CCSP Cheat Sheet 2026

The 30 highest-yield CCSP facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

125 questions
180 min time limit
70.00% to pass
  1. Which concept describes the minimum level of access rights a user or system should be granted to perform their required functions? Principle of least privilege
  2. What is the OWASP Secure Coding Practices guideline's primary recommendation for handling user input? Validate and sanitize all input from untrusted sources
  3. NIST SP 800-145 defines cloud computing with five essential characteristics, three service models, and how many deployment models? Four
  4. The following capabilities, with the exception of ______, should all be guaranteed by the options included in cloud application designs. Hashing database fields
  5. What is the shared responsibility model's division regarding physical security of a public cloud data center? Entirely the cloud service provider's responsibility
  6. Under GDPR, what is the right of erasure also commonly called? Right to be forgotten
  7. Which NIST cloud computing characteristic describes the ability of cloud resources to be provisioned and released rapidly to scale elastically with demand? Rapid elasticity
  8. Which regulation requires organizations that handle payment card data to comply with a set of security standards? PCI DSS
  9. What is data sovereignty in the context of cloud storage? The principle that data is subject to the laws of the country in which it is stored
  10. What is the sole data format supported by the SOAP API? XML
  11. Which cloud infrastructure component acts as a logical boundary to isolate resources between different tenants or business units? Virtual Private Cloud (VPC)
  12. Which CCSP domain specifically addresses the security of data stored, processed, and transmitted in the cloud? Cloud Data Security
  13. In the shared responsibility model for IaaS, which security component is the cloud service provider primarily responsible for securing? Hypervisor and physical infrastructure
  14. Which of the following types of storage is most closely related to a standard file system and tree structure? Volume
  15. Which technique replaces sensitive data with a non-sensitive substitute that retains the format but has no exploitable value? Tokenization
  16. Which of the following statements best characterizes VLANs? They are not restricted to the same data center or the same racks.
  17. What is the key architectural difference between containers and virtual machines (VMs)? Containers share the host OS kernel; VMs include a complete guest OS per instance
  18. Which data security technique ensures that data remains protected even if the storage medium is stolen? Encryption at rest
  19. In the context of cloud data security, what is a data custodian responsible for? Implementing and managing the technical security controls that protect data
  20. Which security practice involves deliberately testing an application by providing random, unexpected, or malformed input? Fuzz testing (fuzzing)
  21. Which data types are most typically utilized with the REST API? XML and JSON
  22. What is the primary purpose of data classification in a cloud environment? To assign appropriate security controls based on sensitivity
  23. Which of the following positions for a business entails testing, monitoring, and safeguarding cloud services? Cloud service administrator
  24. Which standard specifically provides guidance on personally identifiable information (PII) protection in public clouds? ISO/IEC 27018
  25. Cryptographic erasure (crypto-shredding) destroys data by doing what? Deleting the encryption key so encrypted data becomes permanently inaccessible
  26. Who should most likely be in charge of maintaining the security of the apps in the production environment in a platform as a service (Paas) model? Cloud customer
  27. Which concept in cloud contracts ensures the customer retains ownership of their data and can retrieve it upon contract termination? Data portability and right to return clause
  28. Which cloud deployment model is operated solely for a group of organizations with shared missions, security requirements, or compliance objectives? Community cloud
  29. Which cloud service model places the MOST infrastructure security responsibility on the cloud customer? Infrastructure as a Service (IaaS)
  30. What is the purpose of an API gateway in cloud application security? To enforce authentication, rate limiting, and traffic management for API calls
Turn these facts into recall: