QUESTION: 45

Which of the following is not a risk management framework?

COBIT
Hex GBL
ISO 31000:2009
NIST SP 800-37

Answer(s): B

Explanation:

Hex GBL is a reference to a computer part in Terry Pratchett’s fictional Discworld universe. The rest are not.

Reveal Solution Next Question

QUESTION: 46

Which of the following threat types involves the sending of untrusted data to a user's browser to be executed with their own credentials and access?

Missing function level access control
Cross-site scripting
Cross-site request forgery
Injection

Answer(s): B

Explanation:

Cross-site scripting (XSS) is an attack where a malicious actor is able to send untrusted data to a user's browser without going through any validation or sanitization processes, or where the code is not properly escaped from processing by the browser. The code is then executed on the user's browser with the user's own access and permissions, allowing an attacker to redirect their web traffic, steal data from their session, or potentially access information on the user's own computer that their browser has the ability to access.

Reveal Solution Next Question

QUESTION: 47

How is an object stored within an object storage system?

Key value
Database
LDAP
Tree structure

Answer(s): A

Explanation:

Object storage uses a flat structure with key values to store and access objects.

Reveal Solution Next Question

QUESTION: 48

Which of the following is NOT a regulatory system from the United States federal government?

PCI DSS
FISMA
SOX
HIPAA

Answer(s): A

Explanation:

The payment card industry data security standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry regulatory standard, not a governmental one.

Reveal Solution Next Question

Free CCSP Exam Braindumps (page: 13)

QUESTION: 45

Explanation:

QUESTION: 46

Explanation:

QUESTION: 47

Explanation:

QUESTION: 48

Explanation:

CCSP Exam Discussions & Posts