• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • CCSP Dumps PDF
  • 512 Questions
  • Updated On May 21, 2024

PDF + Test Engine

$60.00 Free Updates Upto 90 Days

  • CCSP Question Answers
  • 512 Questions
  • Updated On May 21, 2024

Test Engine

$50.00 Free Updates Upto 90 Days

  • CCSP Practice Questions
  • 512 Questions
  • Updated On May 21, 2024
Check Our Free ISC CCSP Online Test Engine Demo.

How to pass ISC CCSP exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest ISC CCSP Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know ISC CCSP Dumps are Worth it?

Did we mention our latest CCSP Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just ISC Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Certified Cloud Security Professional (CCSP) Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Certified Cloud Security Professional (CCSP) Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get CCSP Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the CCSP exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

ISC CCSP Exam Overview:

Aspect Details
Detail Information
Exam Name ISC CCSP
Exam Cost $549 USD
Total Time 4 hours
Available Languages English, Japanese
Passing Marks 700 out of 1000
Exam Format Multiple Choice
Exam Provider ISC2

ISC Certified Cloud Security Professional (CCSP) Exam Topics Breakdown

Domain Weight (%) Description
Cloud Concepts, Architecture, and Design 25% Understand cloud computing concepts, cloud reference architecture, cloud service delivery models
Cloud Data Security 20% Implement data discovery and classification technologies, implement data encryption controls
Cloud Platform & Infrastructure Security 25% Manage identity and access management in cloud environments, implement security controls for cloud infrastructure
Cloud Application Security 15% Implement security controls for cloud applications, integrate security controls within the software development lifecycle
Cloud Security Operations 15% Implement cloud security incident management, implement cloud security monitoring and alerting
ISC CCSP Sample Question Answers

Question # 1

With a federated identity system, where would a user perform their authentication when requesting services or application access?

A. Cloud provider 
B. The application 
C. Their home organization 
D. Third-party authentication system 

Question # 2

Three central concepts define what type of data and information an organization is responsible for pertaining to eDiscovery. Which of the following are the three components that comprise required disclosure?

A. Possession, ownership, control 
B. Ownership, use, creation 
C. Control, custody, use 
D. Possession, custody, control 

Question # 3

If a cloud computing customer wishes to guarantee that a minimum level of resources will always be available, which of the following set of services would compromise the reservation? 

A. Memory and networking 
B. CPU and software 
C. CPU and storage 
D. CPU and memory 

Question # 4

With a cloud service category where the cloud customer is responsible for deploying all services, systems, and components needed for their applications, which of the following storage types are MOST likely to be available to them?

A. Structured and hierarchical 
B. Volume and object 
C. Volume and database 
D. Structured and unstructured 

Question # 5

DNSSEC was designed to add a layer of security to the DNS protocol. Which type of attack was the DNSSEC extension designed to mitigate?

A. Account hijacking 
B. Snooping 
C. Spoofing 
D. Data exposure 

Question # 6

Modern web service systems are designed for high availability and resiliency. Which concept pertains to the ability to detect problems within a system, environment, or application and programmatically invoke redundant systems or processes for mitigation?

A. Elasticity 
B. Redundancy 
C. Fault tolerance 
D. Automation 

Question # 7

During which phase of the cloud data lifecycle is it possible for the classification of data to change?

A. Use 
B. Archive 
C. Create 
D. Share 

Question # 8

In order to comply with regulatory requirements, which of the following secure erasure methods would be available to a cloud customer using volume storage within the IaaS service model? 

A. Demagnetizing 
B. Shredding 
C. Degaussing 
D. Cryptographic erasure

Question # 9

In order to prevent cloud customers from potentially consuming enormous amounts of resources within a cloud environment and thus having a negative impact on other customers, what concept is commonly used by a cloud provider?

A. Limit 
B. Cap 
C. Throttle 
D. Reservation 

Question # 10

Which data state would be most likely to use digital signatures as a security protection mechanism?

A. Data in use 
B. Data in transit 
C. Archived 
D. Data at rest 

Question # 11

If you are running an application that has strict legal requirements that the data cannot reside on systems that contain other applications or systems, which aspect of cloud computing would be prohibitive in this case? 

A. Multitenancy 
B. Broad network access 
C. Portability 
D. Elasticity 

Question # 12

Which of the following aspects of cloud computing would make it more likely that a cloud provider would be unwilling to satisfy specific certification requirements?

A. Regulation 
B. Multitenancy 
C. Virtualization 
D. Resource pooling 

Question # 13

Different certifications and standards take different approaches to data center design and operations. Although many traditional approaches use a tiered methodology, which of the following utilizes a macro-level approach to data center design? 

A. IDCA 
B. BICSI 
C. Uptime Institute 
D. NFPA 

Question # 14

Where is a DLP solution generally installed when utilized for monitoring data at rest? 

A. Network firewall 
B. Host system 
C. Application server 
D. Database server 

Question # 15

Which of the following threat types involves the sending of invalid and manipulated requests through a user's client to execute commands on the application under their own credentials? 

A. Injection 
B. Cross-site request forgery 
C. Missing function-level access control 
D. Cross-site scripting

Question # 16

Configurations and policies for a system can come from a variety of sources and take a variety of formats. Which concept pertains to the application of a set of configurations and policies that is applied to all systems or a class of systems? 

A. Hardening 
B. Leveling 
C. Baselines 
D. Standards 

Question # 17

Which aspect of cloud computing pertains to cloud customers only paying for the resources and services they actually use? 

A. Metered service 
B. Measured billing 
C. Metered billing 
D. Measured service 

Question # 18

Along with humidity, temperature is crucial to a data center for optimal operations and protection of equipment. Which of the following is the optimal temperature range as set by ASHRAE?

A. 69.8 to 86.0 degrees Fahrenheit (21 to 30 degrees Celsius) 
B. 51.8 to 66.2 degrees Fahrenheit (11 to 19 degrees Celsius) 
C. 64.4 to 80.6 degrees Fahrenheit (18 to 27 degrees Celsius) 
D. 44.6 to 60.8 degrees Fahrenheit (7 to 16 degrees Celsius)

Question # 19

Clustered systems can be used to ensure high availability and load balancing across individual systems through a variety of methodologies. What process is used within a clustered system to ensure proper load balancing and to maintain the health of the overall system to provide high availability?

A. Distributed clustering 
B. Distributed balancing 
C. Distributed optimization 
D. Distributed resource scheduling 

Question # 20

Many of the traditional concepts of systems and services for a traditional data center also apply to the cloud. Both are built around key computing concepts. Which of the following compromise the two facets of computing?

A. CPU and software 
B. CPU and storage 
C. CPU and memory 
D. Memory and networking 

Question # 21

Within a federated identity system, which of the following would you be MOST likely to use for sending information for consumption by a relying party?

A. XML 
B. HTML 
C. WS-Federation 
D. SAML 

Question # 22

Data centers have enormous power resources that are distributed and consumed throughout the entire facility. Which of the following standards pertains to the proper fire safety standards within that scope? 

A. IDCA 
B. BICSI 
C. NFPA 
D. Uptime Institute 

Question # 23

Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?

 A. Injection 
B. Missing function-level access control 
C. Cross-site scripting 
D. Cross-site request forgery 

Question # 24

One of the main components of system audits is the ability to track changes over time and to match these changes with continued compliance and internal processes. Which aspect of cloud computing makes this particular component more challenging than in a traditional data center?

A. Portability 
B. Virtualization 
C. Elasticity 
D. Resource pooling

Question # 25

Which data state would be most likely to use TLS as a protection mechanism? 

A. Data in use 
B. Data at rest 
C. Archived 
D. Data in transit 

Question # 26

Many different common threats exist against web-exposed services and applications. One attack involves attempting to leverage input fields to execute queries in a nested fashion that is unintended by the developers. What type of attack is this? 

A. Injection 
B. Missing function-level access control 
C. Cross-site scripting 
D. Cross-site request forgery 

Question # 27

With an API, various features and optimizations are highly desirable to scalability, reliability, and security. What does the REST API support that the SOAP API does NOT support?

A. Acceleration 
B. Caching 
C. Redundancy 
D. Encryption

Question # 28

Which cloud deployment model would be ideal for a group of universities looking to work together, where each university can gain benefits according to its specific needs?

A. Private 
B. Public 
C. Hybrid 
D. Community

Question # 29

There is a large gap between the privacy laws of the United States and those of the European Union. Bridging this gap is necessary for American companies to do business with European companies and in European markets in many situations, as the American companies are required to comply with the stricter requirements. Which US program was designed to help companies overcome these differences?

A. SOX 
B. HIPAA 
C. GLBA 
D. Safe Harbor

Question # 30

A crucial decision any company must make is in regard to where it hosts the data systems it depends on. A debate exists as to whether it's best to lease space in a data center or build your own data center--and now with cloud computing, whether to purchase resources within a cloud. What is the biggest advantage to leasing space in a data center versus procuring cloud services? 

A. Regulations 
B. Control 
C. Security 
D. Costs 

Question # 31

When an API is being leveraged, it will encapsulate its data for transmission back to the requesting party or service. What is the data encapsulation used with the SOAP protocol referred to as?

A. Packet 
B. Payload 
C. Object 
D. Envelope 

Question # 32

Most APIs will support a variety of different data formats or structures. However, the SOAP API will only support which one of the following data formats? 

A. XML 
B. XSLT 
C. JSON 
D. SAML 

Question # 33

Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?

A. Memory 
B. Number of users 
C. Storage 
D. CPU 

Question # 34

Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user’s valid credentials? 

A. Injection 
B. Missing function-level access control 
C. Cross-site scripting 
D. Cross-site request forgery 

Question # 35

If a key feature of cloud computing that your organization desires is the ability to scale and expand without limit or concern about available resources, which cloud deployment model would you MOST likely be considering?

A. Public 
B. Hybrid 
C. Private 
D. Community 

Question # 36

Which cloud deployment model is MOST likely to offer free or very cheap services to users? 

A. Hybrid 
B. Community 
C. Public 
D. Private 

Question # 37

When dealing with PII, which category pertains to those requirements that can carry legal sanctions or penalties for failure to adequately safeguard the data and address compliance requirements?

A. Contractual 
B. Jurisdictional 
C. Regulated 
D. Legal 

Question # 38

Which cloud service category would be most ideal for a cloud customer that is developing software to test its applications among multiple hosting providers to determine the best option for its needs?

A. DaaS 
B. PaaS 
C. IaaS 
D. SaaS 

Question # 39

The REST API is a widely used standard for communications of web-based services between clients and the servers hosting them. Which protocol does the REST API depend on? 

A. HTTP 
B. SSH 
C. SAML 
D. XML 

Question # 40

A DLP solution/implementation has three main components. Which of the following is NOT one of the three main components? 

A. Monitoring
 B. Enforcement 
C. Auditing 
D. Discovery and classification 

Question # 41

Although much of the attention given to data security is focused on keeping data private and only accessible by authorized individuals, of equal importance is the trustworthiness of the data. Which concept encapsulates this?

A. Validity 
B. Integrity 
C. Accessibility 
D. Confidentiality 

Question # 42

From a security perspective, what component of a cloud computing infrastructure represents the biggest concern? 

A. Hypervisor 
B. Management plane 
C. Object storage 
D. Encryption 

Question # 43

Which of the following roles would be responsible for managing memberships in federations and the use and integration of federated services?

 A. Inter-cloud provider 
B. Cloud service business manager 
C. Cloud service administrator 
D. Cloud service integrator 

Question # 44

If a company needed to guarantee through contract and SLAs that a cloud provider would always have available sufficient resources to start their services and provide a certain level of provisioning, what would the contract need to refer to? 

A. Limit 
B. Reservation 
C. Assurance 
D. Guarantee 

Question # 45

Which of the following threat types involves the sending of commands or arbitrary data through input fields in an application in an attempt to get that code executed as part of normal processing? 

A. Cross-site scripting 
B. Missing function-level access control 
C. Injection 
D. Cross-site forgery 

Question # 46

Which of the following service capabilities gives the cloud customer an established and maintained framework to deploy code and applications? 

A. Software 
B. Desktop 
C. Platform 
D. Infrastructure 

Question # 47

Which of the following is NOT an application or utility to apply and enforce baselines on a system? 

A. Chef 
B. GitHub 
C. Puppet 
D. Active Directory 

Question # 48

Within a federated identity system, which entity accepts tokens from the identity provider? 

A. Assertion manager 
B. Servicing party 
C. Proxy party 
D. Relying party 

Question # 49

Which phase of the cloud data lifecycle represents the first instance where security controls can be implemented?  

A. Use 
B. Share 
C. Store 
D. Create 

Question # 50

With finite resources available within a cloud, even the largest cloud providers will at times need to determine which customers will receive additional resources first. What is the term associated with this determination?

A. Weighting 
B. Prioritization 
C. Shares 
D. Scoring

Question # 51

Which of the cloud cross-cutting aspects relates to the requirements placed on the cloud provider by the cloud customer for minimum performance standards and requirements that must be met? 

A. Regulatory requirements 
B. SLAs 
C. Auditability 
D. Governance 

Question # 52

Although the REST API supports a wide variety of data formats for communications and exchange, which data formats are the most commonly used? 

A. SAML and HTML 
B. XML and SAML 
C. XML and JSON 
D. JSON and SAML 

Question # 53

Which European Union directive pertains to personal data privacy and an individual's control over their personal data? 

A. 99/9/EC 
B. 95/46/EC 
C. 2000/1/EC 
D. 2013/27001/EC 

Question # 54

Many aspects and features of cloud computing can make eDiscovery compliance more difficult or costly. Which aspect of cloud computing would be the MOST complicating factor? 

A. Measured service
B. Broad network access 
C. Multitenancy 
D. Portability 

Question # 55

Which of the following is NOT one of five principles of SOC Type 2 audits? 

A. Privacy 
B. Processing integrity 
C. Financial 
D. Security 

Question # 56

Which of the cloud cross-cutting aspects relates to the requirements placed on a system or application by law, policy, or requirements from standards? 

A. regulatory requirements 
B. Auditability 
C. Service-level agreements 
D. Governance 

Question # 57

Different types of audits are intended for different audiences, such as internal, external, regulatory, and so on. Which of the following audits are considered "restricted use" versus being for a more broad audience? 

A. SOC Type 2 
B. SOC Type 1 
C. SOC Type 3 
D. SAS-70 

Question # 58

Other than cost savings realized due to measured service, what is another facet of cloud computing that will typically save substantial costs in time and money for an organization in the event of a disaster? 

A. Broad network access 
B. Interoperability 
C. Resource pooling 
D. Portability

Question # 59

With a cloud service category where the cloud customer is provided a full application framework into which to deploy their code and services, which storage types are MOST likely to be available to them? 

A. Structured and unstructured 
B. Structured and hierarchical 
C. Volume and database 
D. Volume and object 

Question # 60

Which type of testing uses the same strategies and toolsets that hackers would use? 

A. Penetration 
B. Dynamic 
C. Static 
D. Malicious

Question # 61

Where is an XML firewall most commonly and effectively deployed in the environment? 

A. Between the application and data layers 
B. Between the presentation and application layers 
C. Between the IPS and firewall 
D. Between the firewall and application server 

Question # 62

Which of the cloud deployment models requires the cloud customer to be part of a specific group or organization in order to host cloud services within it? 

A. Community 
B. Hybrid 
C. Private 
D. Public 

Question # 63

Which cloud storage type requires special consideration on the part of the cloud customer to ensure they do not program themselves into a vendor lock-in situation? 

A. Unstructured 
B. Object 
C. Volume 
D. Structured 

Question # 64

At which stage of the BCDR plan creation phase should security be included in discussions? 

A. Define scope 
B. Analyze 
C. Assess risk 
D. Gather requirements 

Question # 65

Which aspect of SaaS will alleviate much of the time and energy organizations spend on compliance (specifically baselines)? 

A. Maintenance 
B. Licensing 
C. Standardization 
D. Development 

Question # 66

Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle? 

A. Functionality 
B. Programming languages 
C. Software platform 
D. Security requirements 

Question # 67

Which of the cloud deployment models offers the easiest initial setup and access for the cloud customer? 

A. Hybrid 
B. Community 
C. Private 
D. Public 

Question # 68

Which of the following threat types involves an application that does not validate authorization for portions of itself beyond when the user first enters it? 

A. Cross-site request forgery 
B. Missing function-level access control 
C. Injection 
D. Cross-site scripting 

Question # 69

Which entity requires all collection and storing of data on their citizens to be done on hardware that resides within their borders? 

A. Russia 
B. France 
C. Germany 
D. United States 

Question # 70

Within a SaaS environment, what is the responsibility on the part of the cloud customer in regard to procuring the software used?

A. Maintenance 
B. Licensing 
C. Development 
D. Purchasing 

Question # 71

For service provisioning and support, what is the ideal amount of interaction between a cloud customer and cloud provider? 

A. Half 
B. Full 
C. Minimal 
D. Depends on the contract 

Question # 72

Which of the following is NOT a focus or consideration of an internal audit? 

A. Certification
B. Design 
C. Costs 
D. Operational efficiency 

Question # 73

Which of the cloud cross-cutting aspects relates to the oversight of processes and systems, as well as to ensuring their compliance with specific policies and regulations? 

A. Governance 
B. Regulatory requirements 
C. Service-level agreements 
D. Auditability 

Question # 74

Implementing baselines on systems would take an enormous amount of time and resources if the staff had to apply them to each server, and over time, it would be almost impossible to keep all the systems in sync on an ongoing basis. Which of the following is NOT a package that can be used for implementing and maintaining baselines across an enterprise?

A. Puppet 
B. SCCM 
C. Chef 
D. GitHub 

Question # 75

Which of the following service capabilities gives the cloud customer the most control over resources and configurations? 

A. Desktop 
B. Platform 
C. Infrastructure 
D. Software 

Question # 76

Which cloud storage type resembles a virtual hard drive and can be utilized in the same manner and with the same type of features and capabilities? 

A. Volume 
B. Unstructured 
C. Structured 
D. Object 

Question # 77

Which of the following does NOT fall under the "IT" aspect of quality of service (QoS)? 

A. Applications 
B. Key performance indicators (KPIs) 
C. Services 
D. Security 

Question # 78

Which crucial aspect of cloud computing can be most threatened by insecure APIs? 

A. Automation 
B. Redundancy 
C. Resource pooling 
D. Elasticity 

Question # 79

Which of the following systems is used to employ a variety of different techniques to discover and alert on threats and potential threats to systems and networks? 

A. IDS 
B. IPS 
C. Firewall 
D. WAF 

Question # 80

Which value refers to the amount of data an organization would need to recover in the event of a BCDR situation in order to reach an acceptable level of operations?

 A. SRE B. RTO
 C. RPO 
D. RSL 

Question # 81

Your boss has tasked your team with getting your legacy systems and applications connected with new cloud-based services that management has decided are crucial to customer service and offerings.Which role would you be assuming under this directive? 

A. Cloud service administrator 
B. Cloud service user 
C. Cloud service integrator 
D. Cloud service business manager

Question # 82

Which data point that auditors always desire is very difficult to provide within a cloud environment? 

A. Access policy 
B. Systems architecture 
C. Baselines 
D. Privacy statement 

Question # 83

Which of the following features is a main benefit of PaaS over IaaS?

A. Location independence 
B. High-availability 
C. Physical security requirements 
D. Auto-scaling 

Question # 84

ISO/IEC has established international standards for many aspects of computing and any processes or procedures related to information technology. Which ISO/IEC standard has been established to provide a framework for handling eDiscovery processes?

A. ISO/IEC 27001 
B. ISO/IEC 27002 
C. ISO/IEC 27040 
D. ISO/IEC 27050 

Question # 85

An SLA contains the official requirements for contract performance and satisfaction between the cloud provider and cloud customer. Which of the following would NOT be a component with measurable metrics and requirements as part of an SLA? 

A. Network
 B. Users 
C. Memory 
D. CPU 

Question # 86

Although host-based and network-based IDSs perform similar functions and have similar capabilities, which of the following is an advantage of a network-based IDS over a hostbased IDS, assuming all capabilities are equal?

A. Segregated from host systems 
B. Network access 
C. Scalability 
D. External to system patching

Question # 87

From a security perspective, which of the following is a major concern when evaluating possible BCDR solutions? 

A. Access provisioning 
B. Auditing 
C. Jurisdictions 
D. Authorization 

Question # 88

The president of your company has tasked you with implementing cloud services as the most efficient way of obtaining a robust disaster recovery configuration for your production services. Which of the cloud deployment models would you MOST likely be exploring?

A. Hybrid 
B. Private 
C. Community 
D. Public 

Question # 89

Which of the following is the sole responsibility of the cloud customer, regardless of which cloud model is used? 

A. Platform 
B. Infrastructure 
C. Governance 
D. Application 

Question # 90

Which of the following would NOT be a reason to activate a BCDR strategy? 

A. Staffing loss 
B. Terrorism attack 
C. Utility disruptions 
D. Natural disaster 

Question # 91

Digital investigations have adopted many of the same methodologies and protocols as other types of criminal or scientific inquiries. What term pertains to the application of scientific norms and protocols to digital investigations?

A. Scientific 
B. Investigative 
C. Methodological 
D. Forensics 

Question # 92

In the wake of many scandals with major corporations involving fraud and the deception of investors and regulators, which of the following laws was passed to govern accounting and financial records and disclosures?

A. GLBA 
B. Safe Harbor 
C. HIPAA 
D. SOX 

Question # 93

Which of the following actions will NOT make data part of the create phase of the cloud data lifecycle? 

A. Modify data 
B. Modify metadata 
C. New data 
D. Import data 

Question # 94

What type of data does data rights management (DRM) protect? 

A. Consumer 
B. PII 
C. Financial 
D. Healthcare 

Question # 95

With software-defined networking (SDN), which two types of network operations are segregated to allow for granularity and delegation of administrative access and functions? 

A. Filtering and forwarding 
B. Filtering and firewalling 
C. Firewalling and forwarding 
D. Forwarding and protocol 

Question # 96

Which of the following threat types can occur when baselines are not appropriately applied or when unauthorized changes are made?

A. Security misconfiguration 
B. Insecure direct object references 
C. Unvalidated redirects and forwards 
D. Sensitive data exposure 

Question # 97

Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report? 

A. Six months 
B. One month 
C. One year 
D. One week 

Question # 98

Data center and operations design traditionally takes a tiered, topological approach. Which of the following standards is focused on that approach and is prevalently used throughout the industry? 

A. IDCA 
B. NFPA 
C. BICSI 
D. Uptime Institute 

Question # 99

What does dynamic application security testing (DAST) NOT entail? 

A. Scanning 
B. Probing 
C. Discovery
 D. Knowledge of the system 

Question # 100

What is a serious complication an organization faces from the compliance perspective with international operations? 

A. Multiple jurisdictions 
B. Different certifications 
C. Different operational procedures 
D. Different capabilities 

Question # 101

Which type of controls are the SOC Type 1 reports specifically focused on? 

A. Integrity 
B. PII 
C. Financial 
D. Privacy 

Question # 102

What process is used within a cloud environment to maintain resource balancing and ensure that resources are available where and when needed? 

A. Dynamic clustering 
B. Dynamic balancing 
C. Dynamic resource scheduling 
D. Dynamic optimization