CCSP Free Practice Test

- (Exam Topic 1)
Which of the following threat types involves an application that does not validate authorization for portions of itself after the initial checks?

1. A. Injection
2. B. Missing function-level access control
3. C. Cross-site request forgery
4. D. Cross-site scripting

Correct Answer: B
It is imperative that an application perform checks when each function or portion of the application is accessed, to ensure that the user is properly authorized to access it. Without continual checks each time a function is accessed, an attacker could forge requests to access portions of the application where authorization has not been granted.

- (Exam Topic 2)
Which of the following should NOT be part of the requirement analysis phase of the software development lifecycle?

1. A. Functionality
2. B. Programming languages
3. C. Software platform
4. D. Security requirements

Correct Answer: D
Security requirements should be incorporated into the software development lifecycle (SDLC) from the earliest requirement gathering stage and should be incorporated prior to the requirement analysis phase.

- (Exam Topic 1)
Which of the following statements accurately describes VLANs?

1. A. They are not restricted to the same data center or the same racks.
2. B. They are not restricted to the name rack but restricted to the same data center.
3. C. They are restricted to the same racks and data centers.
4. D. They are not restricted to the same rack but restricted to same switches.

Correct Answer: A
A virtual area network (VLAN) can span any networks within a data center, or it can span across different physical locations and data centers.

- (Exam Topic 2)
Which security concept is focused on the trustworthiness of data?

1. A. Integrity
2. B. Availability
3. C. Nonrepudiation
4. D. Confidentiality

Correct Answer: A
Integrity is focused on the trustworthiness of data as well as the prevention of unauthorized modification or tampering of it. A prime consideration for maintaining integrity is an emphasis on the change management and configuration management aspects of operations, so that all modifications are predictable, tracked, logged, and verified, whether they are performed by actual human users or systems processes and scripts.

- (Exam Topic 3)
Within an IaaS implementation, which of the following would NOT be a metric used to quantify service charges for the cloud customer?

1. A. Memory
2. B. Number of users
3. C. Storage
4. D. CPU

Correct Answer: B
Within IaaS, where the cloud customer is responsible for everything beyond the physical network, the number of users on a system would not be a factor in billing or service charges. The core cloud services for IaaS are based on the memory, storage, and CPU requirements of the cloud customer. Because the cloud customer with IaaS is responsible for its own images and deployments, these components comprise the basis of its cloud provisioning and measured services billing.