CCSP Free Practice Test

- (Exam Topic 2)
Which of the cloud cross-cutting aspects relates to the requirements placed on a system or application by law, policy, or requirements from standards?

1. A. regulatory requirements
2. B. Auditability
3. C. Service-level agreements
4. D. Governance

Correct Answer: A
Regulatory requirements are those imposed upon businesses and their operations either by law, regulation, policy, or standards and guidelines. These requirements are specific either to the locality in which the company or application is based or to the specific nature of the data and transactions conducted.

- (Exam Topic 3)
Within a federated identity system, which of the following would you be MOST likely to use for sending information for consumption by a relying party?

1. A. XML
2. B. HTML
3. C. WS-Federation
4. D. SAML

Correct Answer: D
The Security Assertion Markup Language (SAML) is the most widely used method for encoding and sending attributes and other information from an identity provider to a relying party.WS-Federation, which is used by Active Directory Federation Services (ADFS), is the second most used method for sending information to a relying party, but it is not a better choice than SAML. XML is similar to SAML in the way it encodes and labels data, but it does not have all of the required extensions that SAML does. HTML is not used within federated systems at all.

- (Exam Topic 2)
Which of the following is NOT a function performed by the record protocol of TLS?

1. A. Encryption
2. B. Acceleration
3. C. Authentication
4. D. Compression

Correct Answer: B
The record protocol of TLS performs the authentication and encryption of data packets, and in some cases compression as well. It does not perform any acceleration functions.

- (Exam Topic 3)
You are working for a cloud service provider and receive an eDiscovery order pertaining to one of your customers.
Which of the following would be the most appropriate action to take first?

1. A. Take a shapshot of the virtual machines
2. B. Escrow the encryption keys
3. C. Copy the data
4. D. Notify the customer

Correct Answer: D
When a cloud service provider receives an eDiscovery order pertaining to one of their customers, the first action they must take is to notify the customer. This allows the customer to be aware of what was received, as well as to conduct a review to determine if any challenges are necessary or warranted. Taking snapshots of virtual machines, copying data, and escrowing encryption keys are all processes involved in the actual collection of data and should not be performed until the customer has been notified of the request.

- (Exam Topic 4)
Which type of testing uses the same strategies and toolsets that hackers would use?

1. A. Static
2. B. Malicious
3. C. Penetration
4. D. Dynamic

Correct Answer: C
Penetration testing involves using the same strategies and toolsets that hackers would use against a system to discovery potential vulnerabilities. Although the term malicious captures much of the intent of penetration testing from the perspective of an attacker, it is not the best answer. Static and dynamic are two types of system testing--where static is done offline and with knowledge of the system, and dynamic is done on a live system without any previous knowledge is associated--but neither describes the type of testing being asked for in the question.