CCSP Free Practice Test

- (Exam Topic 4)
BCDR strategies typically do not involve the entire operations of an organization, but only those deemed critical to their business.
Which concept pertains to the required amount of time to restore services to the predetermined level?

1. A. RPO
2. B. RSL
3. C. RTO
4. D. SRE

Correct Answer: C
The recovery time objective (RTO) measures the amount of time necessary to recover operations to meet the BCDR plan. The recovery service level (RSL) measures the percentage of operations that would be recovered during a BCDR situation. The recovery point objective (RPO) sets and defines the amount of data an organization must have available or accessible to reach the predetermined level of operations necessary during a BCDR situation. SRE is provided as an erroneous response.

- (Exam Topic 2)
Which security concept is based on preventing unauthorized access to data while also ensuring that it is accessible to those authorized to use it?

1. A. Integrity
2. B. Availability
3. C. Confidentiality
4. D. Nonrepudiation

Correct Answer: C
The main goal of confidentiality is to ensure that sensitive information is not made available or leaked to parties that should not have access to it, while at the same time ensuring that those with appropriate need and authorization to access it can do so in a manner commensurate with their needs and confidentiality requirements.

- (Exam Topic 2)
Which security concept would business continuity and disaster recovery fall under?

1. A. Confidentiality
2. B. Availability
3. C. Fault tolerance
4. D. Integrity

Correct Answer: B
Disaster recovery and business continuity are vital concerns with availability. If data is destroyed or compromised, having regular backup systems in place as well as being able to perform disaster recovery in the event of a major or widespread problem allows operations to continue with an acceptable loss of time and data to management. This also ensures that sensitive data is protected and persisted in the event of the loss or corruption of data systems or physical storage systems.

- (Exam Topic 4)
A localized incident or disaster can be addressed in a cost-effective manner by using which of the following?

1. A. UPS
2. B. Generators
3. C. Joint operating agreements
4. D. Strict adherence to applicable regulations

Correct Answer: C
Joint operating agreements can provide nearby relocation sites so that a disruption limited to the organization’s own facility and campus can be addressed at a different facility and campus. UPS and generators are not limited to serving needs for localized causes. Regulations do not promote cost savings and are not often the immediate concern during BC/DR activities.

- (Exam Topic 1)
What is used for local, physical access to hardware within a data center?

1. A. SSH
2. B. KVM
3. C. VPN
4. D. RDP

Correct Answer: B
Local, physical access in a data center is done via KVM (keyboard, video, mouse) switches.