You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. Your collective wants to create a single sign-on experience for all members of the collective, where assurance and trust in the various members are created by having each member review all the others' policies, governance, procedures, and controls before allowing them to participate. This is an example of what kind of arrangement?

Third-party certification federation

JavaScript Object Notation (JSON)

You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. If you create a federated identity management structure for all the participants in the collective using a third-party certification model, who would be the federated service provider(s) in that structure?

The various members of the collective

A cloud access security broker (CASB)

You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. You receive a Digital Millennium Copyright Act (DMCA) takedown notice from someone who claims that your collective is hosting music that does not belong to you. You are fairly certain the complaint is not applicable and that the material in question does not belong to anyone else. What should you do in order to comply with the law?

Take the material down, do an investigation, and then repost the material if the claim turns out to be unfounded.

Leave the material up, do an investigation, and post the results of the investigation alongside the material itself once the investigation is complete

Leave the material up until such time as the complainant delivers an enforceable governmental request, such as a warrant or subpoena.

You are the IT security subject matter expert for a hobbyist collective that researches and archives old music. You receive a Digital Millennium Copyright Act (DMCA) takedown notice from someone who claims that your collective is hosting music that does not belong to you. Upon investigation, you determine that the material in question is the sheet music for a concerto written in 1872. What should you do in order to comply with the law?

Nothing. The material is so old it is in the public domain, and you have as much right as anyone else to use it in any way you see fit.

Contact the current owners of the copyright in order to get proper permissions to host and exchange the data.

Apply for a new copyright based on the new usage of the material.

Offer to pay the complainant for the usage of the material.

Bob is designing a data center to support his organization, a financial services firm. Bob's data center will have to be approved by regulators using a framework under which law?

Gramm–Leach–Bliley Act (GLBA)

Health Industry Portability and Accountability Act (HIPPA)

Bob is designing a data center to support his organization, a financial services firm. Which of the following actions would best enhance Bob's efforts to create redundancy and resiliency in the data center?

Purchase uninterruptible power supplies (UPSs) from different vendors.

Ensure that all entrances are secured with biometric-based locks.

Include financial background checks in all personnel reviews for administrators.

Make sure all raised floors have at least 24 inches of clearance.

Bob is designing a data center to support his organization, a financial services firm. How long should the uninterruptible power supply (UPS) provide power to the systems in the data center?

Long enough to perform graceful shutdown of the data center systems

manager for a video game software development company. In order to test your products for security defects and performance issues, your firm decides to use a small team of game testers recruited from a public pool of interested gamers who apply for a chance to take part. Of the parties listed, who should most be excluded from the test?

Billing department representatives

You are the IT security manager for a video game software development company. In order to test your products for security defects and performance issues, your firm decides to use a small team of game testers recruited from a public pool of interested gamers who apply for a chance to take part. It is absolutely crucial to include as part of this process.

Signed nondisclosure agreements

You are the IT security manager for a video game software development company. Which of the following is most likely to be your primary concern on a daily basis?

Security flaws in your organization

Security flaws in your products

You are the IT security manager for a video game software development company. Your development team hired an external game development lab to work on part of the game engine. A few weeks before the initial release of your game, the company that owns the lab publishes a strikingly similar game, with many of the features and elements that appear in your work. Which of the following methods could be used to determine if your ownership rights were violated?

Physical surveillance of their property and personnel

Communications tapping of their offices

Your company is considering migrating its production environment to the cloud. In reviewing the proposed contract, you notice that it includes a clause that requires an additional fee, equal to six monthly payments (equal to half the term of the contract) for ending the contract at any point prior to the scheduled date. This is best described as an example of .

Infrastructure as a service (IaaS)

Storage controllers will typically be involved with each of the following storage protocols except .

Internet Small Computer Systems Interface (iSCSI)

What is the importance of adhering to vendor guidance in configuration settings?

Staying one step ahead of aggressors

Maintaining customer satisfaction

Which of the following is a true statement about the virtualization management toolset?

It must be on a distinct, isolated management network (virtual local area network [VLAN]).

It can be regarded as something public facing.

It connects physically to the specific storage area allocated to a given customer.

The responsibility for securely installing and updating it falls on the customer.

Domain Name System Security Extensions (DNSSEC) provides all of the following except .

Authenticated denial of existence

All of the following are activities that should be performed when capturing and maintaining an accurate, secure system baseline except .

Including only the default account credentials and nothing customized

Updating the OS baseline image according to a scheduled interval to include any necessary security patches and configuration modifications

Starting with a clean installation (hardware or virtual) of the desired OS

Halting or removing all unnecessary services

All of the following are activities that should be performed when capturing and maintaining an accurate, secure system baseline except .

Excluding the target system you intend to baseline from any scheduled updates or patching used in production systems

Removing all nonessential programs from the baseline image

Including the baseline image in the asset inventory and configuration management database

Configuring the host OS according to the baseline requirements

All of the following are activities that should be performed when capturing and maintaining an accurate, secure system baseline, except .

Imposing the baseline throughout the environment

Auditing the baseline to ensure that all configuration items have been included and applied correctly

Capturing an image of the baseline system for future reference, versioning, and rollback purposes

Documenting all baseline configuration elements and versioning data

CCSP Practice Test 1

Authored by Sylvia Anderson

Life Skills

Professional Development

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

125 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization's specific storage resources. What is the term for this kind of arrangement?

Public-key infrastructure (PKI)

Portability

Federation

Repudiation

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization's specific storage resources. You want to connect your organization to 13 other organizations. You consider using the cross-certification model but then decide against it. What is the most likely reason for declining that option?

It is impossible to trust more than two organizations.

If you work for the government, the maximum parties allowed to share data is five.

Trying to maintain currency in reviewing and approving the security governance and configurations of that many entities would create an overwhelming task

Data shared among that many entities loses its inherent value.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization's specific storage resources. In order to pass the user IDs and authenticating credentials of each user among the organizations, what protocol, language, or technique will you most likely utilize?

Representational State Transfer (REST)

Security Assertion Markup Language (SAML)

Simple Object Access Protocol (SOAP)

Hypertext Markup Language (HTML)

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization's specific storage resources. If you don't use cross-certification, what other model can you implement for this purpose?

Third-party identity broker

Cloud reseller

Intractable nuanced variance

Mandatory access control (MAC)

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization's specific storage resources.If you are in the United States, one of the standards you should adhere to is

National Institute of Standards and Technology (NIST) 800-53

Payment Card Industry (PCI)

ISO 27014

European Union Agency for Network and Information Security (ENISA)

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You work for a government research facility. Your organization often shares data with other government research organizations. You would like to create a single sign-on experience across the organizations, where users at each organization can sign in with the user ID/authentication issued by that organization, then access research data in all the other organizations. Instead of replicating the data stores of each organization at every other organization (which is one way of accomplishing this goal), you instead want every user to have access to each organization's specific storage resources. If you are in Canada, one of the standards you will have to adhere to is .

FIPS 140-2

PIPEDA

HIPAA

EFTA

MULTIPLE CHOICE QUESTION

1 min • 1 pt

You are the security policy lead for your organization, which is considering migrating from your on-premises, traditional IT environment into the cloud. You are reviewing the Cloud Security Alliance Cloud Controls Matrix (CSA CCM) as a tool for your organization. Which of the following benefits will the CSA CCM offer your organization?

Simplifying regulatory compliance

Collecting multiple data streams from your log files

Ensuring that the baseline configuration is applied to all systems

Enforcing contract terms between your organization and the cloud provider

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Life Skills

10 questions

How to Email your Teacher

Quiz

•

Professional Development

6 questions

3RD GRADE DECLARATION OF INDEPENDENCE EXIT TICKET

Quiz

•

Professional Development

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

22 questions

Multiplying Exponents with the Same Base

Quiz

•

9th Grade - Professio...

40 questions

Flags of the World

Quiz

•

KG - Professional Dev...