CV0-004 · topic practice

Security practice questions

Practise CompTIA Cloud+ CV0-004 Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security

What the exam tests

What to know about Security

Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Security questions

20 questions · select your answer, then reveal the explanation

Question 1easymultiple choice
Read the full Security explanation →

A cloud engineer is configuring a web application on AWS and needs to ensure that only HTTP and HTTPS traffic from the internet is allowed to reach the EC2 instances. Which AWS service should be used to control inbound traffic at the instance level?

Question 2mediummultiple choice
Read the full Security explanation →

A company is migrating to a public cloud and wants to understand security responsibilities. According to the shared responsibility model, which of the following is the customer responsible for in an IaaS deployment?

Question 3hardmultiple choice
Read the full Security explanation →

A security administrator needs to enforce least privilege for a Kubernetes cluster in a cloud environment. Which approach should be used to restrict permissions for pods that need to access the cloud provider's API?

Question 4easymultiple choice
Read the full Security explanation →

An organization is moving sensitive data to the cloud and must ensure it is encrypted while stored on disk. Which type of encryption should be implemented?

Question 5mediummultiple choice
Read the full Security explanation →

A cloud administrator needs to provide external partners with access to a cloud application using their existing corporate credentials. Which federation protocol should be used?

Question 6mediummultiple choice
Read the full Security explanation →

A company is using a SaaS application and wants to gain visibility into user activity and enforce data loss prevention policies. Which technology should be deployed?

Question 7hardmultiple choice
Read the full Security explanation →

During a security audit, a cloud engineer discovers that a container image used in production has a known critical vulnerability in a base layer. Which practice should be implemented to prevent this in the future?

Question 8mediummultiple choice
Read the full Security explanation →

An organization needs to store database credentials and API keys securely in the cloud, with automatic rotation every 90 days. Which service should be used?

Question 9easymultiple choice
Read the full Security explanation →

A cloud architect is designing a network to protect a web application from common attacks such as SQL injection and cross-site scripting. Which cloud service should be used?

Question 10mediummultiple choice
Read the full Security explanation →

A company requires multi-factor authentication (MFA) for all users accessing the cloud management console. Which IAM policy element should be used to enforce this?

Question 11hardmultiple choice
Read the full Security explanation →

A cloud security team is reviewing audit logs and notices that a service account has been used to launch several high-risk API calls that are not part of its normal behavior. Which security control should be implemented to detect such anomalies in real time?

Question 12mediummultiple choice
Read the full Security explanation →

An organization is subject to PCI DSS compliance and must demonstrate that it is meeting security requirements. Which cloud service can aggregate compliance findings and provide a dashboard?

Question 13mediummulti select
Study the full ACL explanation →

A cloud administrator is configuring network security for a multi-tier application. Which TWO statements about security groups and network ACLs are correct?

Question 14hardmulti select
Read the full Security explanation →

A cloud security team is implementing encryption for data at rest using customer-managed keys in a cloud KMS. Which THREE practices should be followed?

Question 15easymulti select
Read the full Security explanation →

A company is adopting a shared responsibility model for a PaaS cloud deployment. Which THREE responsibilities belong to the customer?

Question 16easymultiple choice
Read the full Security explanation →

A cloud customer is deploying a virtual machine (VM) in a public IaaS environment. According to the shared responsibility model, which of the following security tasks is the customer responsible for?

Question 17mediummultiple choice
Read the full Security explanation →

A cloud administrator needs to ensure that a set of AWS EC2 instances can only be accessed via SSH from the corporate office IP range 203.0.113.0/24. Which configuration should the administrator implement?

Question 18hardmultiple choice
Read the full Security explanation →

A company is migrating a legacy application to a Kubernetes cluster in the cloud. The application requires a database password to be accessible at runtime. Which approach aligns with cloud security best practices for secrets management?

Question 19mediummultiple choice
Read the full Security explanation →

A security auditor is reviewing the IAM configuration for a cloud account. The auditor finds that a user has permissions to create and delete resources in all services. Which principle of security is being violated?

Question 20mediummultiple choice
Read the full Security explanation →

An organization is subject to PCI DSS compliance and must ensure that all data transmitted between its cloud application and users is encrypted. Which encryption method should be enforced?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security sessions

Start a Security only practice session

Every question in these sessions is drawn from the Security domain — nothing else.

Related practice questions

Related CV0-004 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CV0-004 exam test about Security?
Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security questions in a focused session?
Yes — the session launcher on this page draws every question from the Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CV0-004 topics?
Use the topic links above to move to related areas, or go back to the CV0-004 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CV0-004 exam covers. They are not copied from any real exam or dump site.