CCSP: Certified Cloud Security Professional Sample Questions
Question 1. Which of the following roles is responsible for developing components of the cloud and for testing and validating its services?
- A. Cloud auditor
- B. Inter-cloud provider
- C. Cloud service broker
- D. Cloud service developer
Correct Answer: D
Explanation: The cloud service developer develops and creates cloud components and services as well as tests and validates those services.
Question 2. Where can we find information about how to secure a physical asset’s BIOS?
- A. Security policies
- B. Manual pages
- C. Vendor documentation
- D. Regulations
Correct Answer: C
Explanation: The best source of information about securing a BIOS is the vendor documentation provided by the manufacturer of the physical hardware.
Question 3. What does not constitute contractually derived PII?
- A. Scope of processing
- B. Value of data
- C. Location of data
- D. Use of subcontractors
Correct Answer: C
Explanation: Data’s value does not depend on it being considered a contractual element
Question 4. What concept refers to a customer paying for only the resources and offerings he or she consumes in a cloud environment, for the duration for which they use them?
- A. Consumable service
- B. Measured service
- C. Billable service
- D. Metered service
Correct Answer: B
Explanation: Cloud services are delivered and billed according to a metered model, where the cloud customer only pays for the services they actually use, and for the period of time in which they use them.
Question 5. What role within an organization involves testing, monitoring, and securing cloud services?
- A. Cloud service integrator
- B. Cloud service business manager
- C. Cloud service user
- D. Cloud service administrator
Correct Answer: D
Explanation: Cloud service administrators must test and monitor cloud services, administer security for cloud services, provide usage reports, and resolve problems related to cloud services
Question 6. What is the only data format supported by the SOAP API?
- A. HTML
- B. SAML
- C. XSML
- D. XML
Correct Answer: D
Explanation: XML is the only data format supported by the SOAP protocol.
Question 7. What is the most common data format used by the REST API?
- A. JSON and SAML
- B. XML and SAML
- C. XML and JSON
- D. SAML and HTML
Correct Answer: C
Explanation: Representational State Transfer (REST) APIs typically use JavaScript Object Notation (JSON) and Extensible Markup Language (XML), which are typically implemented with caching for enhanced scalability and performance.
Question 8. What threat type involves an application that fails to validate authorization for portions of itself after the initial check?
- A. Injection
- B. Missing function-level access control
- C. Cross-site request forgery
- D. Cross-site scripting
Correct Answer: B
Explanation: An application must conduct checks whenever a function or portion of it is accessed to ensure the user has the proper authorization to access it. A hacker could forge requests to access portions of the application without authorization if there is not a continuous check each time a function is accessed.
Question 9. In a cloud environment, which role is responsible for overseeing the billing, purchasing, and requesting audit reports for an organization?
- A. Cloud service user
- B. Cloud service business manager
- C. Cloud service administrator
- D. Cloud service integrator
Correct Answer: B
Explanation: Business and billing management, purchasing cloud services, and audit requests are the responsibilities of the manager of cloud services
Question 10. In terms of hosting a key management system outside a cloud environment, what is the biggest concern?
- A. Confidentiality
- B. Portability
- C. Availability
- D. Integrity
Correct Answer: C
Explanation: It is important to ensure the key management system is available when the application is hosted outside of the cloud environment. Any access issues with the encryption keys will make the entire application unusable.
Question 11. Among the following approaches, which is NOT deemed sufficient to meet secure data destruction requirements in the cloud?
- A. Cryptographic erasure
- B. Zeroing
- C. Overwriting
- D. Deletion
Correct Answer: D
Explanation: Delete does nothing to remove and sanitize the data; it only removes the pointers. This results in the data being recoverable, and it is necessary to implement more secure methods to ensure it was destroyed and cannot be recovered.
Question 12. Which of the following cloud aspects complicates the process of eDiscovery?
- A. Resource pooling
- B. On-demand self-service
- C. Multitenancy
- D. Measured service
Correct Answer: C
Explanation: Data collection resulting from multitenancy becomes more complicated since only customers or systems that fall within scope are turned over to the requesting authority.
Question 13. In order to perform administrative functions on hypervisors it has access to, what does the management plane normally use?
- A. Scripts
- B. RDP
- C. APIs
- D. XML
Correct Answer: C
Explanation: Management plane functions are typically exposed as remote calls and function executions and as APIs. In most cases, APIs are leveraged through either a client or a web portal.
Question 14. When it comes to complying with international operations, what is a serious challenge?
- A. Different certifications
- B. Multiple jurisdictions
- C. Different capabilities
- D. Different operational procedures
Correct Answer: B
Explanation: A security professional operating within a global framework runs into a multitude of jurisdictions and requirements, which are often in conflict or not clearly applicable.
Among these requirements are the location of users and the type of data they enter into systems, the laws governing the organization that owns the application and any regulatory requirements that they have, and the laws and regulations of the jurisdictions where the IT resources are located and where the data is actually stored.
Question 15. How can IP spaces be segregated and isolated in a cloud environment?
- A. PLAN
- B. WAN
- C. LAN
- D. VLAN
Correct Answer: D
Explanation: VLANs provide enhanced security and control by logically separating and isolating networks and IP spaces.
Question 16. A data center cabling design and setup is primarily governed by which of the following standards?
- A. IDCA
- B. BICSI
- C. NFPA
- D. Uptime Institute
Correct Answer: B
Explanation: BICSI standards cover complex cabling designs and configurations in data centers as well as power, energy efficiency, and hot/cold aisles.
Question 17. As far as tiers and topologies are concerned, which of the following publishes the popular data center design standard?
- A. IDCA
- B. Uptime Institute
- C. NFPA
- D. BICSI
Correct Answer: B
Question 18. For multitenancy purposes in a cloud environment, what kind of segregation and separation of resources are needed instead of a traditional data center model?
- A. Virtual
- B. Security
- C. Physical
- D. Logical
Correct Answer: D
Explanation: In cloud environments, resources cannot be physically separated like in a traditional data center. As a result, cloud computing employs logical segregation concepts. VLANs, sandboxing, and firewalls are examples of virtual network devices.
Question 19. Which United States law focuses on privacy and health records?
- A. Safe Harbor
- B. SOX
- C. GLBA
- D. HIPAA
Correct Answer: D
Explanation: Under the Health Insurance Portability and Accountability Act (HIPAA), the US Federal Department of Health and Human Services is responsible for publishing and enforcing regulations relating to electronic health records and identifiers between patients, providers, and insurance companies. Rather than focusing on the specific technologies used, insofar as they meet the requirements of the regulations, it focuses on security controls and confidentiality of medical records.
Question 20. Data centers use what type of physical access to their hardware locally?
- A. SSH
- B. KVM
- C. VPN
- D. RDP
Correct Answer: B
Explanation: KVM (keyboard, video, mouse) switches are used in data centers for local, physical access.
