Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCCSPTopicsLegal, Risk and Compliance
Free · No Signup RequiredISC2 · CCSP

CCSP Legal, Risk and Compliance Practice Questions

20+ practice questions focused on Legal, Risk and Compliance — one of the most tested topics on the Certified Cloud Security Professional CCSP exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Legal, Risk and Compliance Practice

Exam Domains

Cloud Application SecurityCloud Security OperationsLegal, Risk and ComplianceCloud Concepts, Architecture and DesignCloud Platform and Infrastructure SecurityCloud Data SecurityAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Legal, Risk and Compliance Questions

Practice all 20+ →
1.

A company's cloud infrastructure is subject to GDPR. The DPO requires that all customer personal data be encrypted at rest and in transit. The cloud provider offers SSE-S3 for object storage and enforces TLS 1.2 for API calls. Which additional control should the company implement to meet GDPR accountability requirements?

A.Implement client-side encryption with a key management service.
B.Enable detailed logging of all access to encrypted data.
C.Automatically delete backups older than 30 days.
D.Apply data masking to all personal data fields before storage.

Explanation: While SSE-S3 and TLS 1.2 address encryption at rest and in transit, GDPR accountability requires the company to demonstrate compliance through audit trails. Enabling detailed logging of all access to encrypted data (Option B) provides the necessary records to prove who accessed personal data, when, and from where, fulfilling the 'demonstrate compliance' principle under Article 5(2) and Article 30 of the GDPR.

2.

A financial institution uses a multi-cloud strategy with AWS and Azure. They must comply with PCI DSS. The security team found that a developer accidentally stored a file with credit card numbers in an S3 bucket that is publicly readable. Which immediate action should be taken to contain the breach?

A.Delete the file immediately.
B.Enable default encryption on the bucket.
C.Remove the public read permission on the bucket.
D.Revoke the developer's IAM credentials.

Explanation: Option C is correct because removing the public read permission on the S3 bucket immediately stops unauthorized access to the file containing credit card numbers, containing the breach in accordance with PCI DSS incident response requirements. This action does not destroy evidence (unlike deletion) and directly addresses the root cause—the bucket's misconfigured access control list (ACL) or bucket policy that allowed public read access. It is the fastest way to prevent further data exfiltration while preserving the file for forensic analysis.

3.

A cloud service provider (CSP) offers a shared responsibility model. According to this model, who is responsible for patching the hypervisor?

A.The customer.
B.The regulatory authority.
C.The cloud service provider.
D.A third-party auditor.

Explanation: Option A is correct because the hypervisor is part of the underlying infrastructure, which the CSP manages. Option B is wrong because the customer does not have access to patch the hypervisor. Option C is wrong because a third party is not involved. Option D is wrong because the hypervisor is not typically managed by a regulatory body.

4.

A company is migrating to the cloud and must comply with the Health Insurance Portability and Accountability Act (HIPAA). They plan to store electronic protected health information (ePHI) in a cloud database. Which of the following is a mandatory requirement for the cloud service agreement?

A.The CSP must store data in a specific geographic location.
B.The CSP must perform quarterly penetration tests.
C.The CSP must encrypt all data at rest using AES-256.
D.The CSP must sign a Business Associate Agreement (BAA).

Explanation: Under HIPAA, a covered entity or business associate must have a written Business Associate Agreement (BAA) with any cloud service provider (CSP) that creates, receives, maintains, or transmits electronic protected health information (ePHI) on their behalf. The BAA is a mandatory contractual requirement that establishes the CSP's permitted uses and disclosures of ePHI, as well as its obligations to safeguard the data. Without a signed BAA, the CSP cannot lawfully handle ePHI, making this the only option that is a direct regulatory mandate under HIPAA.

5.

An e-commerce company uses a cloud-based web application firewall (WAF) to protect against common web exploits. The security team notices that a specific IP address is sending a high volume of requests that appear to be a DDoS attack. What is the best immediate response to mitigate the attack while minimizing impact on legitimate users?

A.Change the DNS to point to a different IP address.
B.Increase the compute capacity of the web servers.
C.Block the IP address in the WAF.
D.Implement rate limiting on the IP address with a threshold that allows normal traffic.

Explanation: Option D is correct because rate limiting at the WAF allows the security team to restrict the volume of requests from the offending IP address without completely blocking it. This approach ensures that legitimate traffic from that IP (e.g., a shared NAT gateway or a user with a dynamic IP) can still pass through, while the DDoS attack traffic is throttled. WAFs typically support granular rate-limiting rules based on IP, session, or URI, making this the most precise and least disruptive immediate response.

+15 more Legal, Risk and Compliance questions available

Practice all Legal, Risk and Compliance questions

How to master Legal, Risk and Compliance for CCSP

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Legal, Risk and Compliance. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Legal, Risk and Compliance questions on the CCSP frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many CCSP Legal, Risk and Compliance questions are on the real exam?

The exact number varies per candidate. Legal, Risk and Compliance is tested as part of the Certified Cloud Security Professional CCSP blueprint. Practicing with targeted Legal, Risk and Compliance questions ensures you can handle any format or difficulty that appears.

Are these CCSP Legal, Risk and Compliance practice questions free?

Yes. Courseiva provides free CCSP practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Legal, Risk and Compliance one of the harder CCSP topics?

Difficulty is subjective, but Legal, Risk and Compliance is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Legal, Risk and Compliance practice session with instant scoring and detailed explanations.

Start Legal, Risk and Compliance Practice →

Topic Info

Topic

Legal, Risk and Compliance

Exam

CCSP

Questions available

20+