CSS Cheat Sheet 2026

The 30 highest-yield CSS facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

100 questions
120 min time limit
70.00% to pass
  1. Which standard is used to automate the provisioning and deprovisioning of user accounts across systems? SCIM (System for Cross-domain Identity Management)
  2. What is an orphaned account and why is it a security risk? An account no longer associated with an active user that may be exploited by attackers
  3. What network security control is designed to detect and prevent unauthorized wireless access points? Wireless intrusion prevention system (WIPS)
  4. What is the primary purpose of Cloud Security Posture Management (CSPM)? To continuously assess cloud configurations for compliance gaps and security risks
  5. Which privacy law in the United States grants California residents rights over their personal data? California Consumer Privacy Act (CCPA)
  6. What is the importance of incident documentation? To provide records for future analysis and lessons learned
  7. What is the function of a network access control (NAC) system in enterprise security? Enforces security policy compliance before granting network access
  8. Which IAM control helps prevent privilege escalation by ensuring users cannot grant themselves higher permissions than they currently hold? Constrained delegation and permission boundary enforcement
  9. What is the significance of risk assessments in security policy development? To identify and prioritize risks in security policy development
  10. What role does recovery play in incident response? To restore normal operations and minimize the impact
  11. Why is it necessary to evaluate the likelihood and impact of each identified risk? To prioritize resources and mitigation efforts
  12. Which protocol is used to encrypt DNS queries to prevent eavesdropping and tampering? DNS over HTTPS (DoH)
  13. Which cryptographic concept ensures that a party cannot deny having performed an action? Non-repudiation
  14. Which principle best describes 'zero trust' architecture as applied to cloud environments? Never implicitly trusting any user, device, or network segment regardless of location
  15. Which attack floods a target server with half-open TCP connections to exhaust its resources? SYN flood
  16. How does employee training contribute to effective security policy enforcement? By educating employees on policy and compliance
  17. Why is it important to involve external partners during incident recovery? To bring in expertise and support during recovery
  18. What does 'perfect forward secrecy' (PFS) ensure in TLS connections? Compromise of the server's private key does not expose past session keys
  19. What security vulnerability is MOST associated with serverless (Function as a Service) architectures? Event-data injection attacks via malicious data passed through function triggers
  20. What does FedRAMP primarily govern? Security requirements for cloud services used by U.S. federal government agencies
  21. Which encryption mode of AES is considered most secure for bulk data encryption due to its use of an initialization vector and chaining? AES-CBC (Cipher Block Chaining)
  22. Which attack targets authentication systems by using previously captured valid authentication tokens? Pass-the-ticket / pass-the-hash attack
  23. What role does compliance play in security policy development? To ensure policies meet legal and regulatory requirements
  24. What is the security risk of using weak or short RSA key lengths (e.g., 512-bit) in production systems? They can be factored using modern computing power, allowing private key recovery
  25. What is a zero-day vulnerability? A vulnerability that is unknown to the software vendor and has no available patch
  26. What is the role of enforcement in security policy development? To ensure policies are followed and violations addressed
  27. Which vulnerability management metric measures the average time between a patch being available and it being applied to production systems? Mean time to remediate (MTTR)
  28. In cloud computing, what does 'data sovereignty' refer to? The legal principle that data is subject to the laws of the country where it resides
  29. Which hashing algorithm is currently recommended by NIST for secure cryptographic applications? SHA-256
  30. Which encryption protocol version is considered best practice for protecting data in transit within cloud environments? TLS 1.2 or higher for all cloud communications
Turn these facts into recall: