CCSP EVALUATION EXAM 2026 QUESTIONS AND ANSWERS
SCORED A+
✔✔Logical design - ✔✔Part of the design phase of the SDLC in which all functional
features of the system chosen for development in analysis are described independently
of any computer platform
✔✔Multi-tenancy - ✔✔Data center networks that are logically divided into smaller,
isolated networks. They share the physical networking gear but operate on their own
network without visibility into the other logical networks.
✔✔Oversubscription - ✔✔Occurs when more users are connected to a system than can
be fully supported at the same time.
✔✔Private cloud - ✔✔This cloud infrastructure is provisioned for exclusive use by a
single organization comprising multiple consumers (e.g., business units). It may be
owned, managed, and operated by the organization, a third party, or some combination
of them, and it may exist on- or off-premises.
✔✔Public cloud - ✔✔This cloud infrastructure is provisioned for open use by the general
public. It may be owned, managed, and operated by a business, academic, or
government organization, or some combination of them. It exists on the premises of the
cloud provider.
✔✔Qualitative assessments - ✔✔Typically employ a set of methods, principles, or rules
for assessing risk based on non-numerical categories or levels (e.g., very low, low,
moderate, high, very high).
✔✔Quantitative assessments - ✔✔Typically employ a set of methods, principles, or
rules for assessing risk based on the use of numbers. This type of assessment most
effectively supports cost-benefit analyses of alternative risk responses or courses of
action.
✔✔Remote Desktop Protocol (RDP) - ✔✔A protocol that allows for separate channels
for carrying presentation data, serial device communication, licensing information, and
highly encrypted data (keyboard, mouse activity).
✔✔Security Information and Event Management (SIEM) - ✔✔A method for analyzing
risk in software systems. It is a centralized collection of monitoring of security and event
logs from different systems. SIEM allows for the correlation of different events and early
detection of attacks.
✔✔Storage Clusters - ✔✔The use of two or more storage servers working together to
increase performance, capacity, or reliability. Clustering distributes workloads to each
, server, manages the transfer of workloads between servers, and provides access to all
files from any server regardless of the physical location of the file.
✔✔Traditional networking model - ✔✔A layered approach with physical switches at the
top layer and logical separation at the hypervisor level.
✔✔Australian Privacy Act 1988 - ✔✔Regulates the handling of personal information
about individuals. This includes the collection, use, storage, and disclosure of personal
information, and access to and correction of that information.
✔✔Criminal Law - ✔✔A body of rules and statutes that defines conduct that is
prohibited by the government and is set out to protect the safety and well-being of the
public.
✔✔Doctrine of the Proper Law - ✔✔When a conflict of laws occurs, this determines in
which jurisdiction the dispute will be heard.
✔✔eDiscovery - ✔✔Refers to any process in which electronic data is sought, located,
secured, and searched with the intent of using it as evidence in a civil or criminal legal
case.
✔✔EU General Data Protection Regulation 2012 - ✔✔Will introduce many significant
changes for data processors and controllers. The following may be considered as some
of the more significant changes: The concept of consent, Transfers Abroad, The right to
be forgotten, Establishment of the role of the "Data Protection Officer", Access
Requests, Home State Regulation, Increased Sanctions
✔✔Gramm-Leach-Bliley Act (GLBA) - ✔✔Federal law enacted in the United States to
control the ways that financial institutions deal with the private information of individuals.
✔✔Health Insurance Portability and Accountability Act of 1996 (HIPAA) - ✔✔Adopt
national standards for electronic healthcare transactions and national identifiers for
providers, health plans, and employers. Protected Health information can be stored via
cloud computing under HIPAA.
✔✔Information gathering - ✔✔Refers to the process of identifying, collecting,
documenting, structuring, and communicating information from various sources in order
to enable educated and swift decision making to occur.
✔✔ISO/IEC 27018 - ✔✔Address the privacy aspects of cloud computing for consumers
and is the first international set of privacy controls in the cloud.
✔✔Sarbanes Oxley Act (SOX) - ✔✔Legislation enacted to protect shareholders and the
general public from accounting errors and fraudulent practices in the enterprise.
SCORED A+
✔✔Logical design - ✔✔Part of the design phase of the SDLC in which all functional
features of the system chosen for development in analysis are described independently
of any computer platform
✔✔Multi-tenancy - ✔✔Data center networks that are logically divided into smaller,
isolated networks. They share the physical networking gear but operate on their own
network without visibility into the other logical networks.
✔✔Oversubscription - ✔✔Occurs when more users are connected to a system than can
be fully supported at the same time.
✔✔Private cloud - ✔✔This cloud infrastructure is provisioned for exclusive use by a
single organization comprising multiple consumers (e.g., business units). It may be
owned, managed, and operated by the organization, a third party, or some combination
of them, and it may exist on- or off-premises.
✔✔Public cloud - ✔✔This cloud infrastructure is provisioned for open use by the general
public. It may be owned, managed, and operated by a business, academic, or
government organization, or some combination of them. It exists on the premises of the
cloud provider.
✔✔Qualitative assessments - ✔✔Typically employ a set of methods, principles, or rules
for assessing risk based on non-numerical categories or levels (e.g., very low, low,
moderate, high, very high).
✔✔Quantitative assessments - ✔✔Typically employ a set of methods, principles, or
rules for assessing risk based on the use of numbers. This type of assessment most
effectively supports cost-benefit analyses of alternative risk responses or courses of
action.
✔✔Remote Desktop Protocol (RDP) - ✔✔A protocol that allows for separate channels
for carrying presentation data, serial device communication, licensing information, and
highly encrypted data (keyboard, mouse activity).
✔✔Security Information and Event Management (SIEM) - ✔✔A method for analyzing
risk in software systems. It is a centralized collection of monitoring of security and event
logs from different systems. SIEM allows for the correlation of different events and early
detection of attacks.
✔✔Storage Clusters - ✔✔The use of two or more storage servers working together to
increase performance, capacity, or reliability. Clustering distributes workloads to each
, server, manages the transfer of workloads between servers, and provides access to all
files from any server regardless of the physical location of the file.
✔✔Traditional networking model - ✔✔A layered approach with physical switches at the
top layer and logical separation at the hypervisor level.
✔✔Australian Privacy Act 1988 - ✔✔Regulates the handling of personal information
about individuals. This includes the collection, use, storage, and disclosure of personal
information, and access to and correction of that information.
✔✔Criminal Law - ✔✔A body of rules and statutes that defines conduct that is
prohibited by the government and is set out to protect the safety and well-being of the
public.
✔✔Doctrine of the Proper Law - ✔✔When a conflict of laws occurs, this determines in
which jurisdiction the dispute will be heard.
✔✔eDiscovery - ✔✔Refers to any process in which electronic data is sought, located,
secured, and searched with the intent of using it as evidence in a civil or criminal legal
case.
✔✔EU General Data Protection Regulation 2012 - ✔✔Will introduce many significant
changes for data processors and controllers. The following may be considered as some
of the more significant changes: The concept of consent, Transfers Abroad, The right to
be forgotten, Establishment of the role of the "Data Protection Officer", Access
Requests, Home State Regulation, Increased Sanctions
✔✔Gramm-Leach-Bliley Act (GLBA) - ✔✔Federal law enacted in the United States to
control the ways that financial institutions deal with the private information of individuals.
✔✔Health Insurance Portability and Accountability Act of 1996 (HIPAA) - ✔✔Adopt
national standards for electronic healthcare transactions and national identifiers for
providers, health plans, and employers. Protected Health information can be stored via
cloud computing under HIPAA.
✔✔Information gathering - ✔✔Refers to the process of identifying, collecting,
documenting, structuring, and communicating information from various sources in order
to enable educated and swift decision making to occur.
✔✔ISO/IEC 27018 - ✔✔Address the privacy aspects of cloud computing for consumers
and is the first international set of privacy controls in the cloud.
✔✔Sarbanes Oxley Act (SOX) - ✔✔Legislation enacted to protect shareholders and the
general public from accounting errors and fraudulent practices in the enterprise.
