CCSP Free Practice Test

- (Exam Topic 1)
Which of the following cloud aspects complicates eDiscovery?

1. A. Resource pooling
2. B. On-demand self-service
3. C. Multitenancy
4. D. Measured service

Correct Answer: C
With multitenancy, eDiscovery becomes more complicated because the data collection involves extra steps to ensure that only those customers or systems that are within scope are turned over to the requesting authority.

- (Exam Topic 4)
Cloud systems are increasingly used for BCDR solutions for organizations. What aspect of cloud computing makes their use for BCDR the most attractive?

1. A. On-demand self-service
2. B. Measured service
3. C. Portability
4. D. Broad network access

Correct Answer: B
Business continuity and disaster recovery (BCDR) solutions largely sit idle until they are actually needed. This traditionally has led to increased costs for an organization because physical hardware must be purchased and operational but is not used. By using a cloud system, an organization will only pay for systems when they are being used and only for the duration of use, thus eliminating the need for extra hardware and costs. Portability is the ability to easily move services among different cloud providers. Broad network access allows access to users and staff from anywhere and from different clients, and although this would be important for a BCDR situation, it is not the best answer in this case. On-demand self-service allows users to provision services automatically and when needed, and although this too would be important for BCDR situations, it is not the best answer because it does not address costs or the biggest benefits to an organization.

- (Exam Topic 4)
Which of the following is not a risk management framework?

1. A. COBIT
2. B. Hex GBL
3. C. ISO 31000:2009
4. D. NIST SP 800-37

Correct Answer: B
Hex GBL is a reference to a computer part in Terry Pratchett’s fictional Discworld universe. The rest are not.

- (Exam Topic 1)
Which of the following approaches would NOT be considered sufficient to meet the requirements of secure data destruction within a cloud environment?

1. A. Cryptographic erasure
2. B. Zeroing
3. C. Overwriting
4. D. Deletion

Correct Answer: D
Deletion merely removes the pointers to data on a system; it does nothing to actually remove and sanitize the data. As such, the data remains in a recoverable state, and more secure methods are needed to ensure it has been destroyed and is not recoverable by another party.

- (Exam Topic 4)
Which of the following is NOT one of the components of multifactor authentication?

1. A. Something the user knows
2. B. Something the user has
3. C. Something the user sends
4. D. Something the user is

Correct Answer: C
Multifactor authentication systems are composed of something the user knows, has, and/or is, not something the user sends. Multifactor authentication commonly uses something that a user knows, has, and/or is (such as biometrics or features).