I just took a practice test and I don't understand some of the answers they say are correct. Can anyone explain them? Or are the questions broken?
17. Cloud computing is based on which approach to service delivery: the answer was "Virtualization or thin client technology." My answer "virtualization" was wrong. I wasn't aware the thin client technology was part of it. Not mentioned in anything I read (that I remember) or in the class.
32. Information Rights management (IRM) is generally associated with the following attributes: (notice it said "attributes.")
Right answer: Data rights management, the use of role-based access control, the installation of a local client agent, and the ability to integrate with the data loss prevention (DLP) solutions
My selected answer was: Role-based access control, the installation of a local client agent, and the ability to integrate with the data loss prevention (DLP) solutions
It had everything that the "right" answer had except "data rights management." Is drm an attribute or a technology? And besides, isn't IRM the same term as DRM?
65. A risk assessment is based on the following, in order:
The right answer is: Threat, vulnerability, probability, impact and risk determination.
My answer was: Vulnerability, threat, impact, probability and risk determination.
My class notes and the photo of the instructor's drawing clearly says:
Identify exposure factor (impact)
Identify Likelihood (probability)
Perform qualitative risk analysis
perform quantitative risk analysis. which means that my selected answer was correct. Thoughts?
135: Generally, there are two types of cooling, and the return air temperature is based on:
The right answer: Latent cooling (remove moisture) and sensible cooling (remove heat),and the temperature is measured at the inlet point.
Well that's just wrong. The air temperature is measured as it exits the room, not as it enters the room. My selected answer was: Latent cooling (remove moisture) and sensible cooling (remove heat),and the temperature is measured at the exhaust point.
Congratulations and welcome to the CCSP club!
I agree with what the others are saying in that these questions in the original post are badly written. For anyone else looking at CCSP practice tests, I'd highly recommend the CCSP Official (ISC)2 Practice Tests:
These were written by @Ben_Malisow who is an active member on here and responds to queries you might have about the book or specific questions in the book in this thread:
I'm afraid that's the trick to passing these tests, like all recall based testing. Personally I think it'd be far more valuable if the tests were applied to more typical real world scenarios, rather than being a case of selecting the best or least worst answers, but that'd require a lot of human judgement in assessing, so I can't see it happening. There are other InfoSec professional bodies you can join that do require written exams and face to face interview in which you are grilled about your experience.