Back to Certified Cloud Security Professional CCSP questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise Certified Cloud Security Professional CCSP practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
CCSP
exam code
ISC2
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CCSP topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummulti select
Full question →

Which TWO of the following are required for GDPR compliance when processing personal data in the cloud?

Question 2mediummulti select
Full question →

Which TWO of the following are common risk treatment options in cloud risk management?

Question 3hardmulti select
Full question →

Which TWO of the following are required elements of a valid Business Continuity Plan (BCP) in the cloud?

Question 4mediummulti select
Full question →

A cloud security architect is designing a data loss prevention (DLP) strategy for a multi-cloud environment. Which TWO actions are effective in preventing unauthorized exfiltration of sensitive data?

Question 5hardmulti select
Full question →

Which TWO of the following are primary responsibilities of a cloud service customer under the shared responsibility model regarding compliance with regulations such as GDPR?

Question 6mediummulti select
Full question →

Which TWO of the following are primary objectives of a cloud application security program?

Question 7hardmulti select
Full question →

A cloud security architect is designing a secure CI/CD pipeline for a containerized application deployed on a Kubernetes cluster. The pipeline must ensure that only approved images are deployed. Which TWO of the following controls should be implemented? (Choose two.)

Question 8mediummulti select
Read the full NAT/PAT explanation →

A cloud service provider (CSP) is undergoing a SOC 2 Type II audit. The auditor reviews the CSP's access control policies and identifies that user access reviews are performed quarterly. However, the auditor notes that there is no automated termination of access for terminated employees. Which TWO of the following control objectives are likely to be non-compliant based on this finding?

Question 9mediummulti select
Full question →

A company is deploying a critical application on a public cloud IaaS platform. To ensure high availability and disaster recovery, which TWO of the following strategies should the company implement? (Choose two.)

Question 10mediummulti select
Full question →

Which THREE of the following are typical responsibilities of a cloud customer under the shared responsibility model?

Question 11mediummulti select
Full question →

Which TWO of the following are key components of a cloud incident response plan that should be tested regularly?

Question 12easymulti select
Full question →

Which TWO of the following are valid methods for securing data at rest in a cloud storage service?

Question 13hardmulti select
Full question →

Which THREE of the following are key characteristics of cloud computing as defined by NIST SP 800-145?

Question 14mediummulti select
Full question →

A company uses a cloud key management service (KMS) with automatic key rotation enabled. Which TWO statements about key rotation are true?

Question 15hardmulti select
Full question →

Which THREE of the following are essential components of a Secure Software Development Lifecycle (SSDLC) for cloud applications?

Question 16hardmulti select
Full question →

Which THREE of the following are key components of a cloud data governance framework?

Question 17hardmulti select
Full question →

Which TWO of the following are effective methods to protect against server-side request forgery (SSRF) in a cloud application? (Choose two.)

Question 18easymulti select
Full question →

Which TWO of the following are benefits of using tokenization for credit card data?

Question 19hardmulti select
Full question →

Which THREE of the following are essential steps in a cloud data discovery process?

Question 20easymulti select
Full question →

Which TWO of the following are key components of an Information Security Management System (ISMS) as defined by ISO 27001?

These CCSP practice questions are part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style CCSP questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.