CCSP Free Practice Test

- (Exam Topic 2)
What concept does the "R" represent with the DREAD model?

1. A. Reproducibility
2. B. Repudiation
3. C. Risk
4. D. Residual

Correct Answer: A
Reproducibility is the measure of how easy it is to reproduce and successful use an exploit. Scoring within the DREAD model ranges from 0, signifying a nearly impossibly exploit, up to 10, which signifies something that anyone from a simple function call could exploit, such as a URL.

- (Exam Topic 4)
Upon completing a risk analysis, a company has four different approaches to addressing risk. Which approach it takes will be based on costs, available options, and adherence to any regulatory requirements from independent audits.
Which of the following groupings correctly represents the four possible approaches?

1. A. Accept, avoid, transfer, mitigate
2. B. Accept, deny, transfer, mitigate
3. C. Accept, deny, mitigate, revise
4. D. Accept, dismiss, transfer, mitigate

Correct Answer: A
The four possible approaches to risk are as follows: accept (do not patch and continue with the risk), avoid (implement solutions to prevent the risk from occurring), transfer (take out insurance), and mitigate (change configurations or patch to resolve the risk). Each of these answers contains at least one incorrect approach name.

- (Exam Topic 4)
What are the U.S. State Department controls on technology exports known as?

1. A. DRM
2. B. ITAR
3. C. EAR
4. D. EAL

Correct Answer: B
ITAR is a Department of State program. Evaluation assurance levels are part of the Common Criteria standard from ISO. Digital rights management tools are used for protecting electronic processing of intellectual property.

- (Exam Topic 4)
Which of the following statements about Type 1 hypervisors is true?

1. A. The hardware vendor and software vendor are different.
2. B. The hardware vendor and software vendor are the same
3. C. The hardware vendor provides an open platform for software vendors.
4. D. The hardware vendor and software vendor should always be different for the sake of security.

Correct Answer: B
With a Type 1 hypervisor, the management software and hardware are tightly tied together and provided by the same vendor on a closed platform. This allows for optimal security, performance, and support. The other answers are all incorrect descriptions of a Type 1 hypervisor.

- (Exam Topic 3)
Although much of the attention given to data security is focused on keeping data private and only accessible by authorized individuals, of equal importance is the trustworthiness of the data.
Which concept encapsulates this?

1. A. Validity
2. B. Integrity
3. C. Accessibility
4. D. Confidentiality

Correct Answer: B
Integrity refers to the trustworthiness of data and whether its format and values are true and have not been corrupted or otherwise altered through unauthorized means. Confidentiality refers to keeping data from being access or viewed by unauthorized parties. Accessibility means that data is available and ready when needed by a user or service. Validity can mean a variety of things that are somewhat similar to integrity, but it's not the most appropriate answer in this case.