CCSP Certified Cloud Security Professional Practice Questions Bank
With 3 practice exams, each of which is timed at 200 minutes with a 200 questions with detailed explanation, just like the official certification exam
Topics: CCSP domains studied under this certification
Domain 1: Cloud Concepts, Architecture, and Design 17%
Domain 2: Cloud Data Security 19%
Domain 3: Cloud Platform and Infrastructure Security 17%
Domain 4: Cloud Application Security 17%
Domain 5: Cloud Security Operations 17%
Domain 6: Legal, Risk, and Compliance 13%
Total Questions Count: 502
Exams Count: 3
Explanation: Yes, Detailed Explanation
Length of exam: 200 minutes
Number of questions:200
Exam language availability: English
Passing grade: 70%
Questions:
Data centers have enormous power resources that are distributed and consumed throughout the entire facility.Which of the following standards pertains to the proper fire safety standards within that scope?
A) IDCA
B) BICSI
C) NFPA
D) Uptime Institute
Explanation: The National Fire Protection Association (NFPA) publishes a broad range of fire safety and design standards for many different types of facilities. Building IndustryConsulting Services International (BICSI) issues certifications for data center cabling. The Uptime Institute publishes the most widely known and used standard for data center topologies and tiers. The International Data Center Authority (IDCA) offers the Infinity Paradigm, which takes a macro-level approach to data center design.
Which of the following threat types involves an application that does not validate authorization for portions of itself beyond when the user first enters it?
A) Cross-site request forgery
B) Missing function-level access control
C) Injection
D) Cross-site scripting
Explanation: It is imperative that applications do checks when each function or portion of the application is accessed to ensure that the user is properly authorized. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted. An injection attack is where a malicious actor sends commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries. Cross-site scripting occurs when an attacker is able to send untrusted data to a user's browser without going through validation processes. Cross-site request forgery occurs when an attack forces an authenticated user to send forged requests to an application running under their own access and credentials.
Clustered systems can be used to ensure high availability and load balancing across individual systems through a variety of methodologies.What process is used within a clustered system to ensure proper load balancing and to maintain the health of the overall system to provide high availability?
A) Distributed clustering
B) Distributed balancing
C) Distributed optimization
D) Distributed resource scheduling
Explanation: Distributed resource scheduling (DRS) is used within all clustered systems as the method for providing high availability, scaling, management, workload distribution, and the balancing of jobs and processes. None of the other choices is the correct term in this case.
