CCSP Free Practice Test

- (Exam Topic 2)
Which value refers to the amount of time it takes to recover operations in a BCDR situation to meet management's objectives?

1. A. RSL
2. B. RPO
3. C. SRE
4. D. RTO

Correct Answer: D
The recovery time objective (RTO) is a measure of the amount of time it would take to recover operations in the event of a disaster to the point where management's objectives are met for BCDR.

- (Exam Topic 3)
Which of the following tasks within a SaaS environment would NOT be something the cloud customer would be responsible for?

1. A. Authentication mechanism
2. B. Branding
3. C. Training
4. D. User access

Correct Answer: A
The authentication mechanisms and implementations are the responsibility of the cloud provider because they are core components of the application platform and service. Within a SaaS implementation, the cloud
customer will provision user access, deploy branding to the application interface (typically), and provide or procure training for its users.

- (Exam Topic 2)
Which of the following is NOT an application or utility to apply and enforce baselines on a system?

1. A. Chef
2. B. GitHub
3. C. Puppet
4. D. Active Directory

Correct Answer: B
GitHub is an application for code collaboration, including versioning and branching of code trees. It is not used for applying or maintaining system configurations.

- (Exam Topic 3)
When dealing with PII, which category pertains to those requirements that can carry legal sanctions or penalties for failure to adequately safeguard the data and address compliance requirements?

1. A. Contractual
2. B. Jurisdictional
3. C. Regulated
4. D. Legal

Correct Answer: C
Regulated PII pertains to data that is outlined in law and regulations. Violations of the requirements for the protection of regulated PII can carry legal sanctions or penalties. Contractual PII involves required data protection that is determined by the actual service contract between the cloud provider and cloud customer, rather than outlined by law. Violations of the provisions of contractual PII carry potential financial or contractual implications, but not legal sanctions. Legal and jurisdictional are similar terms to regulated, but neither is the official term used.

- (Exam Topic 2)
What concept does the "I" represent with the STRIDE threat model?

1. A. Integrity
2. B. Information disclosure
3. C. IT security
4. D. Insider threat

Correct Answer: B
Perhaps the biggest concern for any user is having their personal and sensitive information disclosed by an application. There are many aspects of an application to consider with security and protecting this information, and it is very difficult for any application to fully ensure security from start to finish. The obvious focus is on security within the application itself, as well as protecting and storing the data.