(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests. Ben Malisow

Чтение книги онлайн.

СКАЧАТЬ screeningEnsuring the use of utility backup power suppliesRoving security guards

      62 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “sensitive data exposure.” All of the following are techniques for reducing the possibility of exposing sensitive data, except ____________.Destroying sensitive data as soon as possibleAvoiding categorizing data as sensitiveUsing proper key management when encrypting sensitive dataDisabling autocomplete on forms that collect sensitive data

      63 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list sometimes includes “missing function level access control.” Which of these is a technique to reduce the potential for a missing function-level access control?Set the default to deny all access to functions, and require authentication/authorization for each access request.HTML escape all HTML attributes.Restrict permissions based on an access control list (ACL).Refrain from including direct access information in URLs.

      64 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list sometimes includes “missing function level access control.” Which of these is a technique to reduce the potential for a missing function-level access control?Run a process as both user and privileged user, compare results, and determine similarity.Run automated monitoring and audit scripts.Include browser buttons/navigation elements to secure functions.Enhance user training to include management personnel.

      65 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “cross-site request forgery” (CSRF). Which of these is a technique to reduce the potential for a CSRF?Train users to detect forged HTTP requests.Have users remove all browsers from their devices.Don’t allow links to or from other websites.Include a CAPTCHA code as part of the user resource request process.

      66 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “cross-site request forgery” (CSRF). A CSRF attack might be used for all the following malicious actions except _______________.The attacker could have the user log into one of the user’s online accounts.The attacker could collect the user’s online account login credentials, to be used by the attacker later.The attacker could have the user perform an action in one of the user’s online accounts.The attacker could trick the user into calling a fraudulent customer service number hosted by the attacker and talk the user into disclosing personal information.

      67 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “cross-site request forgery” (CSRF). Which of the following is a good way to deter CSRF attacks?Have your website refuse all HTTP resource requests.Ensure that all HTTP resource requests include a unique, unpredictable token.Don’t allow e-commerce on your website.Process all user requests with only one brand of browser, and refuse all resource requests from other browsers.

      68 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “using components with known vulnerabilities.” Which of the following is a good way to protect against this problem?Use only components your organization has written.Update to current versions of component libraries as soon as possible.Never use anyone else’s component library.Apply patches to old component libraries.

      69 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “using components with known vulnerabilities.” Why would an organization ever use components with known vulnerabilities to create software?The organization is insured.The particular vulnerabilities exist only in a context not being used by developers.Some vulnerabilities exist only in foreign countries.A component might have a hidden vulnerability.

      70 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “using components with known vulnerabilities.” Which of the following is a good way to protect against this problem?Use only standard libraries.Review all updates/lists/notifications for components your organization uses.Be sure to HTML escape all attribute elements.Increase the user training budget.

      71 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list sometimes includes “unvalidated redirects and forwards.” Which of the following is a good way to protect against this problem?HTML escape all HTML attributes.Train users to recognize invalidated links.Block all inbound resource requests.Implement audit logging.

      72 The Open Web Application Security Project (OWASP) Top Ten is a list of web application security threats that is created by a member-driven OWASP committee of application development experts and published approximately every 24 months. The OWASP Top Ten list often includes “unvalidated redirects and forwards.” Which of the following is a good way to protect against this problem?Don’t use redirects/forwards in your applications.Refrain from storing credentials long term.Implement security incident/event monitoring (security information and event management [SIEM]/security information management [SIM]/security event management [SEM]) solutions.Implement digital rights management (DRM) solutions.

      73 You are the security subject matter expert (SME) for an organization considering a transition from a traditional IT enterprise environment into a hosted cloud provider’s data center. One of the challenges you’re facing is whether your current applications in the on-premises environment will function properly with the provider’s hosted systems and tools. This is a(n) _______________ issue.InteroperabilityPortabilityStabilitySecurity

      74 You are the security subject matter expert (SME) for an organization considering a transition from a traditional IT enterprise environment into a hosted cloud provider’s data center. One of the challenges you’re facing is whether the provider will have undue control over your data once it is within the provider’s data center; will the provider be able to hold your organization hostage because they have your data? This is a(n) _______________ issue.InteroperabilityPortabilityStabilitySecurity

      75 You are the security subject matter expert (SME) for an organization considering a transition from a traditional IT enterprise environment into a hosted cloud provider’s data center. One of the challenges you’re facing is whether the cloud provider will be able to comply with the existing legislative and contractual frameworks your organization is required to follow. This is a _______________ issue.ResiliencyPrivacyPerformanceRegulatory

      76 You are the security subject matter expert (SME) for an organization considering a transition from a traditional IT enterprise environment into a hosted cloud provider’s data center. One of the challenges you’re facing is whether the cloud provider will be able to allow your organization СКАЧАТЬ