Home Cloud & Networking CCSP Official (ISC)2 Practice Tests

CCSP Official (ISC)2 Practice Tests

By Ben Malisow
books-svg-icon Book
What do you get with a Packt Subscription?
This book & 7000+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook + Subscription?
Download this book in EPUB and PDF formats, plus a monthly download credit
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook?
Download this book in EPUB and PDF formats
Access this title in our online reader
DRM FREE - Read whenever, wherever and however you want
Online reader with customised display settings for better reading experience
What do you get with video?
Download this video in MP4 format
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with video?
Stream this video
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with Audiobook?
Download a zip folder consisting of audio files (in MP3 Format) along with supplementary PDF
What do you get with Exam Trainer?
Flashcards, Mock exams, Exam Tips, Practice Questions
Access these resources with our interactive certification platform
Mobile compatible-Practice whenever, wherever, however you want
What do you get with a Packt Subscription?
This book & 7000+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook + Subscription?
Download this book in EPUB and PDF formats, plus a monthly download credit
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook?
Download this book in EPUB and PDF formats
Access this title in our online reader
DRM FREE - Read whenever, wherever and however you want
Online reader with customised display settings for better reading experience
What do you get with video?
Download this video in MP4 format
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with video?
Stream this video
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with Audiobook?
Download a zip folder consisting of audio files (in MP3 Format) along with supplementary PDF
What do you get with Exam Trainer?
Flashcards, Mock exams, Exam Tips, Practice Questions
Access these resources with our interactive certification platform
Mobile compatible-Practice whenever, wherever, however you want
About this book
The Certified Cloud Security Professional (CCSP) is a credential from (ISC)2 and the Cloud Security Alliance. (ISC) 2 is a global not-for-profit organization that maintains the Common Body of Knowledge for information security professionals. Candidates must have experience, subscribe to the (ISC) 2 Code of Ethics and recertify every three years. With over 1,000 practice questions, this book gives you the opportunity to test your level of understanding and gauge your readiness for the CCSP exam long before the big day. These questions cover 100% of the CCSP exam domains and include answers with full explanations to help you understand the reasoning and approach for each. Logical organization by domain enables you to practice only the areas you need to bring you up to par, without wasting precious time on topics you've already mastered. As the only official practice test product for the CCSP exam endorsed by (ISC)2, this essential resource is your best bet for gaining a thorough understanding of the topics. It illustrates the relative importance of each domain, helping you plan your remaining study time so you can go into the exam fully confident in your knowledge. When you're ready, two practice exams help you to simulate the exam day experience and apply your own test-taking strategies with domains given in proportion to the real thing.
Publication date:
February 2018
Publisher
Packt
Pages
384
ISBN
9781119449225

 

Introduction

There is no magic formula for passing the CCSP certification exam. You can, however, prepare yourself for the challenge. This book is all about preparation.

We’ve included 1,000 questions related to the CCSP material in this book, which also includes access to the online databank (the same questions, but in a point-and-click format). They were created in accordance with the (ISC)2 CCSP Common Body of Knowledge (CBK), the CCSP Training Guide, the CCSP Study Guide, and the CCSP Detailed Content Outline (DCO), which lists all the elements of practice that the candidate is expected to know for the certification.

 

How This Book Is Organized

The questions have been arranged in the order of the CBK, with varying amounts in proportion to (ISC)2 published matrix describing how the exam is constructed, as shown in Table I.1.

TABLE I.1 How the Exam Is Constructed

Domains Weight
1. Architectural Concepts and Design Requirements 19%
2. Cloud Data Security 20%
3. Cloud Platform and Infrastructure Security 19%
4. Cloud Application Security 15%
5. Operations 15%
6. Legal and Compliance 12%

There are six chapters, one for each of the CBK domains; each chapter contains a fraction of 750 practice questions, reflecting the percentage of questions from the respective domain on the exam (for example, Chapter 1 reflects Domain 1 of the CBK and has 143 questions). There are also two full-length practice exams, 125 questions each, at the end of the book (Chapters 7 and 8).

 

Who Should Read This Book

This book is intended for CCSP candidates. In order to earn the CCSP, you are expected to have professional experience in the field of information security/IT security, particularly experience related to cloud computing. The candidate will also need to provide evidence of their professional experience to (ISC)2 in the event of passing the exam.

The author has drawn on his own experience studying for and passing the exam as well as years of teaching the CISSP and CCSP preparation courses for (ISC)2. He also solicited feedback from colleagues and former students who have taken the prep course and the exam. The book should reflect the breadth and depth of question content you are likely to see on the exam. Some of the questions in this book are easier than what you will see on the exam; some of them may be harder. Hopefully, the book will prepare you for what you might encounter when you take the test.

The one thing we chose not to simulate in the book is the “interactive” questions; (ISC)2 has stated that the current tests may go beyond the regular multiple-choice format and could include “matching” questions (a list of multiple answers and multiple terms, where the candidate has to arrange them all in order), drag-and-drop questions (where the candidate uses the mouse to arrange items on the screen), and “hot spot” questions (where the candidate puts the mouse on areas of the screen to indicate an answer). There will probably not be many of these on the exam you take, but they are weighted more in your score than the multiple-choice questions, so pay attention and be extra careful answering those.

 

Tools You Will Need

In addition to this book, we recommend the CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide (O’Hara, Malisow), also from Wiley (2017). There is, as stated in the introduction, no magic formula for passing the exam. No single particular book/source with all the answers to the exam exists. If someone claims to be able to provide you with such a product, please realize that they are mistaken or, worse, misleading you.

However, you can augment your studying by reviewing a significant portion of the likely sources used by the professionals who created the test. The following is a just a sampling of the possible professional resources the cloud practitioner should be familiar with:

  • The Cloud Security Alliance’s Notorious Nine:
  • The OWASP’s Top 10:
  • The OWASP’s XSS (Cross-Site Scripting) Prevention Cheat Sheet:
  • The OWASP’s Testing Guide (v4):
  • NIST SP 500-292, NIST Cloud Computing Reference Architecture:
  • The CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing v3.0:
  • ENISA’s Cloud Computing Benefits, Risks, and Recommendations for Information Security:
  • The Uptime Institute’s Tier Standard: Topology and Tier Standard: Operational Sustainability (the linked page includes download options for the documents):
 

CCSP Certified Cloud Security Professional Objective Map

Domain 1: Architectural Concepts and Design Requirements

  1. Understand Cloud Computing Concepts
    • A.1. Cloud Computing Definitions
    • A.2. Cloud Computing Roles
    • A.3. Key Cloud Computing Characteristics
    • A.4. Building Block Technologies
  2. Describe Cloud Reference Architecture
    • B.1. Cloud Computing Activities
    • B.2. Cloud Service Capabilities
    • B.3. Cloud Service Categories
    • B.4. Cloud Deployment Models
    • B.5. Cloud Cross-Cutting Aspects
  3. Understand Security Concepts Relevant to Cloud Computing
    • C.1. Cryptography
    • C.2. Access Control
    • C.3. Data and Media Sanitization
    • C.4. Network Security
    • C.5. Virtualization Security
    • C.6. Common Threats
    • C.7. Security Considerations for Different Cloud Categories
  4. Understand Design Principles of Secure Cloud Computing
    • D.1. Cloud Secure Data Lifecycle
    • D.2. Cloud-Based Business Continuity/Disaster Recovery Planning
    • D.3. Cost/Benefit Analysis
    • D.4. Functional Security Requirements
  5. Identify Trusted Cloud Sources
    • E.1. Certification Against Criteria
    • E.2. System/Subsystem Product Certifications

Domain 2: Cloud Data Security

  1. Understand Cloud Data Lifecycle
    • A.1. Phases
    • A.2. Relevant Data Security Technologies
  2. Design and Implement Cloud Data Storage Architectures
    • B.1. Storage Types
    • B.2. Threats to Storage Types
    • B.3. Technologies Available to Address Threats
  3. Design and Apply Data Security Strategies
    • C.1. Encryption
    • C.2. Key Management
    • C.3. Masking
    • C.4. Tokenization
    • C.5. Application of Technologies
    • C.6. Emerging Technologies
  4. Understand and Implement Data Discovery and Classification Technologies
    • D.1. Data Discovery
    • D.2. Classification
  5. Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII)
    • E.1. Data Privacy Acts
    • E.2. Implementation of Data Discovery
    • E.3. Classification of Discovered Sensitive Data
    • E.4. Mapping and Definition of Controls
    • E.5. Application of Defined Controls for PII
  6. Design and Implement Data Rights Management
    • F.1. Data Rights Objectives
    • F.2. Appropriate Tools
  7. Plan and Implement Data Retention, Deletion, and Archiving Policies
    • G.1. Data Retention Policies
    • G.2. Data Deletion Procedures and Mechanisms
    • G.3. Data Archiving Procedures and Mechanisms
  8. Design and Implement Auditability, Traceability and Accountability of Data Events
    • H.1. Definition of Event Sources and Identity Attribution Requirement
    • H.2. Data Event Logging
    • H.3. Storage and Analysis of Data Events
    • H.4. Continuous Optimizations
    • H.5. Chain of Custody and Non-repudiation

Domain 3: Cloud Platform and Infrastructure Security

  1. Comprehend Cloud Infrastructure Components
    • A.1. Physical Environment
    • A.2. Network and Communications
    • A.3. Compute
    • A.4. Virtualization
    • A.5. Storage
    • A.6. Management Plan
  2. Analyze Risks Associated to Cloud Infrastructure
    • B.1. Risk Assessment/Analysis
    • B.2. Cloud Attack Vectors
    • B.3. Virtualization Risks
    • B.4. Counter-Measure Strategies
  3. Design and Plan Security Controls
    • C.1. Physical and Environmental Protection
    • C.2. System and Communication Protection
    • C.3. Virtualization Systems Protection
    • C.4. Management of Identification, Authentication and Authorization in Cloud Infrastructure
    • C.5. Audit Mechanisms
  4. Plan Disaster Recovery and Business Continuity Management
    • D.1. Understanding of the Cloud Environment
    • D.2. Understanding of the Business Requirements
    • D.3. Understanding the Risks
    • D.4. Disaster Recovery/Business Continuity Strategy
    • D.5. Creation of the Plan
    • D.6. Implementation of the Plan

Domain 4: Cloud Application Security

  1. Recognize the Need for Training and Awareness in Application Security
    • A.1. Cloud Development Basics
    • A.2. Common Pitfalls
    • A.3. Common Vulnerabilities
  2. Understand Cloud Software Assurance and Validation
    • B.1. Cloud-based Functional Testing
    • B.2. Cloud Secure Development Lifecycle
    • B.3. Security Testing
  3. Use Verified Secure Software
    • C.1. Approved API
    • C.2. Supply-Chain Management
    • C.3. Community Knowledge
  4. Comprehend the System Development Lifecycle (SDLC) Process
    • D.1. Phases & Methodologies
    • D.2. Business Requirements
    • D.3. Software Configuration Management & Versioning
  5. Apply the Secure Software Development Lifecycle
    • E.1. Common Vulnerabilities
    • E.2. Cloud-Specific Risks
    • E.3. Quality of Service
    • E.4. Threat Modeling
  6. Comprehend the Specifics of Cloud Application Architecture
    • F.1. Supplemental Security Devices
    • F.2. Cryptography
    • F.3. Sandboxing
    • F.4. Application Virtualization
  7. Design Appropriate Identity and Access Management (IAM) Solutions
    • G.1. Federated Identity
    • G.2. Identity Providers
    • G.3. Single Sign-On
    • G.4. Multi-factor Authentication

Domain 5: Operations

  1. Support the Planning Process for the Data Center Design
    • A.1. Logical Design
    • A.2. Physical Design
    • A.3. Environmental Design
  2. Implement and Build Physical Infrastructure for Cloud Environment
    • B.1. Secure Configuration of Hardware-Specific Requirements
    • B.2. Installation and Configuration of Virtualization Management Tools for the Host
  3. Run Physical Infrastructure for Cloud Environment
    • C.1. Configuration of Access Control for Local Access
    • C.2. Securing Network Configuration
    • C.3. OS Hardening via Application of Baseline
    • C.4. Availability of Stand-Alone Hosts
    • C.5. Availability of Clustered Hosts
  4. Manage Physical Infrastructure for Cloud Environment
    • D.1. Configuring Access Controls for Remote Access
    • D.2. OS Baseline Compliance Monitoring and Remediation
    • D.3. Patch Management
    • D.4. Performance Monitoring
    • D.5. Hardware Monitoring
    • D.6. Backup and Restore of Host Configuration
    • D.7. Implementation of Network Security Controls
    • D.8. Log Capture and Analysis
    • D.9. Management Plane
  5. Build Logical Infrastructure for Cloud Environment
    • E.1. Secure Configuration of Virtual Hardware-Specific Requirements
    • E.2. Installation of Guest O/S Virtualization Toolsets
  6. Run Logical Infrastructure for Cloud Environment
    • F.1. Secure Network Configuration
    • F.2. OS Hardening via Application of a Baseline
    • F.3. Availability of Guest OS
  7. Manage Logical Infrastructure for Cloud Environment
    • G.1. Access Control for Remote Access
    • G.2. OS Baseline Compliance Monitoring and Remediation
    • G.3. Patch Management
    • G.4. Performance Monitoring
    • G.5. Backup and Restore of Guest OS Configuration
    • G.6. Implementation of Network Security Controls
    • G.7. Log Capture and Analysis
    • G.8. Management Plane
  8. Ensure Compliance with Regulations and Controls
    • H.1. Change Management
    • H.2. Continuity Management
    • H.3. Information Security Management
    • H.4. Continual Service Improvement Management
    • H.5. Incident Management
    • H.6. Problem Management
    • H.7. Release Management
    • H.8. Deployment Management
    • H.9. Configuration Management
    • H.10. Service Level Management
    • H.11. Availability Management
    • H.12. Capacity Management
  9. Conduct Risk Assessment to Logical and Physical Infrastructure
  10. Understand the Collection, Acquisition and Preservation of Digital Evidence
    • J.1. Proper Methodologies for Forensic Collection of Data
    • J.2. Evidence Management
  11. Manage Communication with Relevant Parties
    • K.1. Vendors
    • K.2. Customers
    • K.3. Partners
    • K.4. Regulators
    • K.5. Other Stakeholders

Domain 6: Legal and Compliance

  1. Understand Legal Requirements and Unique Risks within the Cloud Environment
    • A.1. International Legislation Conflicts
    • A.2. Appraisal of Legal Risks Specific to Cloud Computing
    • A.3. Legal Controls
    • A.4. eDiscovery
    • A.5. Forensics Requirements
  2. Understand Privacy Issues, Including Jurisdictional Variation
    • B.1. Difference between Contractual and Regulated PII
    • B.2. Country-Specific Legislation Related to PII/Data Privacy
    • B.3. Difference Among Confidentiality, Integrity, Availability, and Privacy
  3. Understand Audit Process, Methodologies, and Required Adaptions for a Cloud Environment
    • C.1. Internal and External Audit Controls
    • C.2. Impact of Requirements Programs by the Use of Cloud
    • C.3. Assurance Challenges of Virtualization and Cloud
    • C.4. Types of Audit Reports
    • C.5. Restrictions of Audit Scope Statements
    • C.6. Gap Analysis
    • C.7. Audit Plan
    • C.8. Standards Requirements
    • C.9. Internal Information Security Management System
    • C.10. Internal Information Security Controls System
    • C.11. Policies
    • C.12. Identification and Involvement of Relevant Stakeholders
    • C.13. Specialized Compliance Requirements for Highly Regulated Industries
    • C.14. Impact of Distributed IT Model
  4. Understand Implications of Cloud to Enterprise Risk Management
    • D.1. Assess Providers Risk Management
    • D.2. Difference between Data Owner/Controller vs. Data Custodian/Processor
    • D.3. Provision of Regulatory Transparency Requirements
    • D.4. Risk Mitigation
    • D.5. Different Risk Frameworks
    • D.6. Metrics for Risk Management
    • D.7. Assessment of Risk Environment
  5. Understand Outsourcing and Cloud Contract Design
    • E.1. Business Requirements
    • E.2. Vendor Management
    • E.3. Contract Management
  6. Execute Vendor Management
    • F.1. Supply-chain Management
 

Online Test Bank

To practice in an online testing version of the same questions, go to www.wiley.com/go/sybextestprep and register your book to get access to the Sybex Test Platform. Online you can mix questions from the domain chapters and practice exams, take timed tests, and have your answers graded.

 

Summary

As you go through the questions in this book, please remember the abbreviation RTFQ, which is short for “read the full question.” There is no better advice you can possibly receive than this. Read every word of every question. Read every possible answer before selecting the one you like. The exam is 125 questions over four hours. You have more than enough time to consider each question thoroughly. There is no cause for hurry. Make sure you understand what the question is asking before responding.

Good luck on the exam. We’re hoping this book helps you pass.

About the Author
  • Ben Malisow

    Ben Malisow, CCSP, CISSP, SSCP, CISM, Security+, has worked with INFOSEC and education for more than 20 years. He has taught computer classes to students from grade 6 through university level and crafted and delivered the CISSP prep course (among others) for Carnegie-Mellon University's CERT/SEI. In addition, Malisow built and ran DARPA's internal INFOSEC training program, was the ISSM for the FBI's most-classified counterterror intelligence-sharing network and was a security architect for TSA. He also teaches exam prep courses for (ISC)2. You can find more of his writings at his blog: securityzed.com.

    Browse publications by this author
CCSP Official (ISC)2 Practice Tests
Unlock this book and the full library FREE for 7 days
Start now