CCSP Free Practice Test

- (Exam Topic 1)
What type of PII is regulated based on the type of application or per the conditions of the specific hosting agreement?

1. A. Specific
2. B. Contractual
3. C. regulated
4. D. Jurisdictional

Correct Answer: B
Contractual PII has specific requirements for the handling of sensitive and personal information, as defined at a contractual level. These specific requirements will typically document the required handling procedures and policies to deal with PII. They may be in specific security controls and configurations, required policies or procedures, or limitations on who may gain authorized access to data and systems.

- (Exam Topic 3)
Different certifications and standards take different approaches to data center design and operations. Although many traditional approaches use a tiered methodology, which of the following utilizes a macro-level approach to data center design?

1. A. IDCA
2. B. BICSI
3. C. Uptime Institute
4. D. NFPA

Correct Answer: A
The Infinity Paradigm of the International Data Center Authority (IDCA) takes a macro-level approach to data center design. The IDCA does not use a specific, focused approach on specific components to achieve tier status. Building Industry Consulting Services International (BICSI) issues certifications for data center cabling. The National Fire Protection Association (NFPA) publishes a broad range of fire safety and design standards for many different types of facilities. The Uptime Institute publishes the most widely known and used standard for data center topologies and tiers.

- (Exam Topic 2)
What does the REST API use to protect data transmissions?

1. A. NetBIOS
2. B. VPN
3. C. Encapsulation
4. D. TLS

Correct Answer: D
Representational State Transfer (REST) uses TLS for communication over secured channels. Although REST also supports SSL, at this point SSL has been phased out due to vulnerabilities and has been replaced by TLS.

- (Exam Topic 3)
Digital investigations have adopted many of the same methodologies and protocols as other types of criminal or scientific inquiries.
What term pertains to the application of scientific norms and protocols to digital investigations?

1. A. Scientific
2. B. Investigative
3. C. Methodological
4. D. Forensics

Correct Answer: D
Forensics refers to the application of scientific methods and protocols to the investigation of crimes. Although forensics has traditionally been applied to well-known criminal proceedings and investigations, the term equally applies to digital investigations and methods. Although the other answers provide similar-sounding terms and ideas, none is the appropriate answer in this case.

- (Exam Topic 4)
Which of the following is the least challenging with regard to eDiscovery in the cloud?

1. A. Identifying roles such as data owner, controller and processor
2. B. Decentralization of data storage
3. C. Forensic analysis
4. D. Complexities of International law

Correct Answer: C
Forensic analysis is the least challenging of the answers provided as it refers to the analysis of data once it is obtained. The challenges revolve around obtaining the data for analysis due to the complexities of international law, the decentralization of data storage or difficulty knowing where to look, and identifying the data owner, controller, and processor.