Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security practice sets

CV0-004 Security • Complete Question Bank

CV0-004 Security — All Questions With Answers

Complete CV0-004 Security question bank — all 0 questions with answers and detailed explanations.

110
Questions
Free
No signup
Certifications/CV0-004/Practice Test/Security/All Questions
Question 1easymultiple choice
Read the full Security explanation →

A cloud engineer is configuring a web application on AWS and needs to ensure that only HTTP and HTTPS traffic from the internet is allowed to reach the EC2 instances. Which AWS service should be used to control inbound traffic at the instance level?

Question 2mediummultiple choice
Read the full Security explanation →

A company is migrating to a public cloud and wants to understand security responsibilities. According to the shared responsibility model, which of the following is the customer responsible for in an IaaS deployment?

Question 3hardmultiple choice
Read the full Security explanation →

A security administrator needs to enforce least privilege for a Kubernetes cluster in a cloud environment. Which approach should be used to restrict permissions for pods that need to access the cloud provider's API?

Question 4easymultiple choice
Read the full Security explanation →

An organization is moving sensitive data to the cloud and must ensure it is encrypted while stored on disk. Which type of encryption should be implemented?

Question 5mediummultiple choice
Read the full Security explanation →

A cloud administrator needs to provide external partners with access to a cloud application using their existing corporate credentials. Which federation protocol should be used?

Question 6mediummultiple choice
Read the full Security explanation →

A company is using a SaaS application and wants to gain visibility into user activity and enforce data loss prevention policies. Which technology should be deployed?

Question 7hardmultiple choice
Read the full Security explanation →

During a security audit, a cloud engineer discovers that a container image used in production has a known critical vulnerability in a base layer. Which practice should be implemented to prevent this in the future?

Question 8mediummultiple choice
Read the full Security explanation →

An organization needs to store database credentials and API keys securely in the cloud, with automatic rotation every 90 days. Which service should be used?

Question 9easymultiple choice
Read the full Security explanation →

A cloud architect is designing a network to protect a web application from common attacks such as SQL injection and cross-site scripting. Which cloud service should be used?

Question 10mediummultiple choice
Read the full Security explanation →

A company requires multi-factor authentication (MFA) for all users accessing the cloud management console. Which IAM policy element should be used to enforce this?

Question 11hardmultiple choice
Read the full Security explanation →

A cloud security team is reviewing audit logs and notices that a service account has been used to launch several high-risk API calls that are not part of its normal behavior. Which security control should be implemented to detect such anomalies in real time?

Question 12mediummultiple choice
Read the full Security explanation →

An organization is subject to PCI DSS compliance and must demonstrate that it is meeting security requirements. Which cloud service can aggregate compliance findings and provide a dashboard?

Question 13mediummulti select
Study the full ACL explanation →

A cloud administrator is configuring network security for a multi-tier application. Which TWO statements about security groups and network ACLs are correct?

Question 14hardmulti select
Read the full Security explanation →

A cloud security team is implementing encryption for data at rest using customer-managed keys in a cloud KMS. Which THREE practices should be followed?

Question 15easymulti select
Read the full Security explanation →

A company is adopting a shared responsibility model for a PaaS cloud deployment. Which THREE responsibilities belong to the customer?

Question 16easymultiple choice
Read the full Security explanation →

A cloud customer is deploying a virtual machine (VM) in a public IaaS environment. According to the shared responsibility model, which of the following security tasks is the customer responsible for?

Question 17mediummultiple choice
Read the full Security explanation →

A cloud administrator needs to ensure that a set of AWS EC2 instances can only be accessed via SSH from the corporate office IP range 203.0.113.0/24. Which configuration should the administrator implement?

Question 18hardmultiple choice
Read the full Security explanation →

A company is migrating a legacy application to a Kubernetes cluster in the cloud. The application requires a database password to be accessible at runtime. Which approach aligns with cloud security best practices for secrets management?

Question 19mediummultiple choice
Read the full Security explanation →

A security auditor is reviewing the IAM configuration for a cloud account. The auditor finds that a user has permissions to create and delete resources in all services. Which principle of security is being violated?

Question 20mediummultiple choice
Read the full Security explanation →

An organization is subject to PCI DSS compliance and must ensure that all data transmitted between its cloud application and users is encrypted. Which encryption method should be enforced?

Question 21mediummultiple choice
Read the full Security explanation →

A company uses AWS and wants to centralize security monitoring across multiple accounts. Which service should they use to aggregate security findings and check compliance against standards like CIS AWS Foundations?

Question 22easymultiple choice
Read the full Security explanation →

A cloud administrator needs to protect a web application from common attacks such as SQL injection and cross-site scripting (XSS). Which cloud service should be implemented?

Question 23hardmultiple choice
Read the full Security explanation →

A company's cloud environment uses Azure Active Directory for identity management. They want to allow employees to sign in using their existing on-premises Active Directory credentials without synchronizing passwords to the cloud. Which federation protocol should they use?

Question 24mediummultiple choice
Read the full Security explanation →

A security team discovers that a container image used in production contains a known vulnerability in one of its base image layers. Which action should be taken to remediate this issue?

Question 25mediummultiple choice
Read the full Security explanation →

A cloud architect is designing a multi-tier application. The application tier needs to access a database, but the database should not be reachable from the internet. Which network security control should be used?

Question 26easymultiple choice
Read the full Security explanation →

A cloud customer needs to ensure that data stored in an S3 bucket is encrypted at rest. The customer wants to manage the encryption keys themselves. Which encryption option should they choose?

Question 27hardmultiple choice
Read the full Security explanation →

A company uses Google Cloud Platform (GCP) and wants to enforce that all service accounts used by applications have only the permissions necessary to perform their tasks. Which IAM concept should the administrator apply?

Question 28mediummulti select
Read the full Security explanation →

A security engineer is implementing DDoS protection for a public-facing web application hosted in AWS. Which TWO services should be used together to provide comprehensive DDoS mitigation? (Choose two.)

Question 29mediummulti select
Read the full Security explanation →

A cloud administrator is configuring an Azure environment for a healthcare application that must comply with HIPAA. Which TWO configurations are required to meet HIPAA security and privacy rules? (Choose two.)

Question 30hardmulti select
Read the full Security explanation →

A company is deploying a cloud-native application that uses containers orchestrated by Kubernetes. The security team wants to enforce the principle of least privilege at the Kubernetes level. Which THREE measures should be implemented? (Choose three.)

Question 31easymultiple choice
Read the full Security explanation →

According to the shared responsibility model, which of the following is the cloud provider responsible for?

Question 32mediummultiple choice
Read the full Security explanation →

A company has a requirement to enforce least privilege for its cloud resources. The cloud engineer is configuring IAM policies. Which of the following best describes least privilege?

Question 33hardmultiple choice
Read the full Security explanation →

An organization uses AWS and wants to control inbound traffic to its EC2 instances. They need a solution that automatically allows response traffic for any permitted inbound request. Which of the following should they use?

Question 34mediummultiple choice
Read the full Security explanation →

A cloud administrator is configuring encryption for data at rest in a cloud storage service. The administrator wants to use a key that is generated and managed by the cloud provider but stored in the customer's account. Which key management option is being described?

Question 35easymultiple choice
Read the full Security explanation →

Which of the following compliance frameworks is specifically designed for handling healthcare information in the United States?

Question 36mediummultiple choice
Read the full Security explanation →

A DevOps team is deploying containerized applications on Kubernetes. They want to ensure containers do not run with root privileges and that host filesystem access is restricted. Which Kubernetes feature should they use?

Question 37mediummultiple choice
Read the full Security explanation →

An organization uses multiple SaaS applications and wants to enforce data loss prevention policies and gain visibility into user activity. Which technology should they implement?

Question 38hardmultiple choice
Read the full Security explanation →

A cloud security team is implementing a secrets management solution for applications running on AWS. They need to automatically rotate database credentials every 30 days and avoid hardcoding secrets. Which service should they use?

Question 39easymultiple choice
Read the full Security explanation →

Which of the following is a benefit of using a Web Application Firewall (WAF)?

Question 40mediummultiple choice
Read the full Security explanation →

A cloud administrator needs to audit all API calls made in a GCP project for compliance purposes. Which service should be enabled to log these actions?

Question 41hardmultiple choice
Read the full Security explanation →

A company uses Azure AD for identity federation with an on-premises Active Directory. They want to enable single sign-on (SSO) for cloud applications using an open standard. Which protocol should they use?

Question 42mediummultiple choice
Read the full Security explanation →

A cloud security analyst is reviewing a compliance report and sees that the organization needs to ensure encryption keys are rotated periodically. Which of the following would best satisfy this requirement?

Question 43mediummulti select
Read the full Security explanation →

A cloud architect is designing a container security strategy. Which TWO of the following should be implemented to secure containers? (Choose two.)

Question 44hardmulti select
Read the full Security explanation →

A company is migrating to AWS and needs to meet PCI DSS compliance. Which THREE of the following should be implemented? (Choose three.)

Question 45mediummulti select
Read the full Security explanation →

A cloud engineer is tasked with securing network traffic in a VPC. Which TWO of the following are stateful security mechanisms? (Choose two.)

Question 46easymultiple choice
Read the full Security explanation →

A cloud architect is designing a multi-tenant SaaS application on AWS. Which of the following security responsibilities is the CUSTOMER responsible for under the shared responsibility model?

Question 47mediummultiple choice
Read the full Security explanation →

A security engineer is reviewing IAM policies and notices a policy that allows all actions on all resources for a user. Which principle of security is being violated?

Question 48hardmultiple choice
Read the full Security explanation →

A company has deployed a containerized application on a Kubernetes cluster. The security team wants to ensure that containers cannot run as the root user and that the container's root filesystem is read-only. Which Kubernetes security mechanism should be used?

Question 49mediummultiple choice
Read the full Security explanation →

An organization uses Azure and wants to ensure that only authenticated users from its on-premises Active Directory can access cloud resources. The company has Azure AD Connect set up and wants to enable single sign-on (SSO) for cloud applications. Which federation standard should be used?

Question 50mediummultiple choice
Read the full Security explanation →

A cloud administrator notices that a security group rule allowing SSH (port 22) from any IP address (0.0.0.0/0) was created for a Linux server. The server is used for administrative purposes only. Which security best practice should be applied to reduce the attack surface?

Question 51easymultiple choice
Read the full Security explanation →

A cloud engineer is configuring encryption for data stored in an S3 bucket. The company requires that encryption keys be managed by the organization, not the cloud provider. Which encryption option should be used?

Question 52mediummultiple choice
Read the full Security explanation →

A company uses a SaaS application for customer relationship management (CRM). The security team wants to monitor user activities and enforce data loss prevention (DLP) policies. Which type of security tool should be deployed?

Question 53hardmultiple choice
Read the full Security explanation →

A security administrator is configuring a Web Application Firewall (WAF) to protect a public-facing web application. The application experiences a high volume of traffic from certain geographic regions that are not serving customers. Which WAF feature should be used to block this traffic?

Question 54mediummultiple choice
Read the full Security explanation →

A company is migrating a financial application to the cloud and must comply with PCI DSS. Which of the following cloud compliance programs is most relevant to demonstrate compliance?

Question 55mediummultiple choice
Read the full Security explanation →

A cloud engineer is deploying a new application and needs to securely store database credentials. The credentials must be automatically rotated every 90 days. Which service should be used?

Question 56easymultiple choice
Read the full Security explanation →

An organization wants to audit all API calls made in their AWS account. Which AWS service should be enabled to capture these logs?

Question 57mediummultiple choice
Read the full Security explanation →

A security analyst is reviewing logs and finds that an unauthorized user accessed a storage blob in Azure. The analyst needs to determine which permissions allowed the access. Which Azure feature provides a detailed view of effective permissions for a user?

Question 58hardmultiple choice
Read the full Security explanation →

A company uses Google Cloud Platform and wants to enforce that all Compute Engine instances use a specific Customer-Managed Encryption Key (CMEK) for disk encryption. Which GCP service should be used to enforce this policy?

Question 59mediummulti select
Read the full Security explanation →

A cloud architect is designing network security for a VPC. The architect needs to implement both stateful and stateless firewalls. Which TWO of the following correctly describe these firewall types?

Question 60hardmulti select
Read the full Security explanation →

A company is implementing a secrets management solution. The security team wants to ensure that secrets are protected and rotated regularly. Which THREE of the following are best practices for secrets management?

Question 61easymultiple choice
Read the full Security explanation →

Which of the following is the cloud provider's responsibility under the shared responsibility model?

Question 62mediummultiple choice
Read the full Security explanation →

A security administrator is configuring a web application firewall (WAF) to protect against SQL injection attacks. Which WAF feature should be enabled?

Question 63hardmultiple choice
Read the full Security explanation →

A company uses AWS and needs to enforce that all S3 buckets are encrypted at rest with customer-managed keys stored in AWS KMS. Which IAM policy condition would ensure this?

Question 64mediummultiple choice
Read the full Security explanation →

An organization wants to ensure that only authenticated users from their corporate Active Directory can access cloud resources. Which federation protocol is most commonly used for this purpose?

Question 65mediummultiple choice
Read the full Security explanation →

A cloud architect is designing a security group for a web server in AWS. The server must receive HTTPS traffic from the internet. What is the most secure inbound rule?

Question 66easymultiple choice
Read the full Security explanation →

Which of the following is a stateless network access control that requires explicit allow rules for both inbound and outbound traffic?

Question 67hardmultiple choice
Read the full Security explanation →

A DevOps team deploys a containerized application to a Kubernetes cluster. They need to ensure that containers cannot run with privileged access. Which Kubernetes security mechanism should be applied?

Question 68mediummultiple choice
Read the full Security explanation →

A company needs to meet PCI DSS compliance requirements for storing credit card data in the cloud. Which compliance certification should they verify their cloud provider has?

Question 69easymultiple choice
Read the full Security explanation →

Which of the following is a best practice for managing secrets in cloud applications?

Question 70mediummultiple choice
Read the full Security explanation →

A cloud administrator notices that an AWS IAM user has more permissions than necessary. Which principle should be applied to correct this?

Question 71hardmultiple choice
Read the full Security explanation →

A company uses Azure and wants to centrally audit all management operations across subscriptions. Which service should be used to collect and analyze these logs?

Question 72mediummultiple choice
Read the full Security explanation →

A security team needs to enforce multi-factor authentication (MFA) for all users accessing the cloud management console. Which IAM feature should be configured?

Question 73mediummulti select
Read the full Security explanation →

A cloud security engineer is hardening a Kubernetes cluster. Which TWO measures should be implemented to improve container security? (Choose two.)

Question 74hardmulti select
Read the full Security explanation →

A company is migrating to GCP and needs to ensure data encryption in transit for all external communications. Which THREE measures should be implemented? (Choose three.)

Question 75mediummulti select
Read the full Security explanation →

A cloud administrator is configuring a CASB (Cloud Access Security Broker) for SaaS applications. Which TWO capabilities should the administrator expect from the CASB? (Choose two.)

Question 76easymultiple choice
Read the full Security explanation →

In the shared responsibility model, which of the following is the cloud customer responsible for?

Question 77mediummultiple choice
Read the full Security explanation →

A security engineer is configuring an AWS IAM policy for a new application. The policy must allow the application to read objects from a specific S3 bucket. Which IAM policy element determines whether the action is allowed or denied?

Question 78mediummultiple choice
Read the full Security explanation →

A cloud administrator is designing network security for a three-tier application. The web tier must be accessible from the internet, but the application and database tiers should only be reachable from the web tier. Which security group configuration should be used?

Question 79hardmultiple choice
Read the full Security explanation →

A company running a critical web application on AWS wants to protect against SQL injection and cross-site scripting attacks. The application is behind an Application Load Balancer. Which service should be deployed to provide this protection?

Question 80easymultiple choice
Read the full Security explanation →

Which encryption standard is most commonly used for data at rest in cloud storage services?

Question 81mediummultiple choice
Read the full Security explanation →

A cloud architect needs to ensure that all data transmitted between an on-premises data center and a cloud VPC is encrypted. Which solution should be implemented?

Question 82mediummultiple choice
Read the full Security explanation →

An organization's compliance policy requires that all access to cloud resources be logged and that logs be immutable. Which service should be used to meet these requirements?

Question 83hardmultiple choice
Read the full Security explanation →

A company uses Azure and wants to enforce multi-factor authentication (MFA) for all administrative users. The solution must be centrally managed and apply to all Azure subscriptions. Which approach should be used?

Question 84easymultiple choice
Read the full Security explanation →

Which of the following is a key benefit of using a Cloud Access Security Broker (CASB)?

Question 85mediummultiple choice
Read the full Security explanation →

A cloud engineer is deploying a containerized application on Kubernetes. The security team requires that containers run with reduced privileges and that certain capabilities are dropped. Which Kubernetes feature should be used to enforce these requirements?

Question 86mediummultiple choice
Read the full Security explanation →

An organization uses multiple cloud providers and wants to centralize secrets management. Which solution would best meet this requirement?

Question 87hardmultiple choice
Read the full Security explanation →

During a security audit, it is discovered that a cloud storage bucket contains sensitive data that should have been encrypted at rest. The bucket was created with default settings. Which step must be taken to encrypt the data that is already stored?

Question 88mediummulti select
Read the full Security explanation →

A cloud security team is implementing the principle of least privilege for IAM roles. Which TWO actions are consistent with this principle?

Question 89hardmulti select
Read the full Security explanation →

A company is deploying a web application on GCP and needs to protect against OWASP Top 10 threats and DDoS attacks. Which THREE services should be combined to provide comprehensive protection?

Question 90mediummulti select
Study the full ACL explanation →

A cloud administrator is configuring network ACLs (NACLs) for a VPC subnet. The subnet hosts a web server that must accept HTTP (port 80) and HTTPS (port 443) from the internet, and the server needs to respond to clients. Which TWO rules are required?

Question 91mediummultiple choice
Read the full Security explanation →

A company is migrating its on-premises applications to a public cloud. The security team wants to ensure that the cloud provider is responsible for physical security of data centers, while the company remains responsible for securing guest operating systems. Which concept does this describe?

Question 92easymultiple choice
Read the full Security explanation →

A cloud administrator needs to grant a developer read-only access to a specific storage bucket in AWS. Which IAM component should the administrator modify?

Question 93hardmultiple choice
Read the full Security explanation →

A company uses Azure RBAC to manage access to resources. A user is assigned a Contributor role at the subscription scope. Which of the following is true regarding the scope of this role?

Question 94mediummultiple choice
Read the full Security explanation →

A security engineer is configuring a network security group (NSG) in Azure to allow inbound HTTPS traffic to a web server. The engineer creates an inbound rule allowing TCP port 443 from the Internet. What must be done to ensure the web server can respond to clients?

Question 95hardmultiple choice
Read the full Security explanation →

A cloud architect is designing a DDoS protection strategy for a web application hosted on AWS. The application uses an Application Load Balancer (ALB). Which service provides automatic, always-on DDoS protection at no additional cost?

Question 96mediummultiple choice
Read the full Security explanation →

A company stores sensitive customer data in an S3 bucket and must encrypt the data at rest using a key managed by the company (not AWS). Which encryption option should the company use?

Question 97easymultiple choice
Read the full Security explanation →

Which of the following is a benefit of using a Cloud Access Security Broker (CASB) for SaaS applications?

Question 98mediummultiple choice
Read the full Security explanation →

A company's compliance team must provide evidence that their cloud environment meets PCI DSS requirements. Which AWS service can aggregate security findings and automate compliance checks?

Question 99hardmultiple choice
Read the full Security explanation →

A DevOps team deploys a containerized application on Amazon EKS. The security team wants to ensure that containers do not run as root and that read-only root filesystems are enforced. Which Kubernetes mechanism should be used?

Question 100easymultiple choice
Read the full Security explanation →

A security administrator needs to store database credentials and API keys securely in AWS. The credentials must be automatically rotated every 90 days. Which service should the administrator use?

Question 101mediummulti select
Read the full Security explanation →

A cloud administrator is implementing network security for a VPC. The administrator needs to create a stateless firewall that filters traffic based on source and destination IP, port, and protocol. Which TWO of the following are characteristics of this type of firewall? (Select TWO.)

Question 102mediummulti select
Read the full Security explanation →

A company is implementing multi-factor authentication (MFA) for cloud console access. Which TWO of the following are valid MFA methods? (Select TWO.)

Question 103hardmulti select
Read the full Security explanation →

A security engineer is designing a data classification policy for a cloud environment. The policy must identify sensitive data, apply appropriate controls, and monitor access. Which THREE of the following should be included in the policy? (Select THREE.)

Question 104mediummulti select
Read the full Security explanation →

A cloud architect is designing a secrets management solution for a microservices application. The solution must avoid hardcoding secrets in code and support automatic rotation. Which THREE of the following are best practices? (Select THREE.)

Question 105hardmulti select
Read the full Security explanation →

A company is deploying a web application in a cloud environment and needs to protect against SQL injection and cross-site scripting (XSS) attacks. Additionally, the company wants to block traffic from specific geographic regions. Which TWO services should be used? (Select TWO.)

Question 106mediummultiple choice
Read the full Security explanation →

A cloud engineer is configuring a web application that must comply with PCI DSS. The application runs on virtual machines in a public cloud. Which of the following security responsibilities falls under the customer's scope according to the shared responsibility model?

Question 107hardmultiple choice
Read the full Security explanation →

A security administrator is deploying a web application firewall (WAF) to protect a public-facing web application. The application experiences a high volume of traffic from a specific geographic region that is not part of the target customer base. Which WAF feature would best reduce the attack surface without impacting legitimate users?

Question 108easymulti select
Read the full Security explanation →

A cloud architect is designing identity and access management (IAM) for a multi-cloud environment. The architect wants to enforce least privilege and support federation with an on-premises Active Directory. Which TWO of the following should be implemented? (Select TWO).

Question 109mediummulti select
Read the full Security explanation →

A security team is implementing encryption for a cloud-based database. The compliance requirements mandate that encryption keys be managed by the customer and rotated every 90 days. Which THREE of the following should the team use? (Select THREE).

Question 110hardmulti select
Read the full Security explanation →

A cloud security analyst is investigating a potential container security incident. The analyst notices that a container is sending outbound traffic to a known malicious IP address. The container was deployed from an image that passed a vulnerability scan. Which TWO of the following should the analyst implement to detect and prevent such behavior in the future? (Select TWO).

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CV0-004 Practice Test 1 — 25 Questions→CV0-004 Practice Test 2 — 25 Questions→CV0-004 Practice Test 3 — 25 Questions→CV0-004 Practice Test 4 — 25 Questions→CV0-004 Practice Test 5 — 25 Questions→CV0-004 Practice Exam 1 — 20 Questions→CV0-004 Practice Exam 2 — 20 Questions→CV0-004 Practice Exam 3 — 20 Questions→CV0-004 Practice Exam 4 — 20 Questions→Free CV0-004 Practice Test 1 — 30 Questions→Free CV0-004 Practice Test 2 — 30 Questions→Free CV0-004 Practice Test 3 — 30 Questions→CV0-004 Practice Questions 1 — 50 Questions→CV0-004 Practice Questions 2 — 50 Questions→CV0-004 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Cloud Architecture and DesignDeploymentSecurityOperations and SupportTroubleshooting

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security setsAll Security questionsCV0-004 Practice Hub