CCSK Exam Prep Free practice test →

Free CCSK Practice Questions

10 free, exam-style Certificate of Cloud Security Knowledge (CCSK) v5 (CCSK) practice questions with answers and explanations. No signup required. Work through them below, then take the full free CCSK practice test to study every exam domain.

Question 1

According to NIST SP 800-145, what are the two foundational enabling concepts of cloud computing?

  1. Virtualization and containerization
  2. Abstraction and orchestration
  3. Automation and elasticity
  4. Multi-tenancy and measured service
Show answer & explanation

Correct answer: B - Abstraction and orchestration

Question 2

In the context of cloud computing, abstraction refers to:

  1. Encrypting data so it cannot be read by unauthorized users
  2. Resource pooling via virtualization, hiding physical infrastructure complexity from users
  3. The process of automating incident response procedures
  4. Creating backup copies of virtual machines across regions
Show answer & explanation

Correct answer: B - Resource pooling via virtualization, hiding physical infrastructure complexity from users

Question 3

Orchestration, as a foundational concept of cloud computing, is BEST described as:

  1. The manual process of assigning resources to cloud tenants
  2. The automated management of abstracted resources, coordinating provisioning, scaling, and lifecycle
  3. The physical arrangement of servers in a data center
  4. A security control that prevents unauthorized access to management APIs
Show answer & explanation

Correct answer: B - The automated management of abstracted resources, coordinating provisioning, scaling, and lifecycle

Question 4

Which international standard defines cloud computing terminology and is considered alongside NIST SP 800-145 for the CCSK exam?

  1. ISO/IEC 27001:2022
  2. ISO/IEC 22123-1:2023
  3. ISO/IEC 27017:2015
  4. ISO/IEC 27018:2019
Show answer & explanation

Correct answer: B - ISO/IEC 22123-1:2023

Question 5

A cloud provider hosts multiple organizations on shared physical infrastructure, but each organization's data and processes are logically separated. This arrangement is known as:

  1. Single-tenancy
  2. Multi-tenancy
  3. Hybrid deployment
  4. Community cloud
Show answer & explanation

Correct answer: B - Multi-tenancy

Question 6

What is the PRIMARY difference between segregation and isolation in a multi-tenant cloud environment?

  1. Segregation uses encryption while isolation uses access controls
  2. Segregation provides logical separation while isolation enforces stronger boundaries between tenants
  3. Segregation is used in public clouds while isolation is used in private clouds
  4. Segregation applies to data only while isolation applies to network traffic only
Show answer & explanation

Correct answer: B - Segregation provides logical separation while isolation enforces stronger boundaries between tenants

Question 7

When different departments within the same company share a private cloud environment, each with their own resources and access controls, this is an example of:

  1. Inter-organizational multi-tenancy
  2. Intra-organizational multi-tenancy
  3. Community cloud deployment
  4. Hybrid cloud architecture
Show answer & explanation

Correct answer: B - Intra-organizational multi-tenancy

Question 8

Multiple healthcare organizations share a cloud environment operated by a third-party provider specializing in HIPAA-compliant infrastructure. The organizations are separate entities. This is an example of:

  1. Intra-organizational multi-tenancy
  2. Inter-organizational multi-tenancy
  3. Private cloud deployment
  4. Single-tenancy with shared billing
Show answer & explanation

Correct answer: B - Inter-organizational multi-tenancy

Question 9

A security architect is evaluating the isolation mechanisms of a cloud provider. Which concern is MOST directly related to multi-tenancy?

  1. Whether the provider offers sufficient bandwidth for data transfers
  2. Whether one tenant's activities could potentially affect another tenant's security or performance
  3. Whether the provider's pricing model is transparent
  4. Whether the provider supports multiple programming languages
Show answer & explanation

Correct answer: B - Whether one tenant's activities could potentially affect another tenant's security or performance

Question 10

The NIST definition and the ISO/IEC definition of cloud computing both emphasize which fundamental capability?

  1. Zero-trust security architecture
  2. On-demand network access to a shared pool of configurable resources
  3. Mandatory encryption of all data at rest
  4. Annual third-party security audits
Show answer & explanation

Correct answer: B - On-demand network access to a shared pool of configurable resources

Ready for the real thing?

Practice hundreds more CCSK questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing