CCSP Free Practice Test

- (Exam Topic 1)
Which of the following APIs are most commonly used within a cloud environment?

1. A. REST and SAML
2. B. SOAP and REST
3. C. REST and XML
4. D. XML and SAML

Correct Answer: B
Simple Object Access Protocol (SOAP) and Representational State Transfer (REST) are the most commonly used APIs within a cloud environment. Extensible Markup Language (XML) and Security Assertion Markup Language (SAML) are both standards for exchanging encoded data between two parties, with XML being for more general use and SAML focused on authentication and authorization data.

- (Exam Topic 3)
Which of the following is not a risk management framework?

1. A. COBIT
2. B. Hex GBL
3. C. ISO 31000:2009
4. D. NIST SP 800-37

Correct Answer: B
Hex GBL is a reference to a computer part in Terry Pratchett’s fictional Discworld universe. The rest are not.

- (Exam Topic 4)
What does static application security testing (SAST) offer as a tool to the testers that makes it unique compared to other common security testing methodologies?

1. A. Live testing
2. B. Source code access
3. C. Production system scanning
4. D. Injection attempts

Correct Answer: B
Static application security testing (SAST) is conducted against offline systems with previous knowledge of them, including their source code. Live testing is not part of static testing but rather is associated with dynamic testing. Production system scanning is not appropriate because static testing is done against offline systems. Injection attempts are done with many different types of testing and are not unique to one particular type. It is therefore not the best answer to the question.

- (Exam Topic 2)
Which of the cloud cross-cutting aspects relates to the oversight of processes and systems, as well as to ensuring their compliance with specific policies and regulations?

1. A. Governance
2. B. Regulatory requirements
3. C. Service-level agreements
4. D. Auditability

Correct Answer: D
Auditing involves reports and evidence that show user activity, compliance with controls and regulations, the systems and processes that run and what they do, as well as information and data access and modification records. A cloud environment adds additional complexity to traditional audits because the cloud customer will not have the same level of access to systems and data as they would in a traditional data center.

- (Exam Topic 3)
The European Union is often considered the world leader in regard to the privacy of personal data and has declared privacy to be a "human right."
In what year did the EU first assert this principle?

1. A. 1995
2. B. 2000
3. C. 2010
4. D. 1999

Correct Answer: A
SThe EU passed Directive 95/46 EC in 1995, which established data privacy as a human right. The other years listed are incorrect.