CCSP ISC2 Exam Questions and Free Practice Test

Question 31

- (Exam Topic 2)
Which one of the following is not one of the three common threat modeling techniques? Response:

A. Focused on assets

B. Focused on attackers

C. Focused on software

D. Focused on social engineering

Correct Answer:D

Question 32

- (Exam Topic 1)
Who should be the only entity allowed to declare that an organization can return to normal following contingency or BCDR operations?
Response:

A. Regulators

B. Law enforcement

C. The incident manager

D. Senior management

Correct Answer:D

Question 33

- (Exam Topic 2)
Why does the physical location of your data backup and/or BCDR failover environment matter? Response:

A. It may affect regulatory compliance

B. Lack of physical security

C. Environmental factors such as humidity

D. It doesn’t matte

E. Data can be saved anywhere without consequence

Correct Answer:A

Question 34

- (Exam Topic 2)
Which of the following is NOT a common component of a DLP implementation process? Response:

A. Discovery

B. Monitoring

C. Revision

D. Enforcement

Correct Answer:C

Question 35

- (Exam Topic 1)
Which of the following is not one of the defined security controls domains within the Cloud Controls Matrix, published by the Cloud Security Alliance?
Response:

A. Financial

B. Human resources

C. Mobile security

D. Identity and access management

Correct Answer:A

Question 36

- (Exam Topic 3)
The Brewer-Nash security model is also known as which of the following? Response:

A. MAC

B. The Chinese Wall model

C. Preventive measures

D. RBAC

Correct Answer:B

START CCSP EXAM