Which aspect of archiving must be tested regularly for the duration of retention requirements?
Answer(s): B
In order for any archiving system to be deemed useful and compliant, regular tests must be performed to ensure the data can still be recovered and accessible, should it ever be needed, for the duration of the retention requirements.
Which of the following represents a minimum guaranteed resource within a cloud environment for the cloud customer?
Answer(s): A
A reservation is a minimum resource that is guaranteed to a customer within a cloud environment. Within a cloud, a reservation can pertain to the two main aspects of computing: memory and processor. With a reservation in place, the cloud provider guarantees that a cloud customer will always have at minimum the necessary resources available to power on and operate any of their services.
When is a virtual machine susceptible to attacks while a physical server in the same state would not be?
Answer(s): D
A virtual machine is ultimately an image file residing a file system. Because of this, even when a virtual machine is "powered off," it is still susceptible to attacks and modification. A physical server that is powered off would not be susceptible to attacks.
Which of the following threat types involves an application developer leaving references to internal information and configurations in code that is exposed to the client?
Answer(s): C
An insecure direct object reference occurs when a developer has in their code a reference to something on the application side, such as a database key, the directory structure of the application, configuration information about the hosting system, or any other information that pertains to the workings of the application that should not be exposed to users or the network. Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, allowing spoofing for malware of phishing attacks. Sensitive data exposure occurs when an application does not use sufficient encryption and other security controls to protect sensitive application data. Security misconfigurations occur when applications and systems are not properly configured or maintained in a secure manner.
Post your Comments and Discuss ISC CCSP exam with other Community members:
Eric Commented on April 15, 2025 Most of these questions are in the exam. Over all gives you a good idea of what comes in the exam. Exam is hard so good luck guys. UNITED STATES
Mohammad Commented on March 04, 2025 helpful, but i think it should be updated Anonymous
Manoj Commented on March 01, 2025 helpful but some of the answers are debatable. not sure what to accept for exam passing. UNITED STATES
Bini Commented on January 21, 2025 I would like to see more questions related to CCSP Anonymous
SSSR Commented on December 11, 2024 Great stuff and nicely formatted content. PDF is version is what I highly recommend as it has double the amount of questions. UNITED KINGDOM
MP Commented on December 05, 2024 Still Preparing Hopefully these are helpful UNITED STATES
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the CCSP content, but please register or login to continue.