Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. CCSP

ISC CCSP Exam
Certified Cloud Security Professional (CCSP) (Page 12 )

Updated On: 9-Feb-2026
Page 12 of 104
PDF with 512 Questions

Which of the following threat types can occur when encryption is not properly applied or insecure transport mechanisms are used?

  1. Security misconfiguration
  2. Insecure direct object references
  3. Sensitive data exposure
  4. Unvalidated redirects and forwards

Answer(s): C

Explanation:

Sensitive data exposure occurs when information is not properly secured through encryption and secure transport mechanisms; it can quickly become an easy and broad method for attackers to compromise information. Web applications must enforce strong encryption and security controls on the application side, but secure methods of communications with browsers or other clients used to access the information are also required. Security misconfiguration occurs when applications and systems are not properly configured for security, often a result of misapplied or inadequate baselines. Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, thus allowing spoofing for malware or phishing attacks.



What is the best approach for dealing with services or utilities that are installed on a system but not needed to perform their desired function?

  1. Remove
  2. Monitor
  3. Disable
  4. Stop

Answer(s): A

Explanation:

The best practice is to totally remove any unneeded services and utilities on a system to prevent any chance of compromise or use. If they are just disabled, it is possible for them to be inadvertently started again at any point, or another exploit could be used to start them again. Removing also negates the need to patch and maintain them going forward.



Which of the following actions will NOT make data part of the "create" phase of the cloud data lifecycle?

  1. Modifying metadata
  2. Importing data
  3. Modifying data
  4. Constructing new data

Answer(s): A

Explanation:

Although the initial phase is called "create," it can also refer to modification. In essence, any time data is considered "new," it is in the create phase. This can come from data that is newly created, data that is imported into a system and is new to that system, or data that is already present and modified into a new form or value. Modifying the metadata does not change the actual data.



What are the two protocols that TLS uses?

  1. Handshake and record
  2. Transport and initiate
  3. Handshake and transport
  4. Record and transmit

Answer(s): A

Explanation:

TLS uses the handshake protocol to establish and negotiate the TLS connection, and it uses the record protocol for the secure transmission of data.



Which type of cloud model typically presents the most challenges to a cloud customer during the "destroy" phase of the cloud data lifecycle?

  1. IaaS
  2. DaaS
  3. SaaS
  4. PaaS

Answer(s): C

Explanation:

With many SaaS implementations, data is not isolated to a particular customer but rather is part of the overall application. When it comes to data destruction, a particular challenge is ensuring that all of a customer's data is completely destroyed while not impacting the data of other customers.






Post your Comments and Discuss ISC CCSP exam prep with other Community members:

Join the CCSP Discussion