isolating an application from the underlying operating system for testing purposes?
Application virtualizationApplication isolationTesting environmentsCloud application deployment
Question #713Cloud Platform & Infrastructure Security
Which of the following could be used as a second component of multifactor authentication if a user has an RSA token?
Multifactor Authentication (MFA)Authentication FactorsBiometricsAccess Control
Question #714Legal, Risk and Compliance
Which of the following is NOT one of the official risk rating categories?
Risk ManagementRisk AssessmentRisk Rating Categories
Question #715Legal, Risk and Compliance
SOC Type 1 reports are considered "restricted use," in that they are intended only for limited audiences and purposes. Which of the following is NOT a population that would be appr...
SOC ReportsAudit ReportsRestricted UseCompliance
Question #716Cloud Concepts, Architecture and Design
Having a reservation in a cloud environment can ensure operations continue in the event of high utilization across the cloud. Which of the following would NOT be a capability cover...
Cloud ReservationsAuto-scalingCloud Resource ManagementCloud Elasticity
Question #717Cloud Application Security
What must SOAP rely on for security since it does not provide security as a built-in capability?
SOAP securityWeb services securityEncryptionMessage-level security
Question #718Cloud Concepts, Architecture and Design
With a federated identity system, what does the identity provider send information to after a successful authentication?
Federated IdentityIdentity ProviderRelying PartyAuthentication
Question #719Cloud Platform & Infrastructure Security
Which of the following technologies is NOT commonly used for accessing systems and services in a cloud environment in a secure manner?
Secure AccessCloud Access TechnologiesNetwork SecurityVirtualization
Question #720Cloud Security Operations
Which component of ITIL involves handling anything that can impact services for either internal or public users?
ITILIncident ManagementService ManagementIT Operations
Question #721Cloud Data Security
Which protocol, as a part of TLS, handles the actual secure communications and transmission of data?
TLSRecord ProtocolNetwork SecuritySecure Communication
Question #722Legal, Risk and Compliance
Which of the following terms is NOT a commonly used category of risk acceptance?
Risk AcceptanceRisk ManagementRisk CategoriesRisk Treatment
Question #723Cloud Concepts, Architecture and Design
Many activities within a cloud environment are performed via programmatic means, where complex and distributed operations are handled without the need to perform each step individu...
Cloud OrchestrationAutomationCloud ManagementCloud Concepts
Question #724Cloud Concepts, Architecture and Design
Being in a cloud environment, cloud customers lose a lot of insight and knowledge as to how their data is stored and their systems are deployed. Which concept from the ISO/IEC clou...
Cloud TransparencyISO/IEC StandardsCloud Provider ResponsibilitiesCloud Concepts
Question #725Cloud Concepts, Architecture and Design
Your IT steering committee has, at a high level, approved your project to begin using cloud services. However, the committee is concerned with getting locked into a single cloud pr...
Cloud InteroperabilityVendor Lock-inCloud Provider EvaluationComponent Reuse
Question #726Cloud Platform & Infrastructure Security
Which of the following provides assurance, to a predetermined acceptable level of certainty, that an entity is indeed who they claim to be?
AuthenticationIdentity ManagementAccess Control
Question #727Legal, Risk and Compliance
Whereas a contract articulates overall priorities and requirements for a business relationship, which artifact enumerates specific compliance requirements, metrics, and response ti...
Service Level AgreementCloud ContractsComplianceCloud Governance
Question #728Cloud Concepts, Architecture and Design
When an organization is considering the use of cloud services for BCDR planning and solutions, which of the following cloud concepts would be the most important?
Cloud ConceptsBCDRPortabilityDisaster Recovery
Question #729Cloud Data Security
What masking strategy involves the replacing of sensitive data at the time it is accessed and used as it flows between the data and application layers of a service?
Data MaskingDynamic Data MaskingData ProtectionCloud Data Security
Question #730Cloud Concepts, Architecture and Design
Which of the following would be considered an example of insufficient due diligence leading to security or operational problems when moving to a cloud?
Due DiligenceShared Responsibility ModelCloud Security ArchitectureCloud Migration Risks
Question #731Cloud Data Security
Which aspect of cloud computing serves as the biggest challenge to using DLP to protect data at rest?
DLPData at rest securityResource poolingCloud security challenges
Question #732Legal, Risk and Compliance
What category of PII data can carry potential fines or even criminal charges for its improper use or disclosure?
PIIData PrivacyComplianceRegulations
Question #733Cloud Platform & Infrastructure Security
A variety of security systems can be integrated within a network--some that just monitor for threats and issue alerts, and others that take action based on signatures, behavior, an...
Intrusion Prevention SystemNetwork SecurityThreat DetectionThreat Prevention
Question #734Legal, Risk and Compliance
Upon completing a risk analysis, a company has four different approaches to addressing risk. Which approach it takes will be based on costs, available options, and adherence to any...
Risk managementRisk response strategiesRisk treatmentAccept, Avoid, Transfer, Mitigate
Question #735Cloud Concepts, Architecture and Design
Which of the following is NOT a component of access control?
Access ControlAuthenticationAuthorizationAccounting (AAA)
Question #736Legal, Risk and Compliance
What concept does the A represent within the DREAD model?
DREAD modelThreat modelingRisk assessmentRisk management
Question #737Legal, Risk and Compliance
With an application hosted in a cloud environment, who could be the recipient of an eDiscovery order?
eDiscoveryLegal ComplianceCloud Shared ResponsibilityData Governance
Question #738Cloud Security Operations
Which ITIL component focuses on ensuring that system resources, processes, and personnel are properly allocated to meet SLA requirements?
ITILAvailability ManagementSLAService Management
Question #739Cloud Security Operations
Which ITIL component is an ongoing, iterative process of tracking all deployed and configured resources that an organization uses and depends on, whether they are hosted in a tradi...
ITILConfiguration ManagementAsset TrackingCloud Operations
Question #740Legal, Risk and Compliance
When beginning an audit, both the system owner and the auditors must agree on various aspects of the final audit report. Which of the following would NOT be something that is prede...
Audit planningAudit reportingAudit agreementsCompliance
Question #741Cloud Concepts, Architecture and Design
What concept does the D represent within the STRIDE threat model?
STRIDE threat modelThreat modelingDenial of ServiceSecurity models
Question #742Cloud Application Security
Which of the following is the concept of segregating information or processes, within the same system or application, for security reasons?
SandboxingProcess IsolationApplication SecuritySecurity Mechanisms
Question #743Cloud Data Security
Which cloud service category most commonly uses client-side key management systems?
SaaS SecurityKey ManagementClient-Side EncryptionCloud Service Models
Question #744Cloud Data Security
Apart from using encryption at the file system level, what technology is the most widely used to protect data stored in an object storage system?
Object Storage SecurityData at Rest ProtectionInformation Rights ManagementCloud Data Protection
Question #745Cloud Data Security
Which of the following types of data would fall under data rights management (DRM) rather than information rights management (IRM)?
DRMIRMData rights managementInformation rights management
Question #746Cloud Application Security
Different security testing methodologies offer different strategies and approaches to testing systems, requiring security personnel to determine the best type to use for their spec...
DASTSASTApplication Security TestingVulnerability Scanning
Question #747Cloud Concepts, Architecture and Design
You need to gain approval to begin moving your company's data and systems into a cloud environment. However, your CEO has mandated the ability to easily remove your IT assets from...
ReversibilityVendor Lock-inCloud Exit StrategyCloud Adoption
Question #748Cloud Application Security
What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?
SASTApplication Security TestingSDLC SecurityCode Analysis
Question #749Cloud Concepts, Architecture and Design
A main objective for an organization when utilizing cloud services is to avoid vendor lock-in so as to ensure flexibility and maintain independence. Which core concept of cloud com...
Vendor Lock-inCloud PortabilityCore Cloud Concepts
Question #750Cloud Concepts, Architecture and Design
Which of the following areas of responsibility always falls completely under the purview of the cloud provider, regardless of which cloud service category is used?
Shared Responsibility ModelCloud Provider ResponsibilitiesPhysical SecurityCloud Service Models
Question #751Cloud Data Security
What type of masking would you employ to produce a separate data set for testing purposes based on production data without any sensitive information?
Data MaskingStatic Data MaskingTest Data ManagementData De-identification
Question #752Cloud Data Security
Which aspect of data poses the biggest challenge to using automated tools for data discovery and programmatic data classification?
Data classificationAutomated data discoveryData qualityData security challenges
Question #753Cloud Concepts, Architecture and Design
When an organization is considering a cloud environment for hosting BCDR solutions, which of the following would be the greatest concern?
BCDRCloud ArchitectureGeographic RedundancyData Sovereignty
Question #754Cloud Security Operations
Just like the risk management process, the BCDR planning process has a defined sequence of steps and processes to follow to ensure the production of a comprehensive and successful...
BCDR PlanningBusiness ContinuityDisaster RecoveryPlanning Process
Question #755Cloud Platform & Infrastructure Security
What type of solution is at the core of virtually all directory services?
Directory ServicesLDAPIdentity and Access ManagementProtocols
Question #756Cloud Concepts, Architecture and Design
The different cloud service models have varying levels of responsibilities for functions and operations depending with the model's level of service. In which of the following model...
Cloud Service ModelsShared Responsibility ModelIaaSPatch Management
Question #757Cloud Security Operations
Which component of ITIL involves the creation of an RFC ticket and obtaining official approvals for it?
ITILChange ManagementRFCIT Service Management
Question #758Cloud Concepts, Architecture and Design
Which of the following are attributes of cloud computing?
Cloud characteristicsNIST cloud definitionCloud attributes
Question #759Cloud Data Security
In a cloud environment, encryption should be used for all the following, except:
EncryptionData securityCloud security controlsData at rest and in transit

PreviousPage 15 of 18Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.