What is the data encapsulation used with the SOAP protocol referred to?
Answer(s): B
Simple Object Access Protocol (SOAP) encapsulates its information in what is known as a SOAP envelope and then leverages common communications protocols for transmission.
Which of the following threat types can occur when an application does not properly validate input and can be leveraged to send users to malicious sites that appear to be legitimate?
Answer(s): A
Many web applications offer redirect or forward pages that send users to different, external sites. If these pages are not properly secured and validated, attackers can use the application to forward users off to sites for phishing or malware attempts. These attempts can often be more successful than direct phishing attempts because users will trust the site or application that sent them there, and they will assume it has been properly validated and approved by the trusted application's owners or operators. Security misconfiguration occurs when applications and systems are not properly configured for security--often a result of misapplied or inadequate baselines. Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure. Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data.
Which publication from the United States National Institute of Standards and Technology pertains to defining cloud concepts and definitions for the various core components of cloud computing?
NIST Special Publications 800-145 is titled "The NIST Definition of Cloud Computing" and contains definitions and explanations of core cloud concepts and components.
What is the biggest negative to leasing space in a data center versus building or maintain your own?
When leasing space in a data center, an organization will give up a large degree of control as to how it is built and maintained, and instead must conform to the policies and procedures of the owners and operators of the data center.
Post your Comments and Discuss ISC CCSP exam with other Community members:
Bini commented on December 02, 2024 I would like to see more questions related to CCSP Anonymous upvote
SSSR commented on October 22, 2024 Great stuff and nicely formatted content. PDF is version is what I highly recommend as it has double the amount of questions. UNITED KINGDOM upvote
MP commented on October 16, 2024 Still Preparing Hopefully these are helpful UNITED STATES upvote
Mohammad commented on September 25, 2024 helpful, but i think it should be updated Anonymous upvote
Manoj commented on September 12, 2024 helpful but some of the answers are debatable. not sure what to accept for exam passing. UNITED STATES upvote
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the CCSP content, but please register or login to continue.