CCSP Free Practice Test

- (Exam Topic 3)
The share phase of the cloud data lifecycle involves allowing data to leave the application, to be shared with external systems, services, or even other vendors/contractors.
What technology would be useful for protecting data at this point?

1. A. IDS
2. B. DLP
3. C. IPS
4. D. WAF

Correct Answer: B
Data loss prevention (DLP) solutions allow for control of data outside of the application or original system. They can enforce granular control such as printing, copying, and being read by others, as well as forcing expiration of access. Intrusion detection system (IDS) and intrusion prevention system (IPS) solutions are used for detecting and blocking suspicious and malicious traffic, respectively, whereas a web application firewall (WAF) is used for enforcing security or other controls on web-based applications.

- (Exam Topic 1)
When is a virtual machine susceptible to attacks while a physical server in the same state would not be?

1. A. When it is behind a WAF
2. B. When it is behind an IPS
3. C. When it is not patched
4. D. When it is powered off

Correct Answer: D
A virtual machine is ultimately an image file residing a file system. Because of this, even when a virtual machine is "powered off," it is still susceptible to attacks and modification. A physical server that is powered off would not be susceptible to attacks.

- (Exam Topic 2)
With software-defined networking, what aspect of networking is abstracted from the forwarding of traffic?

1. A. Routing
2. B. Session
3. C. Filtering
4. D. Firewalling

Correct Answer: C
With software-defined networking (SDN), the filtering of network traffic is separated from the forwarding of
network traffic so that it can be independently administered.

- (Exam Topic 2)
Which of the following features is a main benefit of PaaS over IaaS?

1. A. Location independence
2. B. High-availability
3. C. Physical security requirements
4. D. Auto-scaling

Correct Answer: D
With PaaS providing a fully configured and managed framework, auto-scaling can be implemented to programmatically adjust resources based on the current demands of the environment.

- (Exam Topic 4)
What is one of the reasons a baseline might be changed?

1. A. Numerous change requests
2. B. To reduce redundancy
3. C. Natural disaster
4. D. Power fluctuation

Correct Answer: A
If the CMB is receiving numerous change requests to the point where the amount of requests would drop by modifying the baseline, then that is a good reason to change the baseline. None of the other reasons should involve the baseline at all.