CCSP COMPREHENSIVE 2026 UPDATED QUESTIONS AND
ANSWERS SCORED A+
✔✔Demilitarized Zone (DMZ) - ✔✔Isolates network elements such as e-mail servers
that, because they can be accessed from trustless networks, are exposed to external
attacks.
✔✔Enterprise Risk Management - ✔✔The set of processes and structure to
systematically manage all risks to the enterprise.
✔✔Hardware Security Module (HSM) - ✔✔A device that can safely store and manage
encryption keys. This can be used in servers, data transmission, protecting log files, etc.
✔✔Management Plane - ✔✔Controls the entire infrastructure, and parts of it will be
exposed to customers independent of network location, it is a prime resource to protect.
✔✔Object Storage - ✔✔Objects (files) are stored with additional metadata (content
type, redundancy required, creation date, etc.). These objects are accessible through
APIs and potentially through a web user interface.
✔✔Redundant Array of Inexpensive Disks (RAID - ✔✔Instead of using one large disk to
store data, one can use many smaller disks (because they are cheaper).
An approach to using many low-cost drives as a group to improve performance, yet also
provides a degree of redundancy that makes the chance of data loss remote.
✔✔Security Alliance's Cloud Controls Matrix - ✔✔A framework to enable cooperation
between cloud consumers and cloud providers on demonstrating adequate risk
management
✔✔Software Defined Networking (SDN) - ✔✔A broad and developing concept
addressing the management of the various network components.
The objective is to provide a control plane to manage network traffic on a more abstract
level than through direct management of network components.
✔✔Application Normative Framework (ANF) - ✔✔A subset of the ONF that will contain
only the information required for a specific business application to reach the targeted
level of trust
✔✔Application Programming Interfaces (APIs) - ✔✔A set of routines, standards,
protocols, and tools for building software applications to access a Web-based software
application or Web tool
✔✔Application Virtualization - ✔✔Software technology that encapsulates application
software from the underlying operating system on which it is executed
, ✔✔Data Masking - ✔✔A method of creating a structurally similar but inauthentic version
of an organization's data that can be used for purposes such as software testing and
user training
✔✔Database Activity Monitoring (DAM) - ✔✔A database security technology for
monitoring and analyzing database activity that operates independently of the database
management system (DBMS) and does not rely on any form of native (DBMS-resident)
auditing or native logs such as trace or transaction logs
✔✔Dynamic Application Security Testing (DAST) - ✔✔The process of testing an
application or software product in an operating state
✔✔Federated Identity Management - ✔✔An arrangement that can be made among
multiple enterprises that lets subscribers use the same identification data to obtain
access to the networks of all enterprises in the group
✔✔Federated Single Sign-on (SSO) - ✔✔Single sign-on (SSO) systems allow a single
user authentication process across multiple IT systems or even organizations. SSO is a
subset of federated identity management, as it relates only to authentication and
technical interoperability
✔✔Identity and Access Management (IAM) - ✔✔The security discipline that enables the
right individuals to access the right resources at the right times for the right reasons
✔✔ISO/IEC 27034-1 - ✔✔Represents an overview of application security. It introduces
definitions, concepts, principles and processes involved in application security
✔✔Multi-factor Authentication - ✔✔A method of computer access control which a user
can pass by successfully presenting authentication factors from at least two of the three
categories: knowledge factors, such as passwords. Combines two or more independent
credentials: what the user knows, what the user has and what the user is.
✔✔Organizational Normative Framework (ONF) - ✔✔A framework of so-called
containers for all components of application security best practices catalogued and
leveraged by the organization
✔✔Quality of Service (QoS) - ✔✔Refers to the capability of a network to provide better
service to selected network traffic over various technologies, including Frame Relay,
Asynchronous Transfer Mode (ATM), Ethernet and 802.1 networks, SONET, and IP-
routed networks that may use any or all of these underlying technologies
✔✔Sandbox - ✔✔A testing environment that isolates untested code changes and
outright experimentation from the production environment or repository, in the context of
software development including Web development and revision control
ANSWERS SCORED A+
✔✔Demilitarized Zone (DMZ) - ✔✔Isolates network elements such as e-mail servers
that, because they can be accessed from trustless networks, are exposed to external
attacks.
✔✔Enterprise Risk Management - ✔✔The set of processes and structure to
systematically manage all risks to the enterprise.
✔✔Hardware Security Module (HSM) - ✔✔A device that can safely store and manage
encryption keys. This can be used in servers, data transmission, protecting log files, etc.
✔✔Management Plane - ✔✔Controls the entire infrastructure, and parts of it will be
exposed to customers independent of network location, it is a prime resource to protect.
✔✔Object Storage - ✔✔Objects (files) are stored with additional metadata (content
type, redundancy required, creation date, etc.). These objects are accessible through
APIs and potentially through a web user interface.
✔✔Redundant Array of Inexpensive Disks (RAID - ✔✔Instead of using one large disk to
store data, one can use many smaller disks (because they are cheaper).
An approach to using many low-cost drives as a group to improve performance, yet also
provides a degree of redundancy that makes the chance of data loss remote.
✔✔Security Alliance's Cloud Controls Matrix - ✔✔A framework to enable cooperation
between cloud consumers and cloud providers on demonstrating adequate risk
management
✔✔Software Defined Networking (SDN) - ✔✔A broad and developing concept
addressing the management of the various network components.
The objective is to provide a control plane to manage network traffic on a more abstract
level than through direct management of network components.
✔✔Application Normative Framework (ANF) - ✔✔A subset of the ONF that will contain
only the information required for a specific business application to reach the targeted
level of trust
✔✔Application Programming Interfaces (APIs) - ✔✔A set of routines, standards,
protocols, and tools for building software applications to access a Web-based software
application or Web tool
✔✔Application Virtualization - ✔✔Software technology that encapsulates application
software from the underlying operating system on which it is executed
, ✔✔Data Masking - ✔✔A method of creating a structurally similar but inauthentic version
of an organization's data that can be used for purposes such as software testing and
user training
✔✔Database Activity Monitoring (DAM) - ✔✔A database security technology for
monitoring and analyzing database activity that operates independently of the database
management system (DBMS) and does not rely on any form of native (DBMS-resident)
auditing or native logs such as trace or transaction logs
✔✔Dynamic Application Security Testing (DAST) - ✔✔The process of testing an
application or software product in an operating state
✔✔Federated Identity Management - ✔✔An arrangement that can be made among
multiple enterprises that lets subscribers use the same identification data to obtain
access to the networks of all enterprises in the group
✔✔Federated Single Sign-on (SSO) - ✔✔Single sign-on (SSO) systems allow a single
user authentication process across multiple IT systems or even organizations. SSO is a
subset of federated identity management, as it relates only to authentication and
technical interoperability
✔✔Identity and Access Management (IAM) - ✔✔The security discipline that enables the
right individuals to access the right resources at the right times for the right reasons
✔✔ISO/IEC 27034-1 - ✔✔Represents an overview of application security. It introduces
definitions, concepts, principles and processes involved in application security
✔✔Multi-factor Authentication - ✔✔A method of computer access control which a user
can pass by successfully presenting authentication factors from at least two of the three
categories: knowledge factors, such as passwords. Combines two or more independent
credentials: what the user knows, what the user has and what the user is.
✔✔Organizational Normative Framework (ONF) - ✔✔A framework of so-called
containers for all components of application security best practices catalogued and
leveraged by the organization
✔✔Quality of Service (QoS) - ✔✔Refers to the capability of a network to provide better
service to selected network traffic over various technologies, including Frame Relay,
Asynchronous Transfer Mode (ATM), Ethernet and 802.1 networks, SONET, and IP-
routed networks that may use any or all of these underlying technologies
✔✔Sandbox - ✔✔A testing environment that isolates untested code changes and
outright experimentation from the production environment or repository, in the context of
software development including Web development and revision control
