CCSP Free Practice Test

- (Exam Topic 4)
SOC Type 1 reports are considered "restricted use," in that they are intended only for limited audiences and purposes.
Which of the following is NOT a population that would be appropriate for a SOC Type 1 report?

1. A. Current clients
2. B. Auditors
3. C. Potential clients
4. D. The service organization

Correct Answer: C
Potential clients are not served by SOC Type 1 audits. A Type 2 or Type 3 report would be appropriate for potential clients. SOC Type 1 reports are intended for restricted use, where only the service organization itself, current clients, or auditors would have access to them.

- (Exam Topic 3)
If a cloud computing customer wishes to guarantee that a minimum level of resources will always be available, which of the following set of services would compromise the reservation?

1. A. Memory and networking
2. B. CPU and software
3. C. CPU and storage
4. D. CPU and memory

Correct Answer: D
A reservation guarantees to a cloud customer that they will have access to a minimal level of resources to run their systems, which will help mitigate against DoS attacks or systems that consume high levels of resources.
A reservation pertains to memory and CPU resources. Under the concept of a reservation, memory and CPU are the guaranteed resources, but storage and networking are not included even though they are core components of cloud computing. Software would be out of scope for a guarantee and doesn't really pertain to the concept.

- (Exam Topic 4)
In a federated identity arrangement using a trusted third-party model, who is the identity provider and who is the relying party?

1. A. The users of the various organizations within the federations within the federation/a CASB
2. B. Each member organization/a trusted third party
3. C. Each member organization/each member organization
4. D. A contracted third party/the various member organizations of the federation

Correct Answer: D
In a trusted third-party model of federation, each member organization outsources the review and approval task to a third party they all trust. This makes the third party the identifier (it issues and manages identities for all users in all organizations in the federation), and the various member organizations are the relying parties (the resource providers that share resources based on approval from the third party).

- (Exam Topic 3)
Which cloud service category would be most ideal for a cloud customer that is developing software to test its applications among multiple hosting providers to determine the best option for its needs?

1. A. DaaS
2. B. PaaS
3. C. IaaS
4. D. SaaS

Correct Answer: B
Platform as a Service would allow software developers to quickly and easily deploy their applications among different hosting providers for testing and validation in order to determine the best option. Although IaaS would also be appropriate for hosting applications, it would require too much configuration of application servers and libraries in order to test code. Conversely, PaaS would provide a ready-to-use environment from the onset. DaaS would not be appropriate in any way for software developers to use to deploy applications. IaaS would not be appropriate in this scenario because it would require the developers to also deploy and maintain the operating system images or to contract with another firm to do so. SaaS, being a fully functional software platform, would not be appropriate for deploying applications into.

- (Exam Topic 4)
Which of the following best describes a sandbox?

1. A. An isolated space where untested code and experimentation can safely occur separate from the production environment.
2. B. A space where you can safely execute malicious code to see what it does.
3. C. An isolated space where transactions are protected from malicious software
4. D. An isolated space where untested code and experimentation can safely occur within the production environment.

Correct Answer: A
Options C and B are also correct, but A is more general and incorporates them both. D is incorrect, because sandboxing does not take place in the production environment.