Practice CCSP Cloud Concepts, Architecture, and Design questions with full explanations on every answer.
Start practicing
Cloud Concepts, Architecture, and Design — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company requires that its cloud service provider offers a dedicated environment with no shared infrastructure. Which cloud deployment model should the company choose?
2Which cloud service model provides the consumer with the ability to deploy and run custom applications using the provider's programming languages, libraries, and tools, but does not allow management of the underlying infrastructure?
3A security auditor is reviewing a cloud provider's controls to ensure that customer data is appropriately isolated. Which design principle is most directly related to this requirement?
4A company is adopting a hybrid cloud model to run sensitive workloads on-premises and less critical applications in the public cloud. Which security consideration is most critical for this environment?
5Which cloud characteristic allows a consumer to automatically provision computing resources, such as server time and storage, as needed without requiring human interaction with the service provider?
6A cloud customer is evaluating a provider's service level agreement (SLA) that guarantees 99.99% availability. What is the maximum allowable downtime per year (in minutes) before the SLA is violated?
7Which of the following is a key benefit of using containers, such as Docker, in a cloud environment to achieve portability?
8In the NIST SP 800-145 definition of cloud computing, which characteristic is described as the capability to rapidly and elastically provision and release resources, often automatically?
9A company wants to avoid vendor lock-in when adopting cloud services. Which strategy is most effective for achieving portability?
10In a public cloud IaaS environment, which of the following is the customer responsible for securing, according to the shared responsibility model?
11A community cloud is best suited for which scenario?
12Which audit report provides the most comprehensive assurance regarding a cloud provider's controls over a period of time, including controls related to security, availability, processing integrity, confidentiality, and privacy?
13A cloud security architect is designing a multi-tenant SaaS application. Which TWO isolation mechanisms should be implemented to prevent data leakage between tenants?
14An organization is migrating a legacy application to the cloud and wants to maximize elasticity. Which THREE characteristics should the application support to benefit from cloud elasticity?
15A cloud provider offers a service with an SLA of 99.9% availability. Which TWO of the following are likely consequences if the provider fails to meet this SLA?
16A company is considering moving its customer relationship management (CRM) system to the cloud. The CRM is accessed through a web browser and the provider handles all maintenance, security, and infrastructure. Which cloud service model is being used?
17Which cloud characteristic allows a user to automatically provision computing resources without requiring human interaction with the service provider?
18An organization wants to deploy a cloud environment where multiple separate agencies with common compliance requirements share the infrastructure, but each agency retains some control over their own resources. Which deployment model best fits this scenario?
19In a public cloud IaaS model, which of the following security controls is the cloud customer primarily responsible for implementing?
20A cloud provider guarantees 99.99% availability for a service. What is the maximum allowed downtime per year (rounded to nearest minute)?
21A company is designing a multi-cloud strategy to avoid vendor lock-in and ensure portability. They are considering using containers and an open-source orchestration platform. Which of the following is the BEST choice to achieve workload portability across different cloud providers?
22An organization needs to migrate a legacy application to the cloud. The application requires full control over the operating system, middleware, and runtime. The team wants to minimize management overhead while retaining OS-level access. Which cloud service model is most appropriate?
23Which of the following is a key benefit of using a hybrid cloud deployment model?
24Which NIST-defined cloud characteristic ensures that resources can be scaled up and down rapidly based on demand?
25A cloud security architect is evaluating a CSP for a financial services client. Which of the following audit reports would provide the most comprehensive assurance regarding the CSP's controls over security, availability, processing integrity, confidentiality, and privacy?
26Which design principle is MOST directly concerned with the ability to move workloads between cloud providers or back on-premises without significant re-architecture?
27A company plans to deploy a multi-tier application across multiple cloud providers to avoid single points of failure. They need to ensure consistent security policies, including identity federation and network segmentation, across all environments. Which architecture consideration is MOST critical?
28A cloud architect is designing a multi-tenant SaaS application. Which TWO isolation mechanisms are essential to prevent tenant data leakage? (Choose two.)
29An organization is evaluating a cloud service provider and reviewing their SLA. Which THREE metrics are most important for assessing the provider's reliability and accountability? (Choose three.)
30A company is adopting a hybrid cloud strategy. Which TWO security considerations are most critical for maintaining a consistent security posture across environments? (Choose two.)
31A company wants to migrate its customer relationship management (CRM) system to the cloud and requires that the provider manages the underlying infrastructure, operating system, and middleware, while the company manages only the application and data. Which cloud service model best meets these requirements?
32A financial institution is subject to strict regulatory requirements that mandate data residency and physical control over its infrastructure. At the same time, it wants to leverage cloud bursting for peak loads. Which deployment model should the institution adopt?
33An organization is evaluating a cloud provider's SLA for a critical application. The provider offers a 99.95% uptime SLA with a 10% service credit for each 30-minute downtime period exceeding the threshold. The organization's business impact analysis requires a maximum downtime of 4.38 hours per year. Does the provider's SLA meet this requirement, and what is the annual allowed downtime based on the SLA?
34Which characteristic of cloud computing allows a user to provision computing resources automatically without requiring human interaction with the service provider?
35A cloud service provider (CSP) offers a shared infrastructure where multiple customers' virtual machines run on the same physical host but are isolated by the hypervisor. Which cloud deployment model does this represent?
36An organization is migrating a legacy application to the cloud and wants to minimize vendor lock-in. They plan to use containers orchestrated by Kubernetes. Which design principle is the organization primarily applying?
37Which of the following is a key consideration when evaluating a cloud service provider's ability to meet compliance requirements for data sovereignty?
38In the shared responsibility model for public cloud, which of the following is typically the responsibility of the cloud customer when using IaaS?
39A cloud architect is designing a solution that must automatically scale compute resources based on real-time demand. The application is stateless and can tolerate brief interruptions. Which cloud design principle is most directly addressed by this requirement?
40A company is migrating to a hybrid cloud and needs to ensure consistent security policies across both on-premises and cloud environments. Which of the following is the MOST critical consideration?
41Which NIST SP 800-145 cloud service model provides the consumer with the ability to deploy applications onto a cloud infrastructure where the consumer does not manage the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment?
42An organization is looking for a cloud deployment model that is provisioned for exclusive use by a single organization, but may be owned, managed, and operated by the organization, a third party, or some combination. Which deployment model is this?
43A cloud security architect is designing a multi-tenant SaaS application that must ensure strong isolation between tenants. Which TWO mechanisms are most effective for achieving multitenancy isolation?
44A company is evaluating cloud providers for a critical workload and requires high availability, disaster recovery, and portability. Which THREE factors should the company prioritize in the provider evaluation?
45An organization is adopting a hybrid cloud strategy and needs to ensure secure connectivity between on-premises and cloud environments. Which TWO approaches are most appropriate for this purpose?
46Which cloud service model provides the customer with the most control over the underlying infrastructure, including operating systems and applications?
47A financial services company is required to keep customer data within a specific geographic boundary due to regulatory requirements. The company is evaluating cloud deployment models. Which model would best ensure data sovereignty while still providing scalability?
48A cloud provider's SLA guarantees 99.95% uptime for a service. Over a one-year period (365 days), what is the maximum allowed downtime in minutes to meet this SLA?
49Which characteristic of cloud computing allows a user to provision resources automatically without requiring human interaction with the service provider?
50An organization is moving a legacy application to the cloud and wants to minimize changes to the application code. They require full control over the operating system and middleware. Which cloud service model is most appropriate?
51A cloud customer is reviewing a provider's SOC 2 Type II report. What does this report primarily attest to?
52Which design principle is most directly aimed at avoiding vendor lock-in and ensuring that workloads can be moved between cloud providers with minimal effort?
53In the NIST SP 800-145 definition, which deployment model is described as infrastructure provisioned for exclusive use by a single organization comprising multiple consumers?
54A company uses a hybrid cloud model where sensitive data resides in a private cloud, while compute-intensive analytics run in a public cloud using anonymized data. What is the primary security consideration for this architecture?
55An organization wants to ensure that if they decide to migrate away from their current cloud provider, they can retrieve all data in a usable format and delete it from the provider's systems. Which principle does this best describe?
56In the shared responsibility model for public cloud IaaS, which of the following is typically the responsibility of the cloud customer?
57Which cloud characteristic refers to the ability to automatically scale resources up or down based on demand?
58A cloud architect is designing a multi-tenant SaaS application. Which TWO design principles are critical for ensuring tenant isolation? (Select TWO.)
59A company is evaluating cloud providers for a global application. They need to ensure high availability and low latency. Which THREE factors are most important to consider during provider evaluation? (Select THREE.)
60An organization is adopting a hybrid cloud strategy. Which THREE considerations are vital for maintaining consistent security across environments? (Select THREE.)
61Which cloud service model allows customers to manage only their data and user access, while the provider manages everything else including the infrastructure, operating system, and applications?
62A financial institution requires a cloud environment that is shared by multiple organizations with common regulatory compliance needs, such as PCI DSS. Which deployment model is most appropriate?
63An organization is evaluating cloud service providers and notices that one provider's SLA offers 99.99% availability for a specific service, while another offers 99.9%. If the service costs $100,000 per month, what is the maximum allowable downtime per month for the 99.99% SLA?
64Which characteristic of cloud computing allows a user to automatically provision computing resources without requiring human interaction with the service provider?
65A company wants to migrate a legacy application to the cloud with minimal re-architecture. They need control over the operating system and middleware but do not want to manage physical hardware. Which service model is most suitable?
66Which cloud design principle is most directly related to ensuring that an organization can migrate workloads from one cloud provider to another without significant re-engineering?
67In a hybrid cloud deployment, which of the following is a critical security consideration?
68An organization is using a public cloud IaaS and wants to ensure they understand which security responsibilities fall on them. According to the shared responsibility model, which of the following is the customer responsible for in an IaaS deployment?
69Which cloud design principle ensures that resources can be dynamically adjusted to meet changing demand, often using auto-scaling groups?
70A cloud provider offers a service with an SLA of 99.999% availability. What is the maximum allowable downtime per year in minutes? (Assume 365 days)
71Which of the following is an example of a cloud interoperability standard that facilitates portability of containerized applications across different cloud environments?
72Which NIST essential characteristic of cloud computing allows the provider to dynamically assign and reassign resources to multiple tenants, often using a multi-tenant model?
73A company is considering migrating its customer relationship management (CRM) system to a SaaS provider. Which TWO of the following security responsibilities typically remain with the customer in a SaaS deployment?
74An organization is evaluating cloud service providers and wants to ensure that the provider can demonstrate independent verification of its security controls. Which THREE of the following are recognized cloud security audit reports or certifications?
75A cloud architect is designing a multi-tenant SaaS application. Which THREE of the following are essential isolation mechanisms that must be implemented to ensure tenant separation?
76Which cloud service model provides the customer with the ability to deploy and run custom applications using the provider's infrastructure, where the customer manages the applications and data, but does not manage the underlying operating system or hardware?
77A healthcare organization is migrating patient records to a public cloud provider. Which of the following is the most critical consideration regarding shared responsibility when using IaaS?
78An organization is designing a multi-cloud strategy using containers to avoid vendor lock-in. Which of the following approaches BEST ensures portability of containerized applications across different cloud providers?
79Which TWO of the following are essential characteristics of cloud computing as defined by NIST SP 800-145?
80A financial institution is evaluating a community cloud deployment shared with other banks. Which TWO security considerations are MOST important for this deployment model?
81Which THREE of the following are benefits of using a hybrid cloud deployment model?
82When evaluating a cloud service provider's SLA, which TWO metrics are MOST relevant for assessing availability and reliability?
83An organization is migrating a legacy application to the cloud and requires reversibility. Which THREE of the following should be considered to ensure the application can be migrated away from the cloud provider in the future?
84Which THREE of the following are valid methods for achieving multitenancy isolation in a public cloud IaaS environment?
The Cloud Concepts, Architecture, and Design domain covers the key concepts tested in this area of the CCSP exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CCSP domains — no account required.
The Courseiva CCSP question bank contains 84 questions in the Cloud Concepts, Architecture, and Design domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Cloud Concepts, Architecture, and Design domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included