CCSP ISC2 Exam Questions and Free Practice Test

Question 67

- (Exam Topic 2)
An audit against the ______ will demonstrate that an organization has ¬adequate security controls to meet its ISO 27001 requirements.
Response:

A. SAS 70 standard

B. SSAE 16 standard

C. ISO 27002 certification criteria

D. NIST SP 800-53

Correct Answer:C

Question 68

- (Exam Topic 1)
You are the security manager for an online retail sales company with 100 employees and a production environment hosted in a PaaS model with a major cloud provider.
Your company policies have allowed for a BYOD workforce that work equally from the company offices and their own homes or other locations. The policies also allow users to select which APIs they install and use on their own devices in order to access and manipulate company data.
Of the following, what is a security control you’d like to implement to offset the risk(s) incurred by this practice?

A. Regular and widespread integrity checks on sampled data throughout the managed environment

B. More extensive and granular background checks on all employees, particularly new hires

C. Inclusion of references to all applicable regulations in the policy documents

D. Increased enforcement of separation of duties for all workflows

Correct Answer:A

Question 69

- (Exam Topic 2)
What are the phases of a software development lifecycle process model? Response:

A. Planning and requirements analysis, define, design, develop, testing, and maintenance

B. Define, planning and requirements analysis, design, develop, testing, and maintenance

C. Planning and requirements analysis, define, design, testing, develop, and maintenance

D. Planning and requirements analysis, design, define, develop, testing, and maintenance

Correct Answer:A

Question 70

- (Exam Topic 1)
You are the security manager of a small firm that has just purchased a DLP solution to implement in your cloud-based production environment.
In order to increase the security value of the DLP, you should consider combining it with ______.
Response:

A. Digital rights management (DRM) and security event and incident management (SIEM) tools

B. An investment in upgraded project management software

C. Digital insurance policies

D. The Uptime Institute’s Tier certification

Correct Answer:A

Question 71

- (Exam Topic 1)
All of the following are usually nonfunctional requirements except ______.
Response:

A. Color

B. Sound

C. Security

D. Function

Correct Answer:D

Question 72

- (Exam Topic 3)
When a customer performs a penetration test in the cloud, why isn’t the test an optimum simu-lation of attack conditions?
Response:

A. Attackers don’t use remote access for cloud activity

B. Advanced notice removes the element of surprise

C. When cloud customers use malware, it’s not the same as when attackers use malware

D. Regulator involvement changes the attack surface

Correct Answer:B

START CCSP EXAM