Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Cloud Security Operations practice sets

CCSP Cloud Security Operations • Complete Question Bank

CCSP Cloud Security Operations — All Questions With Answers

Complete CCSP Cloud Security Operations question bank — all 0 questions with answers and detailed explanations.

92
Questions
Free
No signup
Certifications/CCSP/Practice Test/Cloud Security Operations/All Questions
Question 1easymultiple choice
Read the full Cloud Security Operations explanation →

A cloud security engineer is troubleshooting a failure in automated backups for a production database. The backup job runs nightly but has failed for the past three nights. The logs show permission denied errors when the backup service attempts to write to the storage bucket. Which action should the engineer take first?

Question 2mediummultiple choice
Read the full NAT/PAT explanation →

An organization is designing a cloud storage solution for highly sensitive customer data. The data must be encrypted at rest and the encryption keys must be managed by the customer, not the cloud provider. Additionally, the solution must allow granular access control based on data classification. Which combination of services should the architect recommend?

Question 3hardmultiple choice
Read the full NAT/PAT explanation →

A company uses a cloud-based SIEM to aggregate logs from multiple sources. Recently, the SIEM stopped receiving logs from a critical application server. The server is running and the application is functioning normally. The security team has verified that the log forwarder service is running on the server and the network path to the SIEM is open. Which additional step should the team take to diagnose the issue?

Question 4mediummulti select
Read the full Cloud Security Operations explanation →

Which TWO of the following are best practices for securing a cloud-based container orchestration platform?

Question 5hardmulti select
Read the full Cloud Security Operations explanation →

Which THREE of the following are key considerations when designing a disaster recovery plan for a cloud-based application?

Question 6easymulti select
Read the full Cloud Security Operations explanation →

Which TWO of the following are valid methods for securing data at rest in a cloud storage service?

Question 7mediummultiple choice
Read the full Cloud Security Operations explanation →

Refer to the exhibit. A security analyst is investigating a potential unauthorized key pair creation. The CloudTrail log shows a successful CreateKeyPair event for an admin user. What additional step should the analyst take to determine if this was an authorized action?

Network Topology
$ aws cloudtrail lookup-eventslookup-attributes AttributeKey=EventNamequery 'Events[?ErrorCode==`nil`]'output textRefer to the exhibit.```Events:- EventId: abc123EventName: CreateKeyPairEventTime: 2023-10-01T10:00:00ZUserIdentity: {"type":"IAMUser","arn":"arn:aws:iam::123456789012:user/admin"}Resources: [{"resourceType":"AWS::EC2::KeyPair","resourceName":"mykey"}]SourceIPAddress: 203.0.113.50UserAgent: console.amazonaws.com
Question 8hardmultiple choice
Read the full Cloud Security Operations explanation →

Refer to the exhibit. A security engineer has attached the above IAM policy to a user. What is the effect of this policy?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    }
  ]
}
```
Question 9easymultiple choice
Read the full Cloud Security Operations explanation →

Refer to the exhibit. A cloud administrator ran the Azure CLI command to list virtual machines. One VM shows a ProvisioningState of 'Failed'. What is the most likely cause of this state?

Network Topology
$ az vm listoutput tableRefer to the exhibit.```Name ResourceGroup Location ProvisioningStatevm-prod-1 rg-prod eastus Succeededvm-prod-2 rg-prod eastus Succeededvm-dev-1 rg-dev eastus Failed
Question 10hardmultiple choice
Read the full Cloud Security Operations explanation →

A financial services company runs a critical application on a cloud infrastructure. The application consists of a web tier, an application tier, and a database tier, all deployed in a single cloud region. The database is a managed relational database service with automated backups enabled. The company's disaster recovery plan requires a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 1 hour. During a recent regional outage, the primary region became unavailable for 6 hours. The company attempted to restore the database from the latest automated backup in a different region, but the restore took 5 hours due to the large database size, exceeding the RTO. Additionally, the backup was 2 hours old at the time of the outage, exceeding the RPO. The security team has also noted that the backup data is encrypted with a cloud-managed key, which may not meet future compliance requirements for customer-managed encryption keys. Which course of action should the company take to meet both the RTO and RPO objectives while also addressing the encryption requirement?

Question 11mediummultiple choice
Read the full NAT/PAT explanation →

A healthcare organization has deployed a cloud-based application that handles protected health information (PHI). The application runs on virtual machines in a virtual private cloud (VPC). The security team has implemented security groups to control traffic to the VMs. Recently, an external penetration test revealed that a web server VM is accessible from the internet on port 22 (SSH) from any IP address (0.0.0.0/0). The security team also discovered that the SSH key pair used for the web server was created with a weak algorithm (1024-bit RSA). The team needs to remediate these issues without causing downtime for the application. Additionally, the application logs must be sent to a centralized logging solution that is encrypted in transit and at rest. Which combination of actions should the security team take?

Question 12mediummultiple choice
Read the full Cloud Security Operations explanation →

A cloud security team is investigating a data breach in their AWS environment. The logs show that an EC2 instance with an attached IAM role was compromised. The attacker used the instance's temporary credentials to access an S3 bucket containing sensitive data. Which design change would BEST prevent this type of attack in the future?

Question 13hardmultiple choice
Read the full NAT/PAT explanation →

A company is migrating a critical application to the cloud and must ensure that its security operations center (SOC) can detect and respond to threats in real time. The application generates high volumes of logs. Which combination of services would provide the MOST efficient and cost-effective solution for centralized logging, analysis, and alerting?

Question 14easymultiple choice
Read the full Cloud Security Operations explanation →

During a cloud security audit, it is discovered that a cloud storage bucket is configured to allow access from any IP address. The bucket contains sensitive customer data. What is the BEST immediate action to secure the bucket?

Question 15easymultiple choice
Read the full NAT/PAT explanation →

A cloud security engineer is tasked with automating the response to a detected malware infection on a virtual machine. The engineer wants to isolate the VM from the network immediately upon detection. Which cloud-native feature should be used?

Question 16mediummulti select
Read the full Cloud Security Operations explanation →

Which TWO of the following are key components of a cloud incident response plan that should be tested regularly?

Question 17hardmultiple choice
Read the full Cloud Security Operations explanation →

Refer to the exhibit. A cloud security analyst reviews the bucket policy for example-bucket. Based on the policy, which of the following is true?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "192.0.2.0/24"
        }
      }
    },
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}
```
Question 18hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation runs its critical applications on a cloud platform. The security team has implemented a Security Information and Event Management (SIEM) solution that collects logs from various cloud services, including virtual machines, storage, and databases. The SIEM is configured to generate alerts based on predefined rules. Recently, the team noticed an increase in false positive alerts, causing alert fatigue among the analysts. Additionally, there is a lack of context in the alerts, making it difficult to triage and prioritize incidents. The team wants to improve the efficiency of the SOC without increasing headcount. Which of the following is the BEST course of action to address these issues?

Question 19mediummultiple choice
Read the full Cloud Security Operations explanation →

A company's security team is investigating an anomalous spike in outbound traffic from a cloud workload. The workload is a web server running in an IaaS environment. The team suspects data exfiltration. Which of the following is the BEST initial step to identify the source and type of traffic?

Question 20hardmulti select
Read the full Cloud Security Operations explanation →

A cloud security architect is designing a secure CI/CD pipeline for a containerized application deployed on a Kubernetes cluster. The pipeline must ensure that only approved images are deployed. Which TWO of the following controls should be implemented? (Choose two.)

Question 21hardmultiple choice
Read the full Cloud Security Operations explanation →

Refer to the exhibit. A cloud security analyst is reviewing an S3 bucket policy. The bucket contains sensitive data and must only be accessible over HTTPS from the internal network (10.0.0.0/24). Which of the following correctly describes the behavior of this policy?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/24"
        }
      }
    },
    {
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}
Question 22mediumdrag order
Read the full Cloud Security Operations explanation →

Drag and drop the steps for responding to a security incident involving a compromised cloud VM into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 23mediumdrag order
Read the full Cloud Security Operations explanation →

Drag and drop the steps for implementing a secure DevOps (DevSecOps) pipeline in a cloud environment into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 24mediummatching
Read the full Cloud Security Operations explanation →

Match each data state to its encryption requirement in cloud environments.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Encryption using AES-256

TLS 1.2+ encryption

Homomorphic or confidential computing

Encryption with separate key management

Question 25mediummatching
Study the full virtualization explanation →

Match each virtualization security concept to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Software that manages virtual machines

Attack breaking out of VM isolation

Virtual machine introspection for monitoring

Moving a running VM between hosts

Question 26mediummultiple choice
Read the full Cloud Security Operations explanation →

A company experiences a security breach in its cloud environment, and the security team needs to preserve evidence for legal proceedings. Which of the following is the MOST important step to take first?

Question 27easymultiple choice
Read the full Cloud Security Operations explanation →

A cloud administrator is configuring log retention for a financial application that must comply with PCI DSS. What is the minimum log retention period required by PCI DSS?

Question 28hardmultiple choice
Read the full Cloud Security Operations explanation →

A security analyst is conducting a forensic investigation of a compromised virtual machine in a public cloud. The VM is running in a production environment and cannot be stopped. Which of the following techniques is MOST appropriate to acquire volatile memory evidence?

Question 29mediummultiple choice
Read the full Cloud Security Operations explanation →

A company uses a cloud key management service with automatic annual key rotation. An auditor requires that keys are rotated every 90 days to meet internal policy. What should the cloud security architect do to satisfy this requirement?

Question 30easymultiple choice
Read the full Cloud Security Operations explanation →

A cloud administrator is designing a backup strategy for a critical database. Which of the following is the BEST approach to ensure data recoverability in case of a regional outage?

Question 31hardmultiple choice
Read the full Cloud Security Operations explanation →

A company is deploying a multi-tier application in a public cloud and needs to restrict traffic between tiers. The web tier must only accept HTTPS from the internet, and the app tier must only accept HTTP from the web tier. Which cloud networking feature should be used to enforce this?

Question 32mediummultiple choice
Read the full Cloud Security Operations explanation →

An organization uses a continuous integration/continuous deployment (CI/CD) pipeline to deploy infrastructure as code. The security team wants to ensure that all cloud resources comply with internal security policies before deployment. Which of the following is the MOST effective method to enforce this?

Question 33easymultiple choice
Read the full Cloud Security Operations explanation →

A cloud operations team has a process for making changes to production environments. Which change management practice is MOST important for reducing the risk of service disruption?

Question 34hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation operates in a country where data sovereignty laws require that all customer data remain within the country's borders. The company uses a global public cloud provider. Which operational control is MOST critical to ensure compliance?

Question 35mediummulti select
Read the full Cloud Security Operations explanation →

Which TWO responsibilities are typically shared between the cloud customer and the cloud provider in an IaaS model? (Choose two.)

Question 36hardmulti select
Read the full Cloud Security Operations explanation →

Which THREE components are essential for establishing a secure baseline configuration for a cloud virtual machine? (Choose three.)

Question 37easymulti select
Read the full Cloud Security Operations explanation →

Which TWO cloud monitoring tools are used primarily for detecting anomalous behavior that may indicate a security incident? (Choose two.)

Question 38mediummultiple choice
Read the full Cloud Security Operations explanation →

Refer to the exhibit. An IAM policy is attached to a user. Which action is the user allowed to perform?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::example-bucket",
        "arn:aws:s3:::example-bucket/*"
      ]
    },
    {
      "Effect": "Deny",
      "Action": [
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}
Question 39easymultiple choice
Read the full Cloud Security Operations explanation →

Refer to the exhibit. An administrator attaches security group sg-12345 to a web server. Which of the following describes the traffic that will be allowed by the security group?

Exhibit

Refer to the exhibit.

Security Group: sg-12345 (web-sg)
Inbound Rules:
  - Type: HTTP (80), Protocol: TCP, Port Range: 80, Source: 0.0.0.0/0
  - Type: HTTPS (443), Protocol: TCP, Port Range: 443, Source: 0.0.0.0/0
  - Type: SSH (22), Protocol: TCP, Port Range: 22, Source: 10.0.0.0/8
Outbound Rules:
  - Type: All traffic, Protocol: All, Port Range: All, Destination: 0.0.0.0/0
Question 40hardmultiple choice
Read the full Cloud Security Operations explanation →

Refer to the exhibit. A data sync job fails with the error shown. The IAM role 'data-sync-role' has the following policy attached:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [

"s3:GetObject"

],
      "Resource": "arn:aws:s3:*:*:data-bucket-2024/*"
    }
  ]
}

What is the MOST likely cause of the failure?

Exhibit

Refer to the exhibit.

Error log from cloud storage sync tool:
[ERROR] Failed to sync file 'financial_report.xlsx'. Cause: AccessDenied (403) - User: arn:aws:iam::123456789012:role/data-sync-role is not authorized to perform: s3:GetObject on resource: arn:aws:s3:::data-bucket-2024/financial_report.xlsx because no identity-based policy allows the s3:GetObject action
Question 41easymultiple choice
Read the full Cloud Security Operations explanation →

A security analyst notices that a cloud storage bucket contains objects with public read access. The organization's policy prohibits public access. What is the most efficient way to remediate this issue across all objects in the bucket?

Question 42mediummultiple choice
Read the full Cloud Security Operations explanation →

A cloud operations team is implementing a logging strategy for their hybrid cloud environment. They need to ensure that logs from on-premises systems are collected and stored in a centralized cloud logging service with low latency. Which configuration is most appropriate?

Question 43hardmultiple choice
Read the full Cloud Security Operations explanation →

During a security audit, it is discovered that a cloud service provider's infrastructure-as-a-service (IaaS) environment has virtual machines that were provisioned with default firewall rules allowing all inbound traffic from the internet. The organization's cloud security policy requires that all VM firewall rules follow a least-privilege model. What is the most effective approach to enforce this policy going forward?

Question 44easymulti select
Read the full Cloud Security Operations explanation →

A cloud security administrator is reviewing the security controls for a SaaS application. Which of the following are typically the responsibility of the cloud customer (tenant) in a SaaS model? (Choose two.)

Question 45mediummulti select
Read the full Cloud Security Operations explanation →

A cloud operations team is implementing a disaster recovery plan. Which of the following are valid strategies for data replication in a cloud environment? (Choose three.)

Question 46hardmulti select
Read the full Cloud Security Operations explanation →

A cloud security engineer is investigating a potential data breach in a cloud environment. The organization uses a cloud access security broker (CASB) and has deployed a security information and event management (SIEM) system. Which of the following are likely indicators that the CASB has detected unauthorized data exfiltration? (Choose two.)

Question 47easymultiple choice
Read the full Cloud Security Operations explanation →

A security analyst reviews the bucket policy above. What is the primary security concern?

Exhibit

Refer to the exhibit. The following is an excerpt from an AWS S3 bucket policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}
Question 48mediummultiple choice
Read the full Cloud Security Operations explanation →

The security team notices that the request above is from a known malicious IP address. However, the load balancer did not block it. What is the most likely reason?

Exhibit

Refer to the exhibit. The following is a log entry from a cloud load balancer:

{
  "timestamp": "2025-03-10T14:23:45Z",
  "client_ip": "203.0.113.5",
  "request_method": "POST",
  "request_uri": "/api/login",
  "response_code": 200,
  "user_agent": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
}
Question 49hardmultiple choice
Read the full Cloud Security Operations explanation →

A cloud security engineer reviews the Terraform configuration above. Which of the following is a security best practice that has been violated?

Exhibit

Refer to the exhibit. The following is an excerpt from a cloud infrastructure configuration file (Terraform HCL):

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
  user_data     = <<-EOF
              #!/bin/bash
              apt-get update
              apt-get install -y nginx
              systemctl enable nginx
              systemctl start nginx
              EOF
  vpc_security_group_ids = [aws_security_group.web_sg.id]
}

resource "aws_security_group" "web_sg" {
  name        = "web_sg"
  description = "Allow HTTP traffic"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}
Question 50easymultiple choice
Read the full Cloud Security Operations explanation →

A cloud security administrator needs to ensure that all API calls to the cloud provider's management plane are logged for audit purposes. Which service should be enabled?

Question 51easymultiple choice
Read the full Cloud Security Operations explanation →

A cloud operations team is setting up a new virtual network in the cloud. They need to segment traffic between different tiers of an application (web, application, database). Which security control should they implement?

Question 52mediummultiple choice
Read the full NAT/PAT explanation →

A company has deployed a mission-critical application in the cloud and needs to ensure that it remains available even if an entire cloud region fails. Which architecture pattern should they adopt?

Question 53mediummultiple choice
Study the full ACL explanation →

A security analyst is using a cloud security posture management (CSPM) tool that reports a finding of "storage bucket publicly accessible." However, upon manual inspection, the bucket's ACL and bucket policy both restrict access to authorized users only. What is the most likely cause of the false positive?

Question 54hardmultiple choice
Read the full Cloud Security Operations explanation →

An organization uses a cloud key management service (KMS) to encrypt data at rest. The security policy requires that the encryption keys be rotated every 90 days. The operations team is concerned about the impact of key rotation on encrypted data. Which of the following statements is true regarding KMS key rotation?

Question 55hardmultiple choice
Read the full Cloud Security Operations explanation →

A cloud security engineer is reviewing incident response procedures for a hybrid cloud environment. During a security incident, the team needs to collect forensic evidence from a compromised virtual machine while preserving its state. Which of the following actions should be taken first?

Question 56mediummultiple choice
Read the full Cloud Security Operations explanation →

A security analyst is investigating a data breach in a cloud environment. The analyst needs to preserve evidence for legal proceedings. Which of the following actions is most critical to ensure the chain of custody is maintained?

Question 57hardmultiple choice
Study the full virtualization explanation →

During a security incident in a multi-tenant cloud environment, the cloud provider's logging system indicates that a virtual machine (VM) on a shared hypervisor has been compromised. The provider wants to assist the customer with forensic analysis while minimizing impact to other tenants. Which approach is most appropriate?

Question 58easymultiple choice
Read the full Cloud Security Operations explanation →

A company uses an Infrastructure as a Service (IaaS) provider for critical applications. They need to define a backup retention policy that meets regulatory requirements for keeping financial records for 7 years. Which of the following strategies best meets this requirement while optimizing costs?

Question 59mediummultiple choice
Read the full Cloud Security Operations explanation →

An organization has implemented a change management process for its cloud infrastructure. During a routine change, a network security group rule is modified incorrectly, causing a critical application to become inaccessible. What is the most effective way to prevent this issue in future changes?

Question 60hardmultiple choice
Read the full NAT/PAT explanation →

A cloud security team needs to implement a logging strategy that captures user activity, API calls, and resource changes across multiple cloud services. The logs must be tamper-proof and retained for at least one year. Which combination of actions best meets these requirements?

Question 61easymultiple choice
Read the full Cloud Security Operations explanation →

A cloud service provider is designing a new data center. To ensure physical security, which of the following controls is most effective for preventing unauthorized access to the server floor?

Question 62mediummultiple choice
Read the full Cloud Security Operations explanation →

A company has a disaster recovery (DR) plan that includes failing over to a secondary cloud region. The plan was tested six months ago and worked, but since then significant infrastructure changes have been made. Which of the following should the company do to ensure the DR plan remains effective?

Question 63hardmultiple choice
Read the full Cloud Security Operations explanation →

A cloud security architect is designing an API gateway for a microservices application. The gateway must authenticate requests, enforce rate limiting, and log all transactions for audit. Which of the following security controls is most critical to protect against API abuse?

Question 64easymultiple choice
Read the full Cloud Security Operations explanation →

An organization uses a cloud key management service (KMS) for encryption keys. The security policy requires automatic rotation of keys every 90 days. Which rotation strategy best balances security and operational impact?

Question 65mediummulti select
Read the full Cloud Security Operations explanation →

Which TWO of the following are best practices for monitoring a cloud environment to detect security incidents?

Question 66hardmulti select
Read the full Cloud Security Operations explanation →

Which THREE of the following are essential steps in the incident response process for a cloud security incident?

Question 67easymulti select
Read the full Cloud Security Operations explanation →

Which THREE of the following are effective strategies for ensuring data backup integrity and recoverability in the cloud?

Question 68easymultiple choice
Read the full Cloud Security Operations explanation →

A company has implemented a centralized logging solution for its cloud environment. The security team notices that logs from a critical application are missing for the past hour. What is the MOST likely cause?

Question 69mediummultiple choice
Read the full Cloud Security Operations explanation →

During a security incident involving a compromised virtual machine (VM) in a public cloud, the incident response team needs to preserve evidence for potential legal action. Which of the following actions should be taken FIRST?

Question 70hardmultiple choice
Read the full Cloud Security Operations explanation →

A cloud security architect is designing a forensics capability for a multi-tenant infrastructure-as-a-service (IaaS) environment. Which of the following is the MOST significant challenge when performing forensic acquisition of virtual machine (VM) memory?

Question 71easymultiple choice
Read the full Cloud Security Operations explanation →

A cloud customer is decommissioning a storage service that contains sensitive data. The cloud provider offers several data destruction options. Which method provides the HIGHEST assurance that data is irrecoverable?

Question 72mediummultiple choice
Read the full NAT/PAT explanation →

A company runs its production workloads on a cloud platform. The security team wants to ensure that all compute instances are patched within 30 days of a patch release. Which of the following is the BEST approach to enforce this requirement?

Question 73hardmultiple choice
Read the full Cloud Security Operations explanation →

A cloud security operations team is evaluating SIEM solutions. They need to minimize false positives while ensuring critical security events are not missed. Which of the following is the MOST effective technique to achieve this balance?

Question 74easymultiple choice
Read the full Cloud Security Operations explanation →

A cloud customer experiences a ransomware attack that encrypts data in an object storage bucket. The customer has versioning enabled on the bucket. How can the customer MOST effectively restore the data?

Question 75mediummultiple choice
Read the full NAT/PAT explanation →

A company uses a cloud provider's managed database service. The security team is concerned about the shared responsibility model for patching the operating system and database engine. According to the shared responsibility model, who is responsible for applying security patches to the database engine?

Question 76hardmultiple choice
Read the full Cloud Security Operations explanation →

An incident response team is investigating a potential breach in a cloud environment. They have collected logs from various sources. Which of the following is the MOST critical factor to ensure the admissibility of digital evidence in court?

Question 77mediummulti select
Read the full Cloud Security Operations explanation →

Which TWO of the following are best practices for implementing baseline configuration management in a cloud environment? (Choose two.)

Question 78hardmulti select
Read the full Cloud Security Operations explanation →

Which THREE of the following are key components of an incident response plan specific to cloud environments? (Choose three.)

Question 79easymulti select
Read the full Cloud Security Operations explanation →

Which TWO of the following are valid considerations when performing forensic imaging of virtual machines in a public cloud? (Choose two.)

Question 80mediummultiple choice
Read the full Cloud Security Operations explanation →

Refer to the exhibit. An AWS CloudTrail log entry is shown. Which of the following can be determined from this log entry?

Exhibit

Refer to the exhibit.

{
  "Records": [
    {
      "eventVersion": "1.08",
      "userIdentity": {
        "type": "IAMUser",
        "arn": "arn:aws:iam::123456789012:user/john.doe",
        "accountId": "123456789012",
        "userName": "john.doe"
      },
      "eventTime": "2024-03-15T10:30:00Z",
      "eventSource": "ec2.amazonaws.com",
      "eventName": "RunInstances",
      "awsRegion": "us-east-1",
      "sourceIPAddress": "203.0.113.50",
      "userAgent": "console.amazonaws.com",
      "requestParameters": {
        "instancesSet": {
          "items": [{"instanceId": "i-0abcd1234efgh5678"}]
        },
        "groupSet": {
          "items": [{"groupId": "sg-12345678"}]
        }
      },
      "responseElements": {
        "instancesSet": {
          "items": [{"instanceId": "i-0abcd1234efgh5678"}]
        }
      }
    }
  ]
}
Question 81hardmultiple choice
Read the full NAT/PAT explanation →

A company runs its production workloads on a cloud infrastructure-as-a-service (IaaS) platform. The security operations team uses a SIEM to monitor security events. Over the past week, they have observed an increasing number of alerts indicating failed login attempts to a critical database server. The source IP addresses are varied and originate from different geographic regions. The team has also noticed that the database server's CPU usage has spiked during non-business hours. The database is not exposed to the internet; it is in a private subnet. The security team suspects that the database credentials have been compromised. Which of the following actions should the security team take FIRST to mitigate the risk?

Question 82mediummultiple choice
Read the full Cloud Security Operations explanation →

A cloud customer is migrating a legacy application to a cloud platform. The application currently runs on physical servers and uses local storage. The migration plan involves rehosting the application on virtual machines (VMs) in the cloud. The security team wants to ensure that the VMs are properly hardened before deployment. During the migration testing, the team discovers that the base image used for the VMs contains several unnecessary services and default credentials. The team is concerned that these vulnerabilities could be exploited. The cloud provider offers a shared responsibility model where the customer is responsible for securing the OS. Which of the following is the BEST course of action to address this issue?

Question 83easymultiple choice
Read the full Cloud Security Operations explanation →

A financial services company is migrating a critical application to the cloud. They must ensure that the cloud provider supports the ability to conduct forensic investigations in case of a security incident. Which of the following is the MOST important requirement to include in the contract?

Question 84mediummultiple choice
Study the full virtualization explanation →

A cloud security architect is designing a defense-in-depth strategy for a multi-tenant IaaS environment. Which of the following controls would BEST protect against workload isolation failure due to a hypervisor vulnerability?

Question 85hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation uses a hybrid cloud model with on-premises data centers and the AWS cloud. They have implemented a Cloud Access Security Broker (CASB) to enforce security policies. Recently, the security team noticed that users are accessing cloud applications from unusual geographic locations and downloading large volumes of data. The CASB logs show that the users authenticated using single sign-on (SSO) with valid credentials. The company has not enabled multi-factor authentication (MFA) for all users due to a previous pushback from the user community. The security team suspects a credential theft incident. What is the BEST course of action to mitigate the risk and respond to the potential incident?

Question 86hardmultiple choice
Read the full Cloud Security Operations explanation →

A cloud security engineer is responsible for a SaaS application hosted on a public cloud provider. The application uses a relational database to store customer data. The security team recently conducted a vulnerability assessment and discovered that the database can be accessed over the internet without any network restrictions. Additionally, the database admin user has the same password as the root account, and the password has not been changed in 18 months. The company is subject to GDPR and PCI DSS compliance requirements. The engineer needs to remediate these issues immediately. Which of the following actions should be taken FIRST?

Question 87mediummultiple choice
Read the full Cloud Security Operations explanation →

A cloud operations team manages a critical application on AWS that uses EC2 instances behind an Application Load Balancer (ALB). The application experiences occasional high latency and timeout errors. The team has enabled detailed monitoring and CloudWatch Logs. They notice that during peak hours, the CPU utilization on some instances reaches 95%, while others remain around 40%. The security group allows traffic from a wide range of IP addresses. The team needs to improve both performance and security. Which of the following actions would BEST address the performance imbalance and also enhance security posture?

Question 88mediummultiple choice
Study the full virtualization explanation →

A company is migrating its on-premises virtualized environment to the Azure cloud. The security team wants to ensure they can detect and respond to security incidents in the cloud. They plan to use Azure Security Center and Azure Sentinel. The on-premises environment uses a SIEM tool and logs from all servers are forwarded to it. In the cloud, they have provisioned virtual machines (VMs) running various workloads. The team needs to ensure that all security events from these VMs are captured and analyzed. Which of the following steps should they take FIRST to achieve comprehensive log collection?

Question 89mediummultiple choice
Read the full Cloud Security Operations explanation →

A healthcare organization is using a cloud-based electronic health record (EHR) system hosted on a PaaS platform. The platform provides a web interface and an API for integration with internal systems. The organization's security policy requires encryption of all data at rest and in transit. They have implemented SSL/TLS for data in transit and enabled server-side encryption for the database. However, during a recent audit, it was discovered that the API returns diagnostic data in clear text when accessed from internal networks. The internal network is considered trusted. The auditor recommends implementing end-to-end encryption. Which of the following is the BEST approach to meet this requirement?

Question 90mediummulti select
Read the full Cloud Security Operations explanation →

A cloud security team is developing an incident response plan for a SaaS application hosted on a public cloud. During the preparation phase, which TWO steps are most critical to include?

Question 91hardmultiple choice
Read the full Cloud Security Operations explanation →

A security engineer reviews the S3 bucket policy shown in the exhibit. Which security concern should be addressed immediately?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/8"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}
Question 92easymultiple choice
Read the full Cloud Security Operations explanation →

A financial services company uses a hybrid cloud environment with an on-premises data center and AWS. They have deployed a Cloud Access Security Broker (CASB) to enforce data loss prevention (DLP) policies for SaaS applications. Recently, the security team noticed that sensitive customer data is being exfiltrated via encrypted traffic to a sanctioned cloud storage application. The CASB logs show the traffic is identified as HTTPS, but the DLP policy is not blocking it. The team verifies that the CASB is configured with a forward proxy and SSL inspection is enabled. Which action should the security team take to prevent this exfiltration?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CCSP Practice Test 1 — 10 Questions→CCSP Practice Test 2 — 10 Questions→CCSP Practice Test 3 — 10 Questions→CCSP Practice Test 4 — 10 Questions→CCSP Practice Test 5 — 10 Questions→CCSP Practice Exam 1 — 20 Questions→CCSP Practice Exam 2 — 20 Questions→CCSP Practice Exam 3 — 20 Questions→CCSP Practice Exam 4 — 20 Questions→Free CCSP Practice Test 1 — 30 Questions→Free CCSP Practice Test 2 — 30 Questions→Free CCSP Practice Test 3 — 30 Questions→CCSP Practice Questions 1 — 50 Questions→CCSP Practice Questions 2 — 50 Questions→CCSP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Cloud Application SecurityCloud Security OperationsLegal, Risk and ComplianceCloud Concepts, Architecture and DesignCloud Platform and Infrastructure SecurityCloud Data Security

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Cloud Security Operations setsAll Cloud Security Operations questionsCCSP Practice Hub