CCSP STUDY GUIDE 2026 EXAM QUESTIONS AND
ANSWERS SCORED A+
✔✔Organizational Normative Framework (ONF) - ✔✔A framework of so-called
containers for all components of application security best practices catalogued and
leveraged by the organization
✔✔Quality of Service (QoS) - ✔✔Refers to the capability of a network to provide better
service to selected network traffic over various technologies, including Frame Relay,
Asynchronous Transfer Mode (ATM), Ethernet and 802.1 networks, SONET, and IP-
routed networks that may use any or all of these underlying technologies
✔✔Sandbox - ✔✔A testing environment that isolates untested code changes and
outright experimentation from the production environment or repository, in the context of
software development including Web development and revision control
✔✔Security Assertion Markup Language (SAML) - ✔✔A version of the SAML standard
for exchanging authentication and authorization data between security domains
✔✔Static Application Security Testing (SAST) - ✔✔A set of technologies designed to
analyze application source code, byte code and binaries for coding and design
conditions that are indicative of security vulnerabilities
✔✔STRIDE Threat Model - ✔✔Derived from an acronym for the following six threat
categories; Spoofing identity, Tampering with data, Repudiation, Information disclosure,
Denial of service, Elevation of privilege
✔✔Web Application Firewall (WAF) - ✔✔An appliance, server plugin, or filter that
applies a set of rules to an HTTP conversation. Generally, these rules cover common
attacks such as cross-site scripting (XSS) and SQL injection.
✔✔Community cloud - ✔✔This cloud infrastructure is provisioned for exclusive use by a
specific community of organizations with shared concerns (e.g., mission, security
requirements, policy, and compliance considerations).
✔✔Converged networking model - ✔✔Optimized for cloud deployments and utilizes
standard perimeter protection measures. The underlying storage and IP networks are
converged to maximize the benefits for a cloud workload.
✔✔Domain Name System (DNS) - ✔✔A hierarchical, distributed database that contains
mappings of DNS domain names to various types of data, such as Internet Protocol (IP)
addresses. DNS allows you to use friendly names, such as www.isc2.org, to easily
locate computers and other resources on a TCP/IP-based network.
,✔✔Domain Name System Security Extensions (DNSSEC) - ✔✔A suite of extensions
that adds security to the Domain Name System (DNS) protocol by enabling DNS
responses to be validated. Specifically, DNSSEC provides origin authority, data
integrity, and authenticated denial of existence.
✔✔Honeypot - ✔✔Consists of a computer, data, or a network site that appears to be
part of a network, but is actually isolated and monitored, and which seems to contain
information or a resource of value to attackers.
✔✔Host Intrusion Detection Systems (HIDS) - ✔✔Monitors the inbound and outbound
packets from the device only and will alert the user or administrator if suspicious activity
is detected.
✔✔Hybrid cloud - ✔✔This cloud infrastructure is a composition of two or more distinct
cloud infrastructures (private, community, or public) that remain unique entities, but are
bound together by standardized or proprietary technology that enables data and
application portability (e.g., cloud bursting for load balancing between clouds).
✔✔ISO IEC 27001:2013 - ✔✔Help organizations to establish and maintain an ISMS. An
ISMS is a set of interrelated elements that organizations use to manage and control
information security risks and to protect and preserve the confidentiality, integrity, and
availability of information.
✔✔Logical design - ✔✔Part of the design phase of the SDLC in which all functional
features of the system chosen for development in analysis are described independently
of any computer platform
✔✔Multi-tenancy - ✔✔Data center networks that are logically divided into smaller,
isolated networks. They share the physical networking gear but operate on their own
network without visibility into the other logical networks.
✔✔Oversubscription - ✔✔Occurs when more users are connected to a system than can
be fully supported at the same time.
✔✔Private cloud - ✔✔This cloud infrastructure is provisioned for exclusive use by a
single organization comprising multiple consumers (e.g., business units). It may be
owned, managed, and operated by the organization, a third party, or some combination
of them, and it may exist on- or off-premises.
✔✔Public cloud - ✔✔This cloud infrastructure is provisioned for open use by the general
public. It may be owned, managed, and operated by a business, academic, or
government organization, or some combination of them. It exists on the premises of the
cloud provider.
, ✔✔Qualitative assessments - ✔✔Typically employ a set of methods, principles, or rules
for assessing risk based on non-numerical categories or levels (e.g., very low, low,
moderate, high, very high).
✔✔Quantitative assessments - ✔✔Typically employ a set of methods, principles, or
rules for assessing risk based on the use of numbers. This type of assessment most
effectively supports cost-benefit analyses of alternative risk responses or courses of
action.
✔✔Remote Desktop Protocol (RDP) - ✔✔A protocol that allows for separate channels
for carrying presentation data, serial device communication, licensing information, and
highly encrypted data (keyboard, mouse activity).
✔✔Security Information and Event Management (SIEM) - ✔✔A method for analyzing
risk in software systems. It is a centralized collection of monitoring of security and event
logs from different systems. SIEM allows for the correlation of different events and early
detection of attacks.
✔✔Storage Clusters - ✔✔The use of two or more storage servers working together to
increase performance, capacity, or reliability. Clustering distributes workloads to each
server, manages the transfer of workloads between servers, and provides access to all
files from any server regardless of the physical location of the file.
✔✔Traditional networking model - ✔✔A layered approach with physical switches at the
top layer and logical separation at the hypervisor level.
✔✔Australian Privacy Act 1988 - ✔✔Regulates the handling of personal information
about individuals. This includes the collection, use, storage, and disclosure of personal
information, and access to and correction of that information.
✔✔Criminal Law - ✔✔A body of rules and statutes that defines conduct that is
prohibited by the government and is set out to protect the safety and well-being of the
public.
✔✔Doctrine of the Proper Law - ✔✔When a conflict of laws occurs, this determines in
which jurisdiction the dispute will be heard.
✔✔eDiscovery - ✔✔Refers to any process in which electronic data is sought, located,
secured, and searched with the intent of using it as evidence in a civil or criminal legal
case.
✔✔EU General Data Protection Regulation 2012 - ✔✔Will introduce many significant
changes for data processors and controllers. The following may be considered as some
of the more significant changes: The concept of consent, Transfers Abroad, The right to
ANSWERS SCORED A+
✔✔Organizational Normative Framework (ONF) - ✔✔A framework of so-called
containers for all components of application security best practices catalogued and
leveraged by the organization
✔✔Quality of Service (QoS) - ✔✔Refers to the capability of a network to provide better
service to selected network traffic over various technologies, including Frame Relay,
Asynchronous Transfer Mode (ATM), Ethernet and 802.1 networks, SONET, and IP-
routed networks that may use any or all of these underlying technologies
✔✔Sandbox - ✔✔A testing environment that isolates untested code changes and
outright experimentation from the production environment or repository, in the context of
software development including Web development and revision control
✔✔Security Assertion Markup Language (SAML) - ✔✔A version of the SAML standard
for exchanging authentication and authorization data between security domains
✔✔Static Application Security Testing (SAST) - ✔✔A set of technologies designed to
analyze application source code, byte code and binaries for coding and design
conditions that are indicative of security vulnerabilities
✔✔STRIDE Threat Model - ✔✔Derived from an acronym for the following six threat
categories; Spoofing identity, Tampering with data, Repudiation, Information disclosure,
Denial of service, Elevation of privilege
✔✔Web Application Firewall (WAF) - ✔✔An appliance, server plugin, or filter that
applies a set of rules to an HTTP conversation. Generally, these rules cover common
attacks such as cross-site scripting (XSS) and SQL injection.
✔✔Community cloud - ✔✔This cloud infrastructure is provisioned for exclusive use by a
specific community of organizations with shared concerns (e.g., mission, security
requirements, policy, and compliance considerations).
✔✔Converged networking model - ✔✔Optimized for cloud deployments and utilizes
standard perimeter protection measures. The underlying storage and IP networks are
converged to maximize the benefits for a cloud workload.
✔✔Domain Name System (DNS) - ✔✔A hierarchical, distributed database that contains
mappings of DNS domain names to various types of data, such as Internet Protocol (IP)
addresses. DNS allows you to use friendly names, such as www.isc2.org, to easily
locate computers and other resources on a TCP/IP-based network.
,✔✔Domain Name System Security Extensions (DNSSEC) - ✔✔A suite of extensions
that adds security to the Domain Name System (DNS) protocol by enabling DNS
responses to be validated. Specifically, DNSSEC provides origin authority, data
integrity, and authenticated denial of existence.
✔✔Honeypot - ✔✔Consists of a computer, data, or a network site that appears to be
part of a network, but is actually isolated and monitored, and which seems to contain
information or a resource of value to attackers.
✔✔Host Intrusion Detection Systems (HIDS) - ✔✔Monitors the inbound and outbound
packets from the device only and will alert the user or administrator if suspicious activity
is detected.
✔✔Hybrid cloud - ✔✔This cloud infrastructure is a composition of two or more distinct
cloud infrastructures (private, community, or public) that remain unique entities, but are
bound together by standardized or proprietary technology that enables data and
application portability (e.g., cloud bursting for load balancing between clouds).
✔✔ISO IEC 27001:2013 - ✔✔Help organizations to establish and maintain an ISMS. An
ISMS is a set of interrelated elements that organizations use to manage and control
information security risks and to protect and preserve the confidentiality, integrity, and
availability of information.
✔✔Logical design - ✔✔Part of the design phase of the SDLC in which all functional
features of the system chosen for development in analysis are described independently
of any computer platform
✔✔Multi-tenancy - ✔✔Data center networks that are logically divided into smaller,
isolated networks. They share the physical networking gear but operate on their own
network without visibility into the other logical networks.
✔✔Oversubscription - ✔✔Occurs when more users are connected to a system than can
be fully supported at the same time.
✔✔Private cloud - ✔✔This cloud infrastructure is provisioned for exclusive use by a
single organization comprising multiple consumers (e.g., business units). It may be
owned, managed, and operated by the organization, a third party, or some combination
of them, and it may exist on- or off-premises.
✔✔Public cloud - ✔✔This cloud infrastructure is provisioned for open use by the general
public. It may be owned, managed, and operated by a business, academic, or
government organization, or some combination of them. It exists on the premises of the
cloud provider.
, ✔✔Qualitative assessments - ✔✔Typically employ a set of methods, principles, or rules
for assessing risk based on non-numerical categories or levels (e.g., very low, low,
moderate, high, very high).
✔✔Quantitative assessments - ✔✔Typically employ a set of methods, principles, or
rules for assessing risk based on the use of numbers. This type of assessment most
effectively supports cost-benefit analyses of alternative risk responses or courses of
action.
✔✔Remote Desktop Protocol (RDP) - ✔✔A protocol that allows for separate channels
for carrying presentation data, serial device communication, licensing information, and
highly encrypted data (keyboard, mouse activity).
✔✔Security Information and Event Management (SIEM) - ✔✔A method for analyzing
risk in software systems. It is a centralized collection of monitoring of security and event
logs from different systems. SIEM allows for the correlation of different events and early
detection of attacks.
✔✔Storage Clusters - ✔✔The use of two or more storage servers working together to
increase performance, capacity, or reliability. Clustering distributes workloads to each
server, manages the transfer of workloads between servers, and provides access to all
files from any server regardless of the physical location of the file.
✔✔Traditional networking model - ✔✔A layered approach with physical switches at the
top layer and logical separation at the hypervisor level.
✔✔Australian Privacy Act 1988 - ✔✔Regulates the handling of personal information
about individuals. This includes the collection, use, storage, and disclosure of personal
information, and access to and correction of that information.
✔✔Criminal Law - ✔✔A body of rules and statutes that defines conduct that is
prohibited by the government and is set out to protect the safety and well-being of the
public.
✔✔Doctrine of the Proper Law - ✔✔When a conflict of laws occurs, this determines in
which jurisdiction the dispute will be heard.
✔✔eDiscovery - ✔✔Refers to any process in which electronic data is sought, located,
secured, and searched with the intent of using it as evidence in a civil or criminal legal
case.
✔✔EU General Data Protection Regulation 2012 - ✔✔Will introduce many significant
changes for data processors and controllers. The following may be considered as some
of the more significant changes: The concept of consent, Transfers Abroad, The right to
