CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. CCSP

Free CCSP Exam Braindumps (page: 18)

Page 17 of 129
PDF with 512 Questions

Which type of audit report does many cloud providers use to instill confidence in their policies, practices, and procedures to current and potential customers?

  1. SAS-70
  2. SOC 2
  3. SOC 1
  4. SOX

Answer(s): B

Explanation:

One approach that many cloud providers opt to take is to undergo a SOC 2 audit and make the report available to cloud customers and potential cloud customers as a way of providing security confidence without having to open their systems or sensitive information to the masses.



Which of the following statements accurately describes VLANs?

  1. They are not restricted to the same data center or the same racks.
  2. They are not restricted to the name rack but restricted to the same data center.
  3. They are restricted to the same racks and data centers.
  4. They are not restricted to the same rack but restricted to same switches.

Answer(s): A

Explanation:

A virtual area network (VLAN) can span any networks within a data center, or it can span across different physical locations and data centers.



What must be secured on physical hardware to prevent unauthorized access to systems?

  1. BIOS
  2. SSH
  3. RDP
  4. ALOM

Answer(s): A

Explanation:

BIOS is the firmware that governs the physical initiation and boot up of a piece of hardware. If it is compromised, an attacker could have access to hosted systems and make configurations changes to expose or disable some security elements on the system.



What type of PII is regulated based on the type of application or per the conditions of the specific hosting agreement?

  1. Specific
  2. Contractual
  3. regulated
  4. Jurisdictional

Answer(s): B

Explanation:

Contractual PII has specific requirements for the handling of sensitive and personal information, as defined at a contractual level. These specific requirements will typically document the required handling procedures and policies to deal with PII. They may be in specific security controls and configurations, required policies or procedures, or limitations on who may gain authorized access to data and systems.






Post your Comments and Discuss ISC CCSP exam with other Community members:

CCSP Exam Discussions & Posts