CCSP Free Practice Test

- (Exam Topic 1)
The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is composed by a member-driven OWASP committee of application development experts and published approximately every 24 months. The 2013 OWASP Top Ten list includes “cross-site scripting (XSS).”
Which of the following is not a method for reducing the risk of XSS attacks? Response:

1. A. Use an auto-escaping template system.
2. B. XML escape all identity assertions.
3. C. Sanitize HTML markup with a library designed for the purpose.
4. D. HTML escape JSON values in an HTML context and read the data with JSON.parse.

Correct Answer: B

- (Exam Topic 2)
SOC 2 reports were intended to be ______.
Response:

1. A. Released to the public
2. B. Only technical assessments
3. C. Retained for internal use
4. D. Nonbinding

Correct Answer: C

- (Exam Topic 3)
Which of the following methods for the safe disposal of electronic records can always be used in a cloud
environment? Response:

1. A. Physical destruction
2. B. Encryption
3. C. Overwriting
4. D. Degaussing

Correct Answer: B

- (Exam Topic 1)
Which of the following is a file server that provides data access to multiple, heterogeneous machines/users on the network?
Response:

1. A. Storage area network (SAN)
2. B. Network-attached storage (NAS)
3. C. Hardware security module (HSM)
4. D. Content delivery network (CDN)

Correct Answer: B

- (Exam Topic 3)
Which of the following aspects of the BC/DR process poses a risk to the organization? Response:

1. A. Threat intelligence gathering
2. B. Preplacement of response assets
3. C. Budgeting for disaster
4. D. Full testing of the plan

Correct Answer: D