CCSP Free Practice Test

- (Exam Topic 4)
Every security program and process should have which of the following?

1. A. Severe penalties
2. B. Multifactor authentication
3. C. Foundational policy
4. D. Homomorphic encryption

Correct Answer: C
Policy drives all programs and functions in the organization; the organization should not conduct any operations that don’t have a policy governing them. Penalties may or may not be an element of policy, and severity depends on the topic. Multifactor authentication and homomorphic encryption are red herrings here.

- (Exam Topic 1)
Which of the following roles involves the provisioning and delivery of cloud services?

1. A. Cloud service deployment manager
2. B. Cloud service business manager
3. C. Cloud service manager
4. D. Cloud service operations manager

Correct Answer: C
The cloud service manager is responsible for the delivery of cloud services, the provisioning of cloud services, and the overall management of cloud services.

- (Exam Topic 3)
What does a cloud customer purchase or obtain from a cloud provider?

1. A. Services
2. B. Hosting
3. C. Servers
4. D. Customers

Correct Answer: A
No matter what form they come in, "services" are obtained or purchased by a cloud customer from a cloud service provider. Services can come in many forms--virtual machines, network configurations, hosting setups, and software access, just to name a few. Hosting and servers--or, with a cloud, more appropriately virtual machines--are just two examples of "services" that a customer would purchase from a cloud provider. "Customers" would never be a service that's purchased.

- (Exam Topic 4)
What is the concept of isolating an application from the underlying operating system for testing purposes?

1. A. Abstracting
2. B. Application virtualization
3. C. Hosting
4. D. Sandboxing

Correct Answer: B
Application virtualization is a software implementation that allows applications and programs to run in an isolated environment rather than directly interacting with the operating system. Sandboxing refers to segregating information or processes for security or testing purposes, but it's not directly related to isolation from the underlying operating system. Abstracting sounds similar to the correct term but is not pertinent to the question, and hosting is provided as an erroneous answer.

- (Exam Topic 2)
What concept does the "A" represent in the DREAD model?

1. A. Affected users
2. B. Authentication
3. C. Affinity
4. D. Authorization

Correct Answer: A
Affected users refers to the percentage of users who would be impacted by a successful exploit. Scoring ranges from 0, which means no users are impacted, to 10, which means all users are impacted.