CSS Cheat Sheet 2026
The 30 highest-yield CSS facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
100 questions
120 min time limit
70.00% to pass
- Which standard is used to automate the provisioning and deprovisioning of user accounts across systems? → SCIM (System for Cross-domain Identity Management)
- What is an orphaned account and why is it a security risk? → An account no longer associated with an active user that may be exploited by attackers
- What network security control is designed to detect and prevent unauthorized wireless access points? → Wireless intrusion prevention system (WIPS)
- What is the primary purpose of Cloud Security Posture Management (CSPM)? → To continuously assess cloud configurations for compliance gaps and security risks
- Which privacy law in the United States grants California residents rights over their personal data? → California Consumer Privacy Act (CCPA)
- What is the importance of incident documentation? → To provide records for future analysis and lessons learned
- What is the function of a network access control (NAC) system in enterprise security? → Enforces security policy compliance before granting network access
- Which IAM control helps prevent privilege escalation by ensuring users cannot grant themselves higher permissions than they currently hold? → Constrained delegation and permission boundary enforcement
- What is the significance of risk assessments in security policy development? → To identify and prioritize risks in security policy development
- What role does recovery play in incident response? → To restore normal operations and minimize the impact
- Why is it necessary to evaluate the likelihood and impact of each identified risk? → To prioritize resources and mitigation efforts
- Which protocol is used to encrypt DNS queries to prevent eavesdropping and tampering? → DNS over HTTPS (DoH)
- Which cryptographic concept ensures that a party cannot deny having performed an action? → Non-repudiation
- Which principle best describes 'zero trust' architecture as applied to cloud environments? → Never implicitly trusting any user, device, or network segment regardless of location
- Which attack floods a target server with half-open TCP connections to exhaust its resources? → SYN flood
- How does employee training contribute to effective security policy enforcement? → By educating employees on policy and compliance
- Why is it important to involve external partners during incident recovery? → To bring in expertise and support during recovery
- What does 'perfect forward secrecy' (PFS) ensure in TLS connections? → Compromise of the server's private key does not expose past session keys
- What security vulnerability is MOST associated with serverless (Function as a Service) architectures? → Event-data injection attacks via malicious data passed through function triggers
- What does FedRAMP primarily govern? → Security requirements for cloud services used by U.S. federal government agencies
- Which encryption mode of AES is considered most secure for bulk data encryption due to its use of an initialization vector and chaining? → AES-CBC (Cipher Block Chaining)
- Which attack targets authentication systems by using previously captured valid authentication tokens? → Pass-the-ticket / pass-the-hash attack
- What role does compliance play in security policy development? → To ensure policies meet legal and regulatory requirements
- What is the security risk of using weak or short RSA key lengths (e.g., 512-bit) in production systems? → They can be factored using modern computing power, allowing private key recovery
- What is a zero-day vulnerability? → A vulnerability that is unknown to the software vendor and has no available patch
- What is the role of enforcement in security policy development? → To ensure policies are followed and violations addressed
- Which vulnerability management metric measures the average time between a patch being available and it being applied to production systems? → Mean time to remediate (MTTR)
- In cloud computing, what does 'data sovereignty' refer to? → The legal principle that data is subject to the laws of the country where it resides
- Which hashing algorithm is currently recommended by NIST for secure cryptographic applications? → SHA-256
- Which encryption protocol version is considered best practice for protecting data in transit within cloud environments? → TLS 1.2 or higher for all cloud communications
Turn these facts into recall: