CCSP Free Practice Test

- (Exam Topic 2)
Which OSI layer does IPsec operate at?

1. A. Network
2. B. transport
3. C. Application
4. D. Presentation

Correct Answer: A
A major difference between IPsec and other protocols such as TLS is that IPsec operates at the Internet network layer rather than the application layer, allowing for complete end-to-end encryption of all communications and traffic.

- (Exam Topic 1)
Which of the following actions will NOT make data part of the "create" phase of the cloud data lifecycle?

1. A. Modifying metadata
2. B. Importing data
3. C. Modifying data
4. D. Constructing new data

Correct Answer: A
Although the initial phase is called "create," it can also refer to modification. In essence, any time data is considered "new," it is in the create phase. This can come from data that is newly created, data that is imported into a system and is new to that system, or data that is already present and modified into a new form or value. Modifying the metadata does not change the actual data.

- (Exam Topic 4)
The most pragmatic option for data disposal in the cloud is which of the following?

1. A. Cryptoshredding
2. B. Overwriting
3. C. Cold fusion
4. D. Melting

Correct Answer: A
We don’t have physical ownership, control, or even access to the devices holding the data, so physical destruction, including melting, is not an option. Overwriting is a possibility, but it is complicated by the difficulty of locating all the sectors and storage areas that might have contained our data, and by the likelihood that constant backups in the cloud increase the chance we’ll miss something as it’s being overwritten. Cryptoshredding is the only reasonable alternative. Cold fusion is a red herring.

- (Exam Topic 4)
DLP solutions can aid in deterring loss due to which of the following?

1. A. Inadvertent disclosure
2. B. Natural disaster
3. C. Randomization
4. D. Device failure

Correct Answer: A
DLP solutions may protect against inadvertent disclosure. Randomization is a technique for obscuring data, not a risk to data. DLP tools will not protect against risks from natural disasters, or against impacts due to device failure.

- (Exam Topic 2)
What is the biggest challenge to data discovery in a cloud environment?

1. A. Format
2. B. Ownership
3. C. Location
4. D. Multitenancy

Correct Answer: C
With the distributed nature of cloud environments, the foremost challenge for data discovery is awareness of the location of data and keeping track of it during the constant motion of cloud storage systems.