CCSP Free Practice Test

- (Exam Topic 4)
Which of the following is the primary purpose of an SOC 3 report?

1. A. HIPAA compliance
2. B. Absolute assurances
3. C. Seal of approval
4. D. Compliance with PCI/DSS

Correct Answer: C
The SOC 3 report is more of an attestation than a full evaluation of controls associated with a service provider.

- (Exam Topic 4)
The WS-Security standards are built around all of the following standards except which one?

1. A. SAML
2. B. WDSL
3. C. XML
4. D. SOAP

Correct Answer: A
The WS-Security specifications, as well as the WS-Federation system, are built upon XML, WDSL, and SOAP. SAML is a very similar protocol that is used as an alternative to WS.XML, WDSL, and SOAP are all integral to the WS-Security specifications.

- (Exam Topic 4)
The goals of SIEM solution implementation include all of the following, except:

1. A. Dashboarding
2. B. Performance enhancement
3. C. Trend analysis
4. D. Centralization of log streams

Correct Answer: B
SIEM does not intend to provide any enhancement of performance; in fact, a SIEM solution may decrease performance because of additional overhead. All the rest are goals of SIEM implementations.

- (Exam Topic 2)
The European Union passed the first major regulation declaring data privacy to be a human right. In what year did it go into effect?

1. A. 2010
2. B. 2000
3. C. 1995
4. D. 1990

Correct Answer: C
Adopted in 1995, Directive 95/46 EC establishes strong data protection and policy requirements, including the declaring of data privacy to be a human right. It establishes that an individual has the right to be notified when their personal data is being access or processed, that it only will ever be accessed for legitimate purposes, and that data will only be accessed to the exact extent it needs to be for the particular process or request.

- (Exam Topic 3)
With software-defined networking (SDN), which two types of network operations are segregated to allow for granularity and delegation of administrative access and functions?

1. A. Filtering and forwarding
2. B. Filtering and firewalling
3. C. Firewalling and forwarding
4. D. Forwarding and protocol

Correct Answer: A
With SDN, the filtering and forwarding capabilities and administration are separated. This allows the cloud provider to build interfaces and management tools for administrative delegation of filtering configuration, without having to allow direct access to underlying network equipment. Firewalling and protocols are both terms related to networks, but they are not components SDN is concerned with.