Is the CCSP practice exam free?

Yes. ExamCademy offers all 479 CCSP practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the CCSP practice questions?

All CCSP questions are community-created and reviewed by moderators to align with ISC's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the CCSP exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official ISC documentation and hands-on experience for best results.

CCSP Practice Exam — Free 479+ Questions

479Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

Legal, Risk and Compliance

Question 2

Cloud Concepts, Architecture and Design

Question 3

Cloud Concepts, Architecture and Design

Question 4

Cloud Application Security

Question 5

Cloud Concepts, Architecture and Design

Question 6

Legal, Risk and Compliance

Question 7

Cloud Platform & Infrastructure Security

Question 8

Cloud Concepts, Architecture and Design

Question 9

Cloud Application Security

Question 10

Legal, Risk and Compliance

Question 11

Cloud Concepts, Architecture and Design

Question 12

Legal, Risk and Compliance

Question 13

Cloud Data Security

Question 14

Legal, Risk and Compliance

Question 15

Cloud Platform & Infrastructure Security

Question 16

Cloud Concepts, Architecture and Design

Question 17

Cloud Concepts, Architecture and Design

Question 18

Cloud Security Operations

Question 20

Legal, Risk and Compliance

Question 21

Cloud Concepts, Architecture and Design

Question 22

Cloud Platform & Infrastructure Security

Question 23

Legal, Risk and Compliance

Question 24

Cloud Platform & Infrastructure Security

Question 25

Cloud Application Security

Question 26

Legal, Risk and Compliance

Page 1 of 20 • Questions 1-25 of 479

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which of the following is not a component of contractual PII?

A Scope of processing
B Value of data
C Location of data
D Use of subcontractors

Many of the traditional concepts of systems and services for a traditional data center also apply to the cloud. Both are built around key computing concepts.
Which of the following compromise the two facets of computing?

A CPU and software
B CPU and storage
C CPU and memory
D Memory and networking

Which of the following would NOT be considered part of resource pooling with an Infrastructure as a Service implementation?

A Storage
B Application
C Mamory
D CPU

Which of the following threat types involves leveraging a user's browser to send untrusted data to be executed with legitimate access via the user's valid credentials?

A Injection
B Missing function-level access control
C Cross-site scripting
D Cross-site request forgery

Which of the following roles involves the provisioning and delivery of cloud services?

A Cloud service deployment manager
B Cloud service business manager
C Cloud service manager
D Cloud service operations manager

What are the U.S. Commerce Department controls on technology exports known as?

A ITAR
B DRM
C EAR
D EAL

A UPS should have enough power to last how long?

A One day
B 12 hours
C Long enough for graceful shutdown
D 10 minutes

Which of the following statements about Type 1 hypervisors is true?

A The hardware vendor and software vendor are different.
B The hardware vendor and software vendor are the same
C The hardware vendor provides an open platform for software vendors.
D The hardware vendor and software vendor should always be different for the sake of security.

The WS-Security standards are built around all of the following standards except which one?

A SAML
B WDSL
C XML
D SOAP

What are the U.S. State Department controls on technology exports known as?

A DRM
B ITAR
C EAR
D EAL

Which of the following concepts refers to a cloud customer paying only for the resources and offerings they use within a cloud environment, and only for the duration that they are consuming them?

A Consumable service
B Measured service
C Billable service
D Metered service

Which of the following roles involves overseeing billing, purchasing, and requesting audit reports for an organization within a cloud environment?

A Cloud service user
B Cloud service business manager
C Cloud service administrator
D Cloud service integrator

Which of the following approaches would NOT be considered sufficient to meet the requirements of secure data destruction within a cloud environment?

A Cryptographic erasure
B Zeroing
C Overwriting
D Deletion

Which of the following cloud aspects complicates eDiscovery?

A Resource pooling
B On-demand self-service
C Multitenancy
D Measured service

What does the management plane typically utilize to perform administrative functions on the hypervisors that it has access to?

A Scripts
B RDP
C APIs
D XML

Which aspect of cloud computing pertains to cloud customers only paying for the resources and services they actually use?

A Metered service
B Measured billing
C Metered billing
D Measured service

When using a PaaS solution, what is the capability provided to the customer?

A To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools that the provider supports. The provider does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
B To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools that the provider supports. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
C To deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools that the consumer supports. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
D To deploy onto the cloud infrastructure provider-created or acquired applications created using programming languages, libraries, services, and tools that the provider supports. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

Which of the following roles involves testing, monitoring, and securing cloud services for an organization?

A Cloud service integrator
B Cloud service business manager
C Cloud service user
D Cloud service administrator

Which of the following would make it more likely that a cloud provider would be unwilling to satisfy specific certification requirements?

A Resource pooling
B Virtualization
C Multitenancy
D Regulation

A crucial decision any company must make is in regard to where it hosts the data systems it depends on. A debate exists as to whether it's best to lease space in a data center or build your own data center--and now with cloud computing, whether to purchase resources within a cloud.
What is the biggest advantage to leasing space in a data center versus procuring cloud services?

A Regulations
B Control
C Security
D Costs

What is the biggest concern with hosting a key management system outside of the cloud environment?

A Confidentiality
B Portability
C Availability
D Integrity

When crafting plans and policies for data archiving, we should consider all of the following, except:

A The backup process
B Immediacy of the technology
C Archive location
D The format of the data

Which of the following is NOT a factor that is part of a firewall configuration?

A Encryption
B Port
C Protocol
D Source IP

Which of the following threat types involves the sending of invalid and manipulated requests through a user's client to execute commands on the application under their own credentials?

A Injection
B Cross-site request forgery
C Missing function-level access control
D Cross-site scripting

Which of the following is NOT a criterion for data within the scope of eDiscovery?

A Possession
B Custody
C Control
D Archive

CCSPPreview

About the CCSP Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26

CCSPPreview

About the CCSP Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26