A free ISC2 CCSP cheat sheet: the six domains, the shared responsibility model, data lifecycle, encryption vs tokenization vs masking and key concepts for revision.
By The Exam Atlas Editorial Team · Verified 2026-06-06
A final-revision summary for CCSP. Study aid only - no notes in the proctored exam. Reflects the current six-domain outline; ISC2 introduces a revised outline from 1 August 2026, so confirm the latest version on the ISC2 site.
The six domains and weights
#
Domain
Weight
1
Cloud Concepts, Architecture and Design
17%
2
Cloud Data Security
20%
3
Cloud Platform and Infrastructure Security
17%
4
Cloud Application Security
17%
5
Cloud Security Operations
16%
6
Legal, Risk and Compliance
13%
Shared responsibility by service model
Model
Provider secures
Customer secures
IaaS
Physical, host, hypervisor, network
OS, apps, data, IAM, config
PaaS
Above + OS and runtime
Apps, data, access, config
SaaS
Most of the stack
Data, access, user config
Cloud data lifecycle (Domain 2)
Create → Store → Use → Share → Archive → Destroy. Apply classification, encryption and access controls early; plan retention and secure deletion at the end.
Protect data: which technique
Need
Technique
Reversible confidentiality with a key
Encryption
Replace sensitive value with a non-sensitive token
Tokenization
Hide part of a value for display
Data masking
Verify integrity (one-way)
Hashing
Key management options
Option
Who holds the keys
Provider-managed
Cloud provider manages keys
Customer-managed (CMK / BYOK)
Customer controls keys in the provider’s KMS
Hold your own key (HYOK)
Keys kept outside the provider
Deployment models
Public · Private · Hybrid · Community - they change who controls which layer and where data resides.
High-yield reminders
Most scenarios hinge on the shared responsibility line for the given service model.
Cloud Data Security (20%) is the largest domain - prioritise it.
Legal, Risk and Compliance is smallest but high-yield: data residency, sovereignty, privacy law, audit and vendor risk.
Keep keys separate from the data they protect.
FAQ
Can I bring a cheat sheet to the CCSP exam?
No. CCSP is a proctored Pearson VUE exam with no notes allowed. Use this only for final revision before exam day.
