Ben Malisow - (ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests

Ben Malisow

Copyright © 2020 by John Wiley & Sons, Inc.

Published simultaneously in Canada

ISBN: 978-1-119-60349-8

ISBN: 978-1-119-60358-0 (ebk.)

ISBN: 978-1-119-60352-8 (ebk.)

Manufactured in the United States of America

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number:2019954632

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. (ISC) 2and CCSP are registered trademarks or certification marks of the International Information Systems Security Certification Consortium, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

For Robin, again, for another one

The author would like to thank the tawdry circus of characters who nursed this project to completion. First, Jim Minatel, who is unlike any other editor in this realm, in that he is actually helpful, kind, somewhat intelligent, and a pleasure to work with. Kelly Talbot is the real reason this book got done at all. His patience and professionalism are unmatched by any mortal being, and there is not enough praise that can be directed his way. Kelly— thank you. That’s all I can say. Katie Wisor is constantly charming and always seems happy, which is maddening and bizarre when most of the people involved in the publishing world are in no way like that whatsoever. She’s also incredibly capable and thorough in every way, and she was instrumental in making this book useful and correct. The technical reviewer, Jerry Rayome, fixed so many, many problems, improving amazingly on my feeble efforts, offering great suggestions, and nailing down pieces I’d completely missed. Finally, the author’s partner, Robin, who exhibited a virtuoso patience of her own, while constantly offering support, and the dog Jake, who didn’t live to see the end of the writing of the book but was a constant joy throughout the parts he was around for.

Ben Malisow,CISSP, CISM, CCSP, SSCP, Security+, has been involved in INFOSEC and education for more than 20 years. At Carnegie Mellon University, he crafted and delivered the CISSP prep course for CMU's CERT/SEU. Malisow was the ISSM for the FBI's most highly classified counterterror intelligence-sharing network, served as a U.S. Air Force officer, and taught grades 6–12 at a reform school in the Las Vegas public school ­district (probably his most dangerous employment to date). His latest work has included the CCSP (ISC) 2 Certified Cloud Security Professional Official Study Guide , Second Edition, also from Sybex/Wiley 2017, and How to Pass Your INFOSEC Certification Test: A Guide to Passing the CISSP, CISA, CISM, Network+, Security+, and CCSP , available from Amazon Direct 2017. In addition to other consulting and teaching, Ben is a certified instructor for (ISC) 2, delivering CISSP and CCSP courses. You can find more information about the CCSP and other INFOSEC-related topics at his blog, www.securityzed.com.

Jerry K. Rayome, BS/MS Computer Science, worked as a member of the Cyber Security Program at Lawrence Livermore National Laboratory for over 20 years providing ­cybersecurity services, including software development, penetrative testing, incident response, firewall implementation, firewall auditing, cyber forensic investigations, NIST 900-53 control implementation/assessment, cloud risk assessment, and cloud security auditing.

1 Cover

2 Acknowledgments Acknowledgments The author would like to thank the tawdry circus of characters who nursed this project to completion. First, Jim Minatel, who is unlike any other editor in this realm, in that he is actually helpful, kind, somewhat intelligent, and a pleasure to work with. Kelly Talbot is the real reason this book got done at all. His patience and professionalism are unmatched by any mortal being, and there is not enough praise that can be directed his way. Kelly— thank you. That’s all I can say. Katie Wisor is constantly charming and always seems happy, which is maddening and bizarre when most of the people involved in the publishing world are in no way like that whatsoever. She’s also incredibly capable and thorough in every way, and she was instrumental in making this book useful and correct. The technical reviewer, Jerry Rayome, fixed so many, many problems, improving amazingly on my feeble efforts, offering great suggestions, and nailing down pieces I’d completely missed. Finally, the author’s partner, Robin, who exhibited a virtuoso patience of her own, while constantly offering support, and the dog Jake, who didn’t live to see the end of the writing of the book but was a constant joy throughout the parts he was around for.