CCSP Practice tests questions &
answers 2023/2024
Data Labels - ANSWER-does not include data value, since it is prone to change frequently, and because it
might not be information we want to disclose to anyone who does not have need to know.
New factors related to data breach - ANSWER-Legal liability can't be transferred to the cloud provider
Vendor lock-in - ANSWER-the term used to describe loss of access to data because the cloud provider
has ceased operation
IaaS - ANSWER-In IaaS, the cloud provider only owns the hardware and supplies the utilities. The
customer is responsible for the OS, programs, and data. In PaaS and SaaS, the provider also owns the OS.
Statutory compliance - ANSWER-There are no written laws that require a cloud customer to remain with
a certain cloud provider
IaaS - ANSWER-In IaaS, the service is bare metal, and the customer has to install the OS and the
software; the customer then is responsible for maintaining that OS. In the other models, the provider
installs and maintains the OS.
Data Masking - ANSWER-Data masking does not support authentication in any way.
ITAR - ANSWER-International Traffic in Arms Regulations. ITAR is a department of State program.
Evaluation assurance levels are part of the Common Criteria standard from ISO.
EAR - ANSWER-EAR is a Commerce Department program.
Crypto keys - ANSWER-Cryptographic keys should not be stored along with the data they secure,
regardless of key length. We don't split crypto keys or generate redundant keys (doing so would violate
the principle of secrecy necessary for keys to serve their purpose).
,MFA - ANSWER-is pointless in key management.
Data archiving - ANSWER-Archive location, back up process, data formats should be considered.
Cloud forensics - ANSWER-Analysis, eDiscovery, Chain of Custody
Doors - ANSWER-Door is not necessarily a control: the lock on the door would be a physical security
control.
Measured service - ANSWER-Measure service is where cloud services are delivered and billed in a
metered way, where the cloud customer only pays for those that they actually use, and for the duration
of time that they use them.
Governance - ANSWER-Governance at its core is the idea of assigning jobs, takes, roles, and
responsibilities and ensuring they are satisfactory performed.
Data processor - ANSWER-In legal terms, when "data processor" is defined, it refers to anyone who
stores, handles, moves, or manipulates data on behalf of the data owner or controller. In the cloud
computing realm, this is the cloud provider.
Key Mgmt - ANSWER-When key management system is outside of the cloud environment hosting the
application, availability is a primary concern because any access issues with the encryption keys will
render the entire application unusable.
Masking - ANSWER-Masking involves replacing specific data within a data set with new values. For
example, with credit cards, as most who have ever purchased anything online can attest, nearly the
entire credit card number is masked with a character such as an asterisk, with the last four digits left
visible for identification and confirmation
Create Data phase - ANSWER-Although the initial phase is called "create", it can also refer to
modification. In essence, anytime data is considered "new", it is in the create phase. This can come from
data that is newly created, data that is imported into a system and is new to that system, or data that is
, already present and modified into new form or value. Modifying the metadata does not change the
actual data.
Recoverability - ANSWER-In order for any archiving system to be deemed useful and compliant, regular
tests must be performed to ensure the data can still be recovered and accessible. Should it ever be
needed, for the duration of the retention requirements.
Location - ANSWER-Is the biggest challenge to data discovery in a cloud environment.
Trust zones - ANSWER-Trust zones can be implemented to separate systems or terms along logical lines
for great security and access controls. Each zone can then have its own security controls and monitoring
based on its particular needs.
Type 2 hypervisor - ANSWER-A Type 2 hypervisor differs from a Type 1 hypervisor in that it runs on top of
another operating system rather than directly tied into the underlying hardware of the virtual host
servers. With this type of implementation, additional security and architecture concerns come into play
because the interaction and control over the underlying hardware, which means that some performance
will be lost due to the operating system in the middle needing its own resources, patching requirements,
and operational oversight
VLANs - ANSWER-A virtual area network (VLAN) can span any networks within a data center, or it can
span across different physical and data centers. They are not restricted to the same data center or the
same racks.
Object - ANSWER-Object storage uses a flat structure with key values to store and access objects
REST API - ANSWER-Any API that uses Representational State Transfer (REST), which means that the two
programs, on separate computers, use HTTP messages to request and transfer data. It supports caching
while SOAP does not. JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the
most commonly used data formats for the Representational State Transfer (REST) API, and are typically
implemented with caching for increased scalability and performance.
Cross-Site Scripting (XSS) - ANSWER-Cross-site scripting (XSS) is an attack where a malicious actor is able
to send untrusted data to a user's browser without going through any validation or sanitization
processes or where the code is not properly escaped from processing by the browser. The code is then
answers 2023/2024
Data Labels - ANSWER-does not include data value, since it is prone to change frequently, and because it
might not be information we want to disclose to anyone who does not have need to know.
New factors related to data breach - ANSWER-Legal liability can't be transferred to the cloud provider
Vendor lock-in - ANSWER-the term used to describe loss of access to data because the cloud provider
has ceased operation
IaaS - ANSWER-In IaaS, the cloud provider only owns the hardware and supplies the utilities. The
customer is responsible for the OS, programs, and data. In PaaS and SaaS, the provider also owns the OS.
Statutory compliance - ANSWER-There are no written laws that require a cloud customer to remain with
a certain cloud provider
IaaS - ANSWER-In IaaS, the service is bare metal, and the customer has to install the OS and the
software; the customer then is responsible for maintaining that OS. In the other models, the provider
installs and maintains the OS.
Data Masking - ANSWER-Data masking does not support authentication in any way.
ITAR - ANSWER-International Traffic in Arms Regulations. ITAR is a department of State program.
Evaluation assurance levels are part of the Common Criteria standard from ISO.
EAR - ANSWER-EAR is a Commerce Department program.
Crypto keys - ANSWER-Cryptographic keys should not be stored along with the data they secure,
regardless of key length. We don't split crypto keys or generate redundant keys (doing so would violate
the principle of secrecy necessary for keys to serve their purpose).
,MFA - ANSWER-is pointless in key management.
Data archiving - ANSWER-Archive location, back up process, data formats should be considered.
Cloud forensics - ANSWER-Analysis, eDiscovery, Chain of Custody
Doors - ANSWER-Door is not necessarily a control: the lock on the door would be a physical security
control.
Measured service - ANSWER-Measure service is where cloud services are delivered and billed in a
metered way, where the cloud customer only pays for those that they actually use, and for the duration
of time that they use them.
Governance - ANSWER-Governance at its core is the idea of assigning jobs, takes, roles, and
responsibilities and ensuring they are satisfactory performed.
Data processor - ANSWER-In legal terms, when "data processor" is defined, it refers to anyone who
stores, handles, moves, or manipulates data on behalf of the data owner or controller. In the cloud
computing realm, this is the cloud provider.
Key Mgmt - ANSWER-When key management system is outside of the cloud environment hosting the
application, availability is a primary concern because any access issues with the encryption keys will
render the entire application unusable.
Masking - ANSWER-Masking involves replacing specific data within a data set with new values. For
example, with credit cards, as most who have ever purchased anything online can attest, nearly the
entire credit card number is masked with a character such as an asterisk, with the last four digits left
visible for identification and confirmation
Create Data phase - ANSWER-Although the initial phase is called "create", it can also refer to
modification. In essence, anytime data is considered "new", it is in the create phase. This can come from
data that is newly created, data that is imported into a system and is new to that system, or data that is
, already present and modified into new form or value. Modifying the metadata does not change the
actual data.
Recoverability - ANSWER-In order for any archiving system to be deemed useful and compliant, regular
tests must be performed to ensure the data can still be recovered and accessible. Should it ever be
needed, for the duration of the retention requirements.
Location - ANSWER-Is the biggest challenge to data discovery in a cloud environment.
Trust zones - ANSWER-Trust zones can be implemented to separate systems or terms along logical lines
for great security and access controls. Each zone can then have its own security controls and monitoring
based on its particular needs.
Type 2 hypervisor - ANSWER-A Type 2 hypervisor differs from a Type 1 hypervisor in that it runs on top of
another operating system rather than directly tied into the underlying hardware of the virtual host
servers. With this type of implementation, additional security and architecture concerns come into play
because the interaction and control over the underlying hardware, which means that some performance
will be lost due to the operating system in the middle needing its own resources, patching requirements,
and operational oversight
VLANs - ANSWER-A virtual area network (VLAN) can span any networks within a data center, or it can
span across different physical and data centers. They are not restricted to the same data center or the
same racks.
Object - ANSWER-Object storage uses a flat structure with key values to store and access objects
REST API - ANSWER-Any API that uses Representational State Transfer (REST), which means that the two
programs, on separate computers, use HTTP messages to request and transfer data. It supports caching
while SOAP does not. JavaScript Object Notation (JSON) and Extensible Markup Language (XML) are the
most commonly used data formats for the Representational State Transfer (REST) API, and are typically
implemented with caching for increased scalability and performance.
Cross-Site Scripting (XSS) - ANSWER-Cross-site scripting (XSS) is an attack where a malicious actor is able
to send untrusted data to a user's browser without going through any validation or sanitization
processes or where the code is not properly escaped from processing by the browser. The code is then
