Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. CCSP

ISC CCSP Exam
Certified Cloud Security Professional (CCSP) (Page 11 )

Updated On: 9-Feb-2026
Page 11 of 104
PDF with 512 Questions

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?

  1. Missing function level access control
  2. Cross-site scripting
  3. Cross-site request forgery
  4. Injection

Answer(s): B

Explanation:

Cross-site scripting (XSS) is an attack where a malicious actor is able to send untrusted data to a user's browser without going through any validation or sanitization processes, or where the code is not properly escaped from processing by the browser. The code is then executed on the user's browser with the user's own access and permissions, allowing an attacker to redirect their web traffic, steal data from their session, or potentially access information on the user's own computer that their browser has the ability to access.



How is an object stored within an object storage system?

  1. Key value
  2. Database
  3. LDAP
  4. Tree structure

Answer(s): A

Explanation:

Object storage uses a flat structure with key values to store and access objects.



Which of the following is NOT a regulatory system from the United States federal government?

  1. PCI DSS
  2. FISMA
  3. SOX
  4. HIPAA

Answer(s): A

Explanation:

The payment card industry data security standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry regulatory standard, not a governmental one.



Which jurisdiction lacks specific and comprehensive privacy laws at a national or top level of legal authority?

  1. European Union
  2. Germany
  3. Russia
  4. United States

Answer(s): D

Explanation:

The United States lacks a single comprehensive law at the federal level addressing data security and privacy, but there are multiple federal laws that deal with different industries.



Which United States law is focused on PII as it relates to the financial industry?

  1. HIPAA
  2. SOX
  3. Safe Harbor
  4. GLBA

Answer(s): D

Explanation:

The GLBA, as it is commonly called based on the lead sponsors and authors of the act, is officially known as "The Financial Modernization Act of 1999." It is specifically focused on PII as it relates to financial institutions. There are three specific components of it, covering various areas and use, on top of a general requirement that all financial institutions must provide all users and customers with a written copy of their privacy policies and practices, including with whom and for what reasons their information may be shared with other entities.






Post your Comments and Discuss ISC CCSP exam prep with other Community members:

Join the CCSP Discussion