CCSP Free Practice Test

- (Exam Topic 1)
Which aspect of archiving must be tested regularly for the duration of retention requirements?

1. A. Availability
2. B. Recoverability
3. C. Auditability
4. D. Portability

Correct Answer: B
In order for any archiving system to be deemed useful and compliant, regular tests must be performed to ensure the data can still be recovered and accessible, should it ever be needed, for the duration of the retention requirements.

- (Exam Topic 3)
Where is a DLP solution generally installed when utilized for monitoring data at rest?

1. A. Network firewall
2. B. Host system
3. C. Application server
4. D. Database server

Correct Answer: B
To monitor data at rest appropriately, the DLP solution would be installed on the host system where the data resides. A database server, in some situations, may be an appropriate answer, but the host system is the best answer because a database server is only one example of where data could reside. An application server processes data and typically sits between the data and presentation zones, and as such, does not store data at rest. A network firewall would be more appropriate for data in transit because it is not a place where data would reside.

- (Exam Topic 3)
Most APIs will support a variety of different data formats or structures.
However, the SOAP API will only support which one of the following data formats?

1. A. XML
2. B. XSLT
3. C. JSON
4. D. SAML

Correct Answer: A
The Simple Object Access Protocol (SOAP) protocol only supports the Extensible Markup Language (XML) data format. Although the other options are all data formats or data structures, they are not supported by SOAP.

- (Exam Topic 2)
Which crucial aspect of cloud computing can be most threatened by insecure APIs?

1. A. Automation
2. B. Redundancy
3. C. Resource pooling
4. D. Elasticity

Correct Answer: A
Cloud environments depend heavily on API calls for management and automation. Any vulnerability with the APIs can cause significant risk and exposure to all tenants of the cloud environment.

- (Exam Topic 1)
Which of the following is NOT a regulatory system from the United States federal government?

1. A. PCI DSS
2. B. FISMA
3. C. SOX
4. D. HIPAA

Correct Answer: A
The payment card industry data security standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry regulatory standard, not a governmental one.