Cloud Platform and Infrastructure Security for CCSP

Sample Practice Questions

1. Question 1

   What is the best source for information about securing a physical asset's BIOS?
   1. A. Security policies
   2. B. Manual pages
   3. C. Vendor documentation
   4. D. Regulations
   Explanation

   The correct answer is: C. Vendor documentation.

   Vendor documentation is the authoritative source for hardening BIOS/UEFI firmware because the menus, security features (Secure Boot, TPM provisioning, password types, boot order locking, write-protection), and update procedures are entirely manufacturer-specific; Dell iDRAC, HPE iLO, Lenovo XCC, and Supermicro all differ, and only the OEM publishes accurate, current guidance. Security policies define what must be done but rarely specify the BIOS-screen sequence to do it. Manual pages document command-line utilities on a running OS and do not cover pre-boot firmware settings. Regulations express required outcomes (e.g., disabling boot from removable media) but never the model-specific procedure to achieve them. Engineers begin firmware hardening from the vendor's security technical implementation guide, then map it back to organizational policy and regulatory requirements.

2. Question 2

   What does the management plane typically utilize to perform administrative functions on the hypervisors that it has access to?
   1. A. Scripts
   2. B. RDP
   3. C. APIs
   4. D. XML
   Explanation

   The correct answer is: C. APIs.

   The management plane uses APIs to perform administrative actions on hypervisors because hypervisors expose well-defined REST or RPC API surfaces (vSphere API, libvirt, Hyper-V WMI/PowerShell remoting) that the management plane invokes to create, modify, migrate, and destroy VMs and underlying resources. Scripts are merely automation that consumes APIs and are not themselves the administrative interface to the hypervisor. RDP provides remote desktop access to Windows hosts and is not how the management plane talks to hypervisors at scale. XML is a data format that may appear inside SOAP or other payloads but is not the administrative mechanism. Because the management plane's API surface is so powerful, it is also the highest-value attack target and demands rigorous MFA, JIT access, network isolation, and audit logging.

3. Question 3

   Which networking concept in a cloud environment allows for network segregation and isolation of IP spaces?
   1. A. PLAN
   2. B. WAN
   3. C. LAN
   4. D. VLAN
   Explanation

   The correct answer is: D. VLAN.

   A VLAN is the canonical network-segregation construct that logically isolates IP spaces at Layer 2 using 802.1Q tagging, allowing the same physical switch fabric to carry multiple separate broadcast domains and IP subnets; cloud overlays like VXLAN extend the same idea across Layer 3 boundaries. PLAN is not a standard networking term and is a distractor. WAN refers to wide area networks like the Internet or carrier circuits, which is an entirely different scale and concept, not a segmentation primitive. LAN denotes the unsegmented local area network and is the thing VLANs subdivide, so it is the opposite of segregation. VLAN is the specific technology used to logically separate networks and IP spaces, which is why it is foundational to multi-tenant cloud designs.

4. Question 4

   Which of the following standards primarily pertains to cabling designs and setups in a data center?
   1. A. IDCA
   2. B. BICSI
   3. C. NFPA
   4. D. Uptime Institute
   Explanation

   The correct answer is: B. BICSI.

   BICSI (Building Industry Consulting Service International) publishes ANSI/BICSI 002 and related standards that focus specifically on data center cabling designs, pathways, raceways, fiber and copper plant layouts, and structured cabling best practices. IDCA's Infinity Paradigm is a macro-level data center framework that does not focus on cabling. NFPA's standards cover fire protection codes such as NFPA 75 and 76 and life safety, not cabling design. The Uptime Institute publishes tier classifications for redundancy and concurrent maintainability and does not produce the prevalent cabling-design standard. BICSI is the body that designers and engineers cite for category cabling, fiber types, separation between power and data paths, and labeling, which is why it is the answer when the question is specifically about cabling.

5. Question 5

   Which of the following publishes the most commonly used standard for data center design in regard to tiers and topologies?
   1. A. IDCA
   2. B. Uptime Institute
   3. C. NFPA
   4. D. BICSI
   Explanation

   The correct answer is: B. Uptime Institute.

   The Uptime Institute publishes the Tier I through Tier IV classification system, which is the most widely adopted standard for describing data center redundancy and topology and is the one operators advertise (e.g., Tier III concurrently maintainable, Tier IV fault tolerant) and that customers reference when comparing facilities. IDCA's Infinity Paradigm is an alternative macro framework but lacks the same market adoption. NFPA covers fire protection rather than topology tiers. BICSI focuses on cabling and pathway design rather than the tier model. When the question asks specifically about the prevalent industry standard for tiers and topologies, the Uptime Institute's Tier Classification System is the answer, codified in its accreditation programs and widely cited in service contracts.

Other CCSP domains

• Cloud Application Security (71 questions)
• Cloud Concepts, Architecture, and Design (97 questions)
• Cloud Data Security (107 questions)
• Cloud Security Operations (48 questions)
• Legal, Risk, and Compliance (115 questions)