Introduction

The Certified Cloud Security Professional (CCSP) certification satisfies the growing demand for trained and qualified cloud security professionals. It is not easy to earn this credential; the exam is extremely difficult, and the endorsement process is lengthy and detailed.

The CCSP (ISC)2 Certified Cloud Security Professional Official Study Guide offers the cloud professional a solid foundation for taking and passing the Certified Cloud Security Professional (CCSP) exam.

The more information you have at your disposal and the more hands-on experience you gain, the better off you'll be when attempting the exam. This study guide was written with that in mind. The goal was to provide enough information to prepare you for the test, but not so much that you'll be overloaded with information that's outside the scope of the exam.

This book presents the material at an intermediate technical level. Experience with and knowledge of security concepts, operating systems, and application systems will help you get a full understanding of the challenges that you'll face as a security professional.

We've included review questions at the end of each chapter to give you a taste of what it's like to take the exam. If you're already working in the security field, we recommend that you check out these questions first to gauge your level of expertise. You can then use the book mainly to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam.

If you can answer 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you're unable to answer that many correctly, reread the chapter and try the questions again. Your score should improve.

Don't just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions.

CCSP Certification

The CCSP certification is offered by the International Information System Security Certification Consortium, or (ISC)2, a global nonprofit organization. The mission of (ISC)2 is to support and provide members and constituents with credentials, resources, and leadership to address cybersecurity as well as information, software, and infrastructure security to deliver value to society. (ISC)2 achieves this mission by delivering the world's leading information security certification program. The CCSP is the cloud-focused credential in this series and is accompanied by several other (ISC)2 programs:

• Certified Information Systems Security Professional (CISSP)
• Systems Security Certified Practitioner (SSCP)
• Certified Authorization Professional (CAP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• HealthCare Information Security and Privacy Practitioner (HCISPP)

The CCSP certification covers six domains of cloud security knowledge. These domains are meant to serve as the broad knowledge foundation required to succeed in cloud security roles:

• Cloud Concepts, Architecture, and Design
• Cloud Data Security
• Cloud Platform and Infrastructure Security
• Cloud Application Security
• Cloud Security Operations
• Legal, Risk, and Compliance

The CCSP domains are periodically updated by (ISC)2. The most recent revision in August 2022 slightly modified the weighting for Cloud Data Security from 19 to 20 percent while changing the focus on Cloud Security Operations from 17 to 16 percent. It also added or expanded coverage of emerging topics in cloud security.

Complete details on the CCSP Common Body of Knowledge (CBK) are contained in the Exam Outline (Candidate Information Bulletin). It includes a full outline of exam topics and can be found on the (ISC)2 website at www.isc2.org.

Taking the CCSP Exam

The CCSP exam is administered in English, Chinese, German, Japanese, Korean, and Spanish using a computer-based testing format. Your exam will contain 150 questions and have a four-hour time limit. You will not have the opportunity to skip back and forth as you take the exam: you only have one chance to answer each question correctly, so be careful!

Passing the CCSP exam requires achieving a score of at least 700 out of 1,000 points. It's important to understand that this is a scaled score, meaning that not every question is worth the same number of points. Questions of differing difficulty may factor into your score more or less heavily, and adaptive exams adjust to the test taker.

That said, as you work through the practice exams included in this book, you might want to use 70 percent as a goal to help you get a sense of whether you're ready to sit for the actual exam. When you're ready, you can schedule an exam at a location near you through the (ISC)2 website.

Questions on the CCSP exam use a standard multiple-choice format where you are presented with a question and four possible answer choices, one of which is correct. Remember to read the full question and all of the answer options very carefully. Some of those questions can get tricky!

Computer-Based Testing Environment

The CCSP exam is administered in a computer-based testing (CBT) format. You'll register for the exam through the Pearson Vue website and may take the exam in the language of your choice.

You'll take the exam in a computer-based testing center located near your home or office. The centers administer many different exams, so you may find yourself sitting in the same room as a student taking a school entrance examination and a healthcare professional earning a medical certification. If you'd like to become more familiar with the testing environment, the Pearson Vue website offers a virtual tour of a testing center:

https://home.pearsonvue.com/test-taker/Pearson-Professional-Center-Tour.aspx

When you take the exam, you'll be seated at a computer that has the exam software already loaded and running. It's a pretty straightforward interface that allows you to navigate through the exam. You can download a practice exam and tutorial from the Pearson Vue website:

www.vue.com/athena/athena.asp

Exam policies can change from time to time. We highly recommend that you check both the (ISC)2 and Pearson VUE sites for the most up-to-date information when you begin your preparing, when you register, and again a few days before your scheduled exam date.

Exam Retake Policy

If you don't pass the CCSP exam, you shouldn't panic. Many individuals don't reach the bar on their first attempt but gain valuable experience that helps them succeed the second time around. When you retake the exam, you'll have the benefit of familiarity with the CBT environment and the CCSP exam format. You'll also have time to study the areas where you felt less confident.

After your first exam attempt, you must wait 30 days before retaking the computer-based exam. If you're not successful on that attempt, you must then wait 60 days before your third attempt and 90 days before your fourth attempt. You may not take the exam more than four times in any 12-month period.

Work Experience Requirement

Candidates who want to earn the CCSP credential must not only pass the exam but also demonstrate that they have at least five years of work experience in the information technology field. Your work experience must include three years of information security experience and one year of experience in one or more of the six CCSP domains.

Candidates who hold the CISSP certification may substitute that certification for the entire CCSP experience requirement. Candidates with the Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance (CSA) may substitute that certification for one year of experience in the CCSP domains.

If you haven't yet completed your work experience requirement, you may still attempt the CCSP exam. An individual who passes the exam is a designated Associate of (ISC)2 and has six years to complete the work experience requirement.

Recertification Requirements

Once you've earned your CCSP credential, you'll need to maintain your certification by paying maintenance fees and participating in continuing professional education (CPE). As long as you maintain your certification in good standing, you will not need to retake the CCSP exam.

Currently, the annual maintenance fees for the CCSP credential are $125 per year. This fee covers the renewal for all (ISC)2 certifications held by an individual.

The CCSP CPE requirement mandates earning at least 90 CPE credits during each three-year renewal cycle. Associates of (ISC)2 must earn at least 15 CPE credits each year. (ISC)2 provides an online portal where certificate holders may submit CPE completion for review and approval. The portal also tracks annual maintenance fee payments and progress toward recertification.

What Does This Book Cover?

This book covers everything you need to know to pass the CCSP exam:

• Chapter 1: Architectural Concepts
• Chapter 2: Data Classification
• Chapter 3: Cloud Data Security
• Chapter 4:...