CCSP 問題集について
CCSP 問題集は試験のために調整され、これにより、最も高い正解率で試験に合格することができます。CCSP 問題集と練習問題の違い：
問題練習の範囲を縮小し、最新のCCSP試験の問題と回答をより正確に練習問題にマッチさせています。
試験に合格する正解率を高め、CCSP 問題集には練習問題よりも部分の問題数、練習問題には現れていません。
印刷後に持ち運びが便利：CCSP 問題集は印刷およびオフラインで表示するためにPDF形式で指定のメールボックスに送信されます。
無料で一年に高品質な更新、試験に最新の質問と回答を得るためにITshikenに直接お問い合わせください。より直接的で効果的です。

問題集のソフトウェア版を購入したら、下記のサイトを購入してもいいです。（pdf版を購入したら、無料でソフトウェア版を贈る）
https://www.itexampass.jp/CCSP-Exam.html

Question No : 1
Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?
A.Injection
B.Missing function-level access control
C.Cross-site scripting
D.Cross-site request forgery

正解: D
Explanation:
A cross-site request forgery (CSRF) attack forces a client that a user has used to authenticate to an application to send forged requests under the user's own credentials to execute commands and requests that the application thinks are coming from a trusted client and user. Although this type of attack cannot be used to steal data directly because the attacker has no way of seeing the results of the commands, it does open other ways to compromise an application. Missing function-level access control exists where an application only checks for authorization during the initial login process and does not further validate with each function call. Cross-site scripting occurs when an attacker is able to send untrusted data to a user's browser without going through validation processes. An injection attack is where a malicious actor sends commands or other arbitrary data through input and data fields with the intent of having the application or system execute the code as part of its normal processing and queries.

Question No : 2
In the wake of many scandals with major corporations involving fraud and the deception of investors and regulators, which of the following laws was passed to govern accounting and financial records and disclosures?
A.GLBA
B.Safe Harbor
C.HIPAA
D.SOX

正解: D
Explanation:
The Sarbanes-Oxley Act (SOX) regulates the financial and accounting practices used by organizations in order to protect shareholders from improper practices and accounting errors.The Health Insurance Portability and Accountability Act (HIPAA) pertains to the protection of patient medical records and privacy. The Gramm-Leach-Bliley Act (GLBA) focuses on the use of PII within financial institutions. The Safe Harbor program was designed by the US government as a way for American companies to comply with European Union privacy laws.

Question No : 3
One of the main components of system audits is the ability to track changes over time and to match these changes with continued compliance and internal processes.
Which aspect of cloud computing makes this particular component more challenging than in a traditional data center?
A.Portability
B.Virtualization
C.Elasticity
D.Resource pooling

正解: B
Explanation:
Cloud services make exclusive use of virtualization, and systems change over time, including the addition, subtraction, and reimaging of virtual machines. It is extremely unlikely that the exact same virtual machines and images used in a previous audit would still be in use or even available for a later audit, making the tracking of changes over time extremely difficult, or even impossible. Elasticity refers to the ability to add and remove resources from a system or service to meet current demand, and although it plays a factor in making the tracking of virtual machines very difficult over time, it is not the best answer in this case. Resource pooling pertains to a cloud environment sharing a large amount of resources between different customers and services. Portability refers to the ability to move systems or services easily between different cloud providers.

Question No : 4
Your boss has tasked your team with getting your legacy systems and applications connected with new cloud-based services that management has decided are crucial to customer service and offerings.
Which role would you be assuming under this directive?
A.Cloud service administrator
B.Cloud service user
C.Cloud service integrator
D.Cloud service business manager

正解: C
Explanation:
The cloud service integrator role is responsible for connecting and integrating existing services and applications with cloud-based services. A cloud service administrator is responsible for testing, monitoring, and securing cloud services, as well as providing usage reporting and dealing with service problems. The cloud service user is someone who consumes cloud services. The cloud service business manager is responsible for overseeing the billing, auditing, and purchasing of cloud services.

Question No : 5
What concept does the "D" represent with the STRIDE threat model?
A.Data loss
B.Denial of service
C.Data breach
D.Distributed

正解: B
Explanation:
Any application can be a possible target of denial-of-service (DoS) attacks. From the application side, the developers should minimize how many operations are performed for non-authenticated users. This will keep the application running as quickly as possible and using the least amount of system resources to help minimize the impact of any such attacks.