The highest-weighted domain at 20% of the exam — master data lifecycle, encryption, DLP, IRM, and the brand-new AI/ML data protection subsection 2.9.
20%
Domain Weight (highest of 6)
~20
Questions from Domain 2
700
Passing Score (out of 1000)
3 hrs
CAT Exam Duration
Domain 2 Overview
Why Domain 2 Matters Most
Domain 2 is the highest-weighted domain on the CCSP exam at 20% — expect approximately 20 questions. Data security is the core of cloud security: every control, architecture decision, and compliance requirement ultimately comes back to protecting data at rest, in transit, and in use.
"Data security is the core of cloud security — everything connects back to protecting data at rest, in transit, and in use. Mastering Domain 2 gives you a conceptual anchor for the entire exam."
Exam at a Glance
Certification
CCSP (ISC2)
Effective Date
August 1, 2026
Format
CAT (Adaptive)
Questions
100–150
Duration
3 hours
Passing Score
700 / 1000
Testing Center
Pearson VUE
Pretest Items
~25 unscored
CAT format has been in effect since October 2025. The adaptive engine adjusts question difficulty based on your responses — there is no "going back" to previous questions.
All 6 Domains — Weight Distribution
#
Domain
Weight
~Questions
1
Cloud Concepts, Architecture & Design
17%
~17
★ 2
Cloud Data Security (this page)
20%
~20
3
Cloud Platform & Infrastructure Security
17%
~17
4
Cloud Application Security
16%
~16
5
Cloud Security Operations
17%
~17
6
Legal, Risk & Compliance
13%
~13
🆕 What's New in the August 2026 Exam Outline
NEW subsection 2.9 — AI/ML Data Protection (Domain 2): Dataset & model privacy (federated learning, differential privacy, data minimization), dataset & model security (validation before training, verification after training, threats: data poisoning, model inversion, model extraction, adversarial examples). Entirely new content — expect 1–3 questions.
New AI/ML security subsection 1.6 added to Domain 1
OWASP LLM Top-10 added to Domain 4 scope
CAT format active since October 2025: adaptive 100–150 questions, 3-hour session
Domain 2 Subdomains at a Glance
2.1 Describe Cloud Data Concepts
2.2 Design and Implement Cloud Data Storage Architectures
2.3 Design and Apply Data Security Technologies and Strategies
2.4 Implement Data Discovery
2.5 Plan and Implement Data Classification
2.6 Design and Implement Information Rights Management (IRM)
2.7 Plan and Implement Data Retention, Deletion and Archiving Policies
2.8 Design and Implement Auditability, Traceability and Accountability of Data Events
2.9 Comprehend Data Protection of AI and Machine Learning DataNEW Aug 2026 ★
Domain 2 — Subdomain Breakdown
Click any subdomain to expand its key concepts and exam-relevant details.
2.1Describe Cloud Data Concepts
▾
Cloud data lifecycle phases: Create → Store → Use → Share → Archive → Destroy. Security controls must be applied at each phase — data security requirements differ by phase.
Data dispersion: Data spread across multiple geographic locations/nodes for redundancy and availability. Creates data sovereignty challenges — know where data physically resides.
Data flows: Understand how data moves between users, applications, and storage. Identify all egress points — data leaving the cloud environment is a key risk area.
2.2Design and Implement Cloud Data Storage Architectures
▾
Long-term/cold storage: Archival tiers — low cost, high retrieval latency. Used for compliance-driven data retention.
Ephemeral storage: Instance store (temporary) — data is lost when the instance stops. Never store persistent sensitive data here without backup.
Object storage: S3-style — flat namespace, metadata-rich, highly scalable. Most common cloud-native storage. Supports versioning and WORM policies.
Volume/block storage: Persistent disk attached to compute instances. Supports encryption at rest.
Threats to storage types: Unauthorized access, data corruption, data remanence (residual data after deletion), side-channel attacks, insecure APIs exposing storage endpoints.
Data remanence risk: On shared cloud infrastructure, deleted data may be recoverable. Crypto-shredding mitigates this by destroying encryption keys rather than overwriting data.
2.3Design and Apply Data Security Technologies and Strategies
▾
Symmetric encryption (AES-256): Same key for encryption and decryption. Fast — used for bulk data encryption at rest. Key must be securely shared.
Asymmetric encryption (RSA): Public/private key pair. Slower — used for key exchange, digital signatures, and certificate-based authentication.
TLS (data in transit): Encrypts data moving over networks. TLS 1.2+ required; TLS 1.3 preferred.
Key management hierarchy: HSM (Hardware Security Module) — root of trust; KMS (Key Management Service) — cloud provider managed key service. Customer-managed keys (BYOK) give more control.
Hashing (SHA-256): One-way — produces a fixed-length digest. Used for data integrity verification and non-repudiation. Hashing is NOT encryption — you cannot decrypt a hash.
Data masking: Partially obscures data (e.g., showing last 4 digits of SSN). Can be reversible with authorization.
Data anonymization: Irreversibly removes identifying information. k-anonymity and differential privacy are formal anonymization techniques.
Tokenization: Replaces sensitive data with a non-sensitive token. Token maps back to original data via a secure vault. Primary use case: PCI DSS credit card number protection.
DLP (Data Loss Prevention): Inspects content in motion/at rest, enforces policies, and blocks unauthorized egress (e.g., blocking emails containing SSNs).
Data location: Multi-region storage creates data sovereignty challenges. Organizations must ensure data stays within required jurisdictions (e.g., EU data in EU under GDPR).
Discovery tools: Cloud-native services (AWS Macie, Azure Purview) scan storage for sensitive data types (PII, PAN, PHI) and generate classification reports.
2.5Plan and Implement Data Classification
▾
Classification tiers (typical): Public → Internal → Confidential → Restricted. Must align with regulatory requirements (GDPR, HIPAA, ITAR, etc.).
Data mapping: Comprehensive inventory of what data exists, where it lives, who can access it, and under what conditions. Foundation for all data governance.
Data labeling and tagging: Applying metadata labels/tags to cloud objects (e.g., S3 object tags). Enables automated policy enforcement based on classification. Watermarking embeds identity into documents.
Classification drives controls: Restricted data requires stronger encryption, stricter access controls, and shorter retention periods than Public data.
Owner vs. Custodian: Data owner (accountable, sets policy) vs. data custodian (responsible for implementing controls). Know the distinction for exam scenarios.
2.6Design and Implement Information Rights Management (IRM)
▾
IRM objective: Persistent protection that travels with the data — unlike perimeter controls, IRM remains enforced even when a file leaves the organization's environment.
Data rights: Granular controls over who can read, edit, print, copy, forward, or screen-capture a document.
Provisioning: Granting and revoking access rights — IRM systems allow rights to be revoked remotely after a document has been shared.
Access models: Role-based (RBAC) — access based on job role; Attribute-based (ABAC) — access based on data labels, user attributes, and environment context.
Tools: DRM solutions, certificate-based access, Azure Information Protection, AWS Macie integrations. Certificates are issued and revoked as part of the access lifecycle.
Key distinction: IRM is different from encryption alone — encryption protects the file in transit/at rest, but IRM governs what an authorized recipient can DO with the decrypted content.
2.7Plan and Implement Data Retention, Deletion and Archiving Policies
▾
Data retention policies: Regulatory minimums (HIPAA: 6 years; SOX: 7 years; GDPR: data minimization principle — don't retain longer than necessary). Both minimum and maximum retention periods matter.
Secure deletion: Cloud storage complicates traditional overwriting. DoD 5220.22-M (overwriting) may be impractical in multi-tenant environments.
Crypto-shredding: Destroying encryption keys rather than the data itself — renders encrypted data unrecoverable. Best practice for cloud environments at end-of-contract.
Data archiving: Cold storage tiers (e.g., AWS Glacier, Azure Archive). Trade-off: low cost vs. high retrieval latency (hours to days). Use for compliance-driven long-term retention.
WORM (Write Once Read Many): Immutable storage that prevents modification or deletion — regulatory compliance requirement for financial and healthcare records.
Legal hold: A directive suspending routine deletion of records relevant to litigation or investigation. Overrides normal retention schedules — the Delete button effectively "breaks" during a legal hold. Authorized access must be maintained throughout.
2.8Design and Implement Auditability, Traceability and Accountability of Data Events
▾
Event source definition: Every logged event should capture: identity (who), IP address/geolocation (where), timestamp (when), and action type (what). All five attributes are required for forensic quality logs.
Immutable audit logs: Logs must be protected from modification — write to WORM storage or append-only systems. If logs can be altered, they lose evidentiary value.
SIEM integration: Security Information and Event Management — aggregates cloud logs for real-time analysis, correlation, and alerting. Supports both security monitoring and compliance reporting.
Log retention policies: Logs themselves are data subject to retention requirements — typical compliance requirement is 1–3 years; some regulations require longer.
Chain of custody: Documented, unbroken record of who accessed data and what actions were taken — critical for forensic investigations and legal proceedings.
Non-repudiation: Digital signatures ensure a party cannot deny having performed an action. Combined with timestamping, creates forensically valid audit evidence.
2.9Data Protection of AI and Machine Learning Data NEW ★ Aug 2026
▾
Dataset & model privacy — PII in training data: Training datasets may contain personally identifiable information. Data minimization and anonymization must be applied before model training.
Federated learning: Trains models across decentralized devices without centralizing raw data — a privacy-preserving ML approach. The model learns from data without the data leaving its source.
Differential privacy: Adds statistical noise to training data or outputs to prevent inference of individual records — a formal mathematical privacy guarantee.
Dataset validation (pre-training): Ensures training data integrity BEFORE model training — checking for poisoned inputs, mislabeled data, or corrupted samples. Prevents bad data from corrupting the model.
Model verification (post-training): Post-training validation for bias, accuracy, and security — confirming the trained model behaves as intended and is not compromised.
Data poisoning attacks: Attacker injects malicious, mislabeled, or corrupted data into the training set — causing the model to learn incorrect patterns or create a backdoor. Mitigated by dataset validation.
Model inversion attacks: Attacker queries the model to reconstruct approximate training data — extracting private information that was in the training set.
Model extraction (model stealing): Attacker sends many queries to reverse-engineer the model's behavior and create a functional copy — intellectual property theft.
Adversarial examples (evasion attacks): Carefully crafted inputs designed to fool a deployed model into making wrong predictions — e.g., adding imperceptible noise to an image to cause misclassification.
ML pipeline protections: Access controls on training pipelines, model versioning (track model lineage), audit trails for training data sources, and secure model registries.
Memory Hooks
Six mnemonics and mental models to lock in the most exam-tested Domain 2 concepts.
Hook 1 · Subdomain 2.1
Data Lifecycle: C-S-U-S-A-D
"Can Smart Users Safely Archive Data?"
Create → Store → Use → Share → Archive → Destroy. The six phases in order. Every security control question ties to a phase — apply DLP during Share, encryption during Store, crypto-shredding during Destroy.
Hook 2 · Subdomain 2.3
Encryption Trio: Speed · Exchange · Check
"Speed, Exchange, Check"
Symmetric (AES) = Speed (fast bulk encryption). Asymmetric (RSA) = Exchange (key negotiation, signatures). Hashing (SHA) = Check (integrity only — not encryption). Never confuse hashing with encryption on the exam.
Hook 3 · Subdomain 2.3
Token · Mask · Anon — Three Levels of Hiding
"Token has a vault, mask has a key, anon has neither"
Tokenization: fake placeholder, reversible via secure vault (PCI DSS). Masking: partially hidden, partially reversible with authorization. Anonymization: irreversible — once done, original data cannot be recovered.
Hook 4 · Subdomain 2.7
Legal Hold = Total Freeze
"Court says hold — the Delete button breaks"
When a legal hold is placed, all routine deletion and archiving must stop for affected records — regardless of normal retention schedules. This is a hard override. On the exam, if a scenario mentions litigation and asks what changes: deletion is suspended.
Hook 5 · Subdomain 2.6
IRM: The Lock Goes With the Luggage
"The lock goes with the luggage"
IRM rights are persistent and portable — they travel with the document wherever it goes. Unlike firewall rules or perimeter controls that protect data only inside your boundary, IRM protection remains enforced after the file leaves the cloud environment.
Hook 6 · Subdomain 2.9 — NEW ★
AI Attack Types: PIME
"PIME — the 4 ML threats on the August 2026 exam"
Poisoning (corrupt training data) · Inversion (extract training data from model) · Model-stealing / extraction (clone the model) · Evasion / adversarial examples (fool deployed model). Poisoning attacks on training data → dataset validation is the control.
Domain 2 — 10-Question Vignette Quiz
Scenario-based questions matching the style of the CCSP CAT exam. Select your answer to see immediate feedback, then proceed to the next question.
Question 1 of 10
A multinational company is terminating its relationship with a cloud storage provider. Sensitive financial records are stored encrypted on the provider's shared infrastructure. The company cannot physically destroy the storage media. The security team needs to ensure data is irrecoverable after contract termination.
Which approach BEST ensures the data is rendered unrecoverable?
ARequest the cloud provider to overwrite all storage blocks using DoD 5220.22-M
BDelete all files via the cloud console and confirm deletion certificates from the provider
CDestroy the encryption keys (crypto-shredding), rendering the ciphertext permanently unreadable
DApply data masking to all records before contract end and request provider deletion
A healthcare organization stores patient records in a multi-region cloud deployment for redundancy. A new regulation requires that all EU patient health data must remain within European Union borders at all times. The CISO is asked which Domain 2 concept directly addresses this requirement.
Which concept is MOST directly applicable?
AData dispersion — data spread across multiple nodes for redundancy
BData classification — labeling records by sensitivity tier
CData lifecycle archiving — moving data to cold storage after active use
DData location and sovereignty — ensuring data stays within a required jurisdiction
A threat intelligence team discovers that an adversary gained access to a company's machine learning pipeline for six months. During this period the attacker uploaded thousands of carefully mislabeled image files into the training dataset. The model was subsequently retrained and deployed to production, where it now makes systematically incorrect classifications.
Which AI/ML attack type (subsection 2.9) BEST describes what occurred?
AModel inversion attack — extracting training data from the model through repeated queries
BData poisoning attack — injecting corrupted or mislabeled data into the training pipeline
CModel extraction attack — cloning the model's behavior through systematic querying
DAdversarial evasion attack — crafting inputs to fool the deployed model at inference time
A payment processor must comply with PCI DSS requirements for protecting cardholder data. Their cloud database stores millions of credit card numbers. After a security review, the team decides to replace each 16-digit card number in the database with a randomly generated 16-character string. A separate secure system maps these strings back to the original card numbers when needed for authorized transactions.
Which data protection technique is being implemented?
AData masking — partially hiding the card number while keeping the format
BData anonymization — irreversibly removing card numbers from the dataset
CTokenization — replacing sensitive data with a non-sensitive token mapped via a secure vault
DSymmetric encryption — encrypting card numbers with AES-256 and storing the ciphertext
A company's legal department notifies the IT security team that the organization is the subject of a civil lawsuit involving employee HR records from the past three years. The company's data retention policy normally calls for automated deletion of HR records after 24 months. The lawsuit is expected to take 18 months to resolve.
What action is REQUIRED immediately upon receipt of the legal notification?
AAccelerate deletion of records older than 24 months before litigation formally begins
BSuspend the automated deletion routine and place the relevant HR records under legal hold
CEncrypt all HR records and transfer them to cold archival storage
DContinue normal operations — the 24-month policy supersedes internal legal requests
A healthcare company's DLP system triggers an alert and blocks an outbound email. The email was sent by an HR staff member to a personal Gmail account and contained a spreadsheet with employee Social Security Numbers. The DLP policy inspected the email content, detected PII patterns, and prevented delivery.
At which phase of the cloud data lifecycle did the DLP control trigger?
AStore — when the spreadsheet was saved to the email system's storage
BCreate — when the spreadsheet containing SSNs was originally generated
CShare — when the data was being transmitted (shared) outside the organization
DArchive — when the email system archived the outbound message
A financial services firm deployed a credit-scoring ML model. Post-deployment monitoring reveals the model systematically approves loans for one demographic group at a significantly higher rate than statistically comparable applicants from other groups. An internal audit finds the training data over-represented one demographic. The model was deployed without a structured review process after training completed.
Which subsection 2.9 security control was ABSENT that would have most directly detected this issue?
AFederated learning — training the model across decentralized nodes
BModel verification — post-training validation to check for bias, accuracy, and security issues
CData tokenization — replacing PII in the training dataset with tokens
DDifferential privacy — adding statistical noise to the training data outputs
A financial regulator requires that all trade execution logs be preserved for seven years and that no log record can be modified or deleted once written — even by system administrators. The cloud architect is designing the logging infrastructure to meet this requirement and must select the appropriate storage configuration.
Which storage concept BEST satisfies this regulatory requirement?
AEphemeral instance storage with automated daily backups to cold tier
BEncrypted object storage with administrator-managed deletion controls
CSemi-structured log storage with role-based access controls preventing deletion
DWORM (Write Once Read Many) immutable object storage with a 7-year retention lock
During a forensic investigation of a cloud data breach, the investigating team needs to establish a complete, verifiable record of every action taken on the affected data objects — including who accessed them, from what IP address and location, at what exact time, and what operations were performed. The team also needs to prove that the log records themselves have not been tampered with since the incident.
Which CCSP Domain 2 subsection is MOST directly relevant to this requirement?
A2.5 — Data Classification, because sensitive data must be labeled for forensic review
B2.7 — Data Retention, because logs must be preserved according to retention schedules
C2.8 — Auditability, Traceability and Accountability of Data Events, covering chain of custody and non-repudiation
D2.6 — IRM, because access rights to the data must be reviewed and revoked
A data science team at a hospital wants to publish an analytics dataset derived from patient records for use by external researchers studying disease patterns. The dataset will be made publicly available. The team applies a process that groups patients so that each individual is indistinguishable from at least k−1 others with respect to any identifying attributes, reducing the risk of re-identification.
Which data obfuscation technique is the team implementing?
ATokenization — replacing patient identifiers with secure tokens mapped to a vault
Bk-anonymity, a formal data anonymization technique that prevents re-identification
CData masking — partially obscuring fields such as name and date of birth
DSymmetric encryption — encrypting the dataset with AES-256 before publication
🎯
Quiz Complete!
Domain 2 — Flashcards
Click any card to flip it and reveal the definition.
Term · Subdomain 2.3
Tokenization vs. Encryption
How do they differ in protecting sensitive data?
Answer
Tokenization replaces sensitive data with a non-sensitive token; the original value is stored in a separate secure vault and can be retrieved. The token itself has no mathematical relationship to the original. Encryption transforms data using a key algorithm — the original can be recovered with the correct key. Tokenization is preferred when you need to remove sensitive data from a system scope entirely (e.g., PCI DSS).
Term · Subdomain 2.1
Data Dispersion
What is it, and what risk does it introduce?
Answer
The intentional spreading of data across multiple geographic locations or nodes to achieve redundancy and availability. Introduces data sovereignty risk — copies of data may reside in jurisdictions with different legal requirements than the data's origin country. Organizations must map where all copies reside and ensure compliance with applicable laws in each jurisdiction.
Term · Subdomain 2.7
Legal Hold
What triggers it, and what does it override?
Answer
A directive issued when litigation, investigation, or regulatory inquiry is anticipated or underway, requiring preservation of all potentially relevant data. Legal hold overrides normal retention and deletion schedules — automated deletion must be suspended. Failure to comply can result in sanctions for spoliation (evidence destruction). Authorized access to held records must be maintained throughout.
Term · Subdomain 2.7
Crypto-shredding
Why is this the preferred deletion method in cloud environments?
Answer
The process of securely deleting data by destroying its encryption keys rather than overwriting the data itself. Because the data remains encrypted and the keys are gone, the ciphertext is permanently unreadable. In multi-tenant cloud environments where physical media destruction or overwriting is impractical, crypto-shredding is the recommended method for achieving irreversible data deletion at end-of-contract.
Term · Subdomain 2.6
Information Rights Management (IRM)
How does IRM differ from traditional perimeter security?
Answer
IRM enforces persistent, data-centric access controls that travel with the document regardless of where it is stored or shared. Unlike firewall or network controls that protect data only within a boundary, IRM rights (read, edit, print, forward, copy) remain enforced after the file leaves the cloud environment. Rights can be revoked remotely even after the document has been distributed. Uses RBAC or ABAC models and certificate-based access control.
NEW 2026 · Subdomain 2.9
Data Poisoning Attack
How does it work, and what is the primary control?
Answer
An attacker injects malicious, mislabeled, or corrupted data into an ML model's training dataset. The model learns from the poisoned data and develops incorrect patterns, backdoors, or biases — which persist into production. The primary control is dataset validation: rigorous integrity checking and provenance verification of training data before model training begins. Access controls on ML pipelines and audit trails for training data lineage are supporting controls.
Term · Subdomain 2.3
DLP (Data Loss Prevention)
How does DLP work and where does it operate?
Answer
A set of technologies and policies that inspect data content (in motion, at rest, or in use), detect policy violations (e.g., SSN, credit card numbers, PHI leaving the organization), and enforce responses (block, quarantine, alert, encrypt). Operates at network egress points (email gateways, web proxies), cloud storage, and endpoints. DLP is most relevant during the Share phase of the data lifecycle.
Term · Subdomain 2.8
Non-repudiation in Cloud Audit
How is non-repudiation achieved for cloud data events?
Answer
Non-repudiation ensures that a party cannot deny having performed an action. Achieved through: digital signatures (cryptographically binding actions to an identity), trusted timestamps (third-party attestation of when an event occurred), and immutable audit logs written to WORM or append-only storage. Together these create forensically sound evidence that can be used in legal proceedings. Chain of custody documentation maintains the integrity of this evidence from collection through presentation.
Domain 2 — Study Advisor
Rate your confidence in each Domain 2 area. The advisor will calculate your readiness score and recommend where to focus your remaining study time.
Area 1: Cloud Data Lifecycle & Data Flows (Subdomain 2.1)
Area 2: Encryption, Hashing & Key Management (Subdomain 2.3)
Area 3: Data Classification & Discovery (Subdomains 2.4–2.5)
Area 4: Retention, Deletion, Archiving & Legal Hold (Subdomains 2.2, 2.7)
Area 5: AI/ML Data Protection — Subsection 2.9 NEW ★
Domain 2 Readiness Score
0%
Study Resources
Authoritative references for CCSP Domain 2 preparation. Always verify exam details directly with ISC2 and Pearson VUE before registering.
ISC2 CCSP Official Certification Page
Official exam outline, CBK domains, experience requirements, and the August 2026 exam update information. Primary source — always check here first.
NIST guidance on storage encryption technologies for end-user devices — covers key management, encryption modes, and deletion. Foundational reference for subdomains 2.3 and 2.7.
Critical reading for the new subsection 2.9 (AI/ML data protection) and Domain 4 updates in the August 2026 exam outline. Covers prompt injection, data poisoning, model theft, and more.
Schedule your CCSP exam, find testing center locations, review ID requirements, and access the candidate handbook. Register only through official Pearson VUE channels.
