Browse Exams Pricing

ExamsCCSPQuestions

CCSP Exam Questions

876 real CCSP exam questions with expert-verified answers and explanations. Page 5 of 18.

Question #209Cloud Concepts, Architecture and Design
What is a form of cloud storage where data is stored as objects, arranged in a hierarchal structure, like a file tree?
Cloud storageObject storageData storageCloud services
Question #210Legal, Risk and Compliance
Administrative penalties for violating the General Data Protection Regulation (GDPR) can range up to ____________.
GDPRData Protection PenaltiesRegulatory Compliance
Question #211Cloud Concepts, Architecture and Design
What is a cloud storage architecture that manages the data in caches of copied content close to locations of high demand?
CDNCloud Storage ArchitectureCachingContent Delivery
Question #212Legal, Risk and Compliance
Which of the following is the best example of a key component of regulated PII?
PIIData PrivacyBreach NotificationCompliance
Question #213Cloud Data Security
Which key storage solution would be the BEST choice in a situation where availability might be of a particular concern?
Key StorageAvailabilityKey ManagementHSM
Question #214Cloud Platform & Infrastructure Security
Which of the following is a method for apportioning resources that involves prioritizing resource requests to resolve contention situations?
Resource ManagementCloud Resource AllocationResource ContentionShares
Question #215Cloud Data Security
A process for __________ can aid in protecting against data disclosure due to lost devices.
Data Loss PreventionCredential ManagementAccess ControlLost Device Security
Question #216Cloud Concepts, Architecture and Design
A federated identity system is composed of three main components. Which of the following is NOT one of the three main components?
Federated IdentityIdentity ManagementIdentity ProviderRelying Party
Question #217Cloud Concepts, Architecture and Design
Which cloud service category brings with it the most expensive startup costs, but also the lowest costs for ongoing support and maintenance staff?
Cloud Service ModelsSaaSCloud Cost ManagementShared Responsibility Model
Question #218Cloud Application Security
Which one of the following is not one of the three common threat modeling techniques?
Threat modelingSecurity analysisApplication securityRisk assessment
Question #219Cloud Data Security
Which cloud service category is MOST likely to use a client-side key management system?
Client-side encryptionKey managementSaaS securityCloud service models
Question #220Legal, Risk and Compliance
Under EU law, a cloud customer who gives sensitive data to a cloud provider is still legally responsible for the damages resulting from a data breach caused by the provider; the EU...
Due DiligenceCloud Customer ResponsibilityLegal ResponsibilityThird-Party Risk Management
Question #221Legal, Risk and Compliance
Which ISO standard refers to addressing security risks in a supply chain?
ISO standardsSupply chain securityRisk managementCompliance
Question #222Cloud Security Operations
When an organization implements an SIEM solution and begins aggregating event data, the configured event sources are only valid at the time it was configured. Application modificat...
SIEMSecurity OperationsEvent ManagementContinuous Optimization
Question #223Legal, Risk and Compliance
Which of the following are contractual components that the CSP should review and understand fully when contracting with a cloud service provider? (Choose two.)
Cloud contractsVendor managementData processingSubcontractor agreements
Question #224Cloud Data Security
TLS uses ___________ to authenticate a connection and create a shared secret for the duration of the session.
TLSX.509 certificatesAuthenticationCryptography
Question #225Cloud Data Security
The final phase of the cloud data lifecycle is the destroy phase, where data is ultimately deleted and done so in a secure manner to ensure it cannot be recovered or reconstructed....
Cloud Data LifecycleData DestructionSaaS SecurityCloud Service Models
Question #226Cloud Application Security
What type of device is often leveraged to assist legacy applications that may not have the programmatic capability to process assertions from modern web services?
XML acceleratorLegacy application integrationWeb service securityIdentity assertions
Question #227Legal, Risk and Compliance
What is the federal agency that accepts applications for new patents?
Federal agenciesIntellectual propertyPatentsCompliance
Question #228Cloud Concepts, Architecture and Design
Limits for resource utilization can be set at different levels within a cloud environment to ensure that no particular entity can consume a level of resources that impacts other cl...
Resource limitsCloud resource managementVirtualizationCloud architecture
Question #229Cloud Platform & Infrastructure Security
You are the security manager for a company that is considering cloud migration to an IaaS environment. You are assisting your company's IT architects in constructing the environmen...
Cloud InfrastructureVirtualization SecurityHypervisor TypesIaaS Architecture
Question #230Cloud Platform and Infrastructure Security
Your organization is developing software for wide use by the public. You have decided to test it in a cloud environment, in a PaaS model. Which of the following should be of partic...
PaaS securityShared responsibility modelSupply chain securityPlatform integrity
Question #231Cloud Concepts, Architecture and Design
The tasks performed by the hypervisor in the virtual environment can most be likened to the tasks of the ________ in the legacy environment.
HypervisorVirtualizationCloud InfrastructureCore Components
Question #232Cloud Platform & Infrastructure Security
All of the following are activities that should be performed when capturing and maintaining an accurate, secure system baseline, except ____________.
System BaselinesConfiguration ManagementSecurity OperationsBaseline Maintenance
Question #233Legal, Risk and Compliance
Which of the following report is most aligned with financial control audits?
SOC ReportsCompliance AuditsFinancial ControlsService Organization Controls
Question #234Cloud Concepts, Architecture and Design
Your organization has made it a top priority that any cloud environment being considered to host production systems have guarantees that resources will always be available for allo...
Cloud resource managementResource availabilitySLACloud reservations
Question #235Cloud Security Operations
Which of the following is not typically included in the list of critical assets specified for continuity during BCDR contingency operations?
BCDRCritical AssetsContingency PlanningAsset Identification
Question #236Cloud Data Security
Which of the following data protection methodologies maintains the ability to connect back values to the original values?
TokenizationData protection methodologiesData reversibility
Question #237Cloud Concepts, Architecture and Design
You are the data manager for a retail company; you anticipate a much higher volume of sales activity in the final quarter of each calendar year than the other quarters. In order to...
Cloud burstingHybrid cloudScalabilityCloud deployment models
Question #238Cloud Data Security
Which of the following tools might be useful in data discovery efforts that are based on content analysis?
Data Loss PreventionDLPData DiscoveryContent Analysis
Question #239Cloud Data Security
You are the security manager for an online retail sales company with 100 employees and a production environment hosted in a PaaS model with a major cloud provider. Your company pol...
BYODAPI SecurityData IntegrityRisk Management
Question #240Cloud Platform & Infrastructure Security
The use of which of the following technologies will NOT require the security dependency of an operating system, other than its own?
Hypervisor typesVirtualization securityCloud infrastructureSecurity dependencies
Question #241Cloud Concepts, Architecture and Design
Which of the following types of organizations is most likely to make use of open source software technologies?
Open Source SoftwareOrganizational AdoptionSoftware Selection
Question #242Cloud Data Security
According to the (ISC)2 Cloud Secure Data Life Cycle, which phase comes soon after (or at the same time as) the Create phase?
Cloud Data LifecycleData Security Phases(ISC)2 Data Life Cycle
Question #243Cloud Concepts, Architecture and Design
When an organization considers cloud migrations, the organization's software developers will need to know which _______ and _______ which the organization will be using, in order t...
Cloud Service ModelsCloud Deployment ModelsApplication DevelopmentCloud Migrations
Question #244Cloud Data Security
Who will determine data classifications for the cloud customer?
Data ClassificationCloud Customer ResponsibilitiesData OwnershipShared Responsibility Model
Question #245Legal, Risk and Compliance
Every cloud service provider that opts to join the CSA STAR program registry must complete a ___________.
CSA STARCAIQCloud ComplianceVendor Assessment
Question #246Cloud Concepts, Architecture and Design
Which concept of cloud computing pertains to the ability to reuse components and services of an application for other purposes?
Cloud ConceptsInteroperabilityCloud Service AttributesApplication Reuse
Question #247Legal, Risk and Compliance
Gap analysis is performed for what reason?
Gap AnalysisBenchmarkingRisk ManagementCompliance
Question #248Legal, Risk and Compliance
You have been tasked with creating an audit scope statement and are making your project outline. Which of the following is NOT typically included in an audit scope statement?
Audit Scope StatementAudit PlanningComplianceGovernance
Question #249Cloud Concepts, Architecture and Design
Different types of cloud deployment models use different types of storage from traditional data centers, along with many new types of software platforms for deploying applications...
Cloud StorageStorage TypesContainerizationCloud Architecture
Question #250Legal, Risk and Compliance
Who is ultimately responsible for a data breach that includes personally identifiable information (PII), in the event of negligence on the part of the cloud provider?
Shared Responsibility ModelData Breach LiabilityPII ProtectionCloud Governance
Question #251Legal, Risk and Compliance
Which of the following is not a reason for conducting audits?
AuditsAudit objectivesRegulatory complianceSecurity assurance
Question #252Cloud Concepts, Architecture and Design
Which of the following best describes a cloud carrier?
cloud carriercloud rolescloud computing concepts
Question #254Cloud Data Security
Data labels could include all the following, except:
Data classificationData labelingMetadataData governance
Question #255Legal, Risk and Compliance
Legal controls refer to which of the following?
legal controlscompliancelaws and regulationsgovernance
Question #256Cloud Data Security
Cloud environments pose many unique challenges for a data custodian to properly adhere to policies and the use of data. What poses the biggest challenge for a data custodian with a...
Cloud Service ModelsShared ResponsibilityData CustodianshipPaaS Security
Question #257Legal, Risk and Compliance
A typical DLP tool can enhance the organization's efforts at accomplishing what legal task?
DLPEvidence collectionLegal implicationsCompliance
Question #258Legal, Risk and Compliance
Who should be the only entity allowed to declare that an organization can return to normal following contingency or BCDR operations?
Business ContinuityDisaster RecoveryOrganizational RolesGovernance
Question #259Cloud Data Security
When using transparent encryption of a database, where does the encryption engine reside?
Database SecurityTransparent Data EncryptionEncryption at RestData Protection

PreviousPage 5 of 18Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.