



























Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Certified Information Systems Security Professional (CISSP) Questions And Correct Answers (Verified Answers) Plus Rationales 2026 Q&A | Instant Download Pdf
Typology: Exams
1 / 35
This page cannot be seen from the preview
Don't miss anything!




























Question 1. An organization is establishing a new information security governance framework. Which of the following elements is the most critical foundational component to ensure the framework aligns with the business objectives? A. Defining strict technical access controls for all database administrators. B. Implementing an automated vulnerability scanning schedule. C. Securing explicit commitment and defined roles from executive management. D. Conducting a third-party penetration test of the external network perimeter. Answer: C Rationale: Security governance must be driven from the top down. Executive management commitment ensures that security strategies are aligned with business goals, adequately funded, and properly enforced across organizational boundaries. Without executive leadership, policies lack the authority necessary for widespread compliance and strategic integration. Question 2. An asset management policy requires classifying data based on sensitivity. What is the primary purpose of data classification within a risk management program? A. To guarantee that all data is encrypted both at rest and in transit. B. To ensure that security controls are proportionally allocated based on asset value and risk. C. To reduce the total volume of data stored within the corporate data center. D. To eliminate the need for regular qualitative risk assessments. Answer: B Rationale: Data classification allows an organization to categorize information assets based on the potential impact of unauthorized disclosure,
modification, or destruction. This enables the security team to apply appropriate, cost-effective safeguards proportional to the value and sensitivity of the data, rather than applying uniform, expensive controls to all data indiscriminately. Question 3. During an internal audit, a security professional discovers that a single system administrator has the authority to both approve a system configuration change change-ticket and implement that same change in the production environment. Which security principle is being violated? A. Least privilege B. Dual control C. Separation of duties D. Need to know Answer: C Rationale: Separation of duties requires that a critical process or fraudulent activity cannot be completed by a single individual. By splitting the authorization phase from the implementation phase, the organization prevents conflicts of interest and unauthorized or accidental modifications to production environments. Question 4. An organization calculates that a major flood could damage its primary data center, resulting in an estimated loss of $2,000,000. Meteorological data suggests such a flood occurs once every 50 years in that region. What is the calculated Annualized Loss Expectancy (ALE) for this scenario? A. $40,000 B. $100,000 C. $400,000 D. $2,000, Answer: A Rationale: The Annualized Loss Expectancy (ALE) is calculated by multiplying the Single Loss Expectancy (SLE) by the Annualized Rate of Occurrence (ARO). In this case, the SLE is $2,000,000 and the ARO is 1/50 (or 0.02). Multiplying $2,000,000 by 0.02 yields an ALE of $40,000. Question 5. Following a comprehensive quantitative risk analysis, the Chief Information Security Officer (CISO) decides to purchase a comprehensive cyber insurance policy to cover potential losses from ransomware attacks. Which risk handling strategy has the organization adopted? A. Risk Mitigating B. Risk Avoidance C. Risk Acceptance D. Risk Transfer Answer: D Rationale: Risk transfer involves shifting the financial burden of a potential loss to a third party, such as an insurance company. This strategy does
Question 9. An employee is terminated for violating corporate ethics policies. To prevent retaliatory actions, the security team must ensure the employee's logical access to all corporate systems is revoked immediately upon termination. Which process is responsible for ensuring this occurs systematically? A. Identity provisioning B. Offboarding C. Onboarding D. Privilege escalation Answer: B Rationale: Offboarding is the administrative and operational process governing the formal departure of an employee or contractor. A critical security component of offboarding is the immediate, comprehensive revocation of all physical and logical access privileges to protect corporate assets from unauthorized access or malicious destruction. Question 10. A security architect is selecting a threat modeling methodology that categorizes threats based on six specific vectors: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Which framework is the architect using? A. DREAD B. PASTA C. STRIDE D. OCTAVE Answer: C Rationale: STRIDE is a threat modeling framework developed by Microsoft. Its name is an acronym corresponding to the six threat categories it evaluates: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Question 11. An organization uses a mathematical formula to determine whether to implement a specific firewall upgrade. The upgrade costs $15,000 annually. The current risk exposure results in an ALE of $50,000. With the new firewall, the modified ALE is projected to drop to $10,000. What is the value of this safeguard to the organization? A. $10,000 B. $25,000 C. $35,000 D. $40, Answer: B Rationale: The value of a safeguard is calculated as: (ALE before control - ALE after control) - Annual Cost of Safeguard. In this scenario, ($50,
- $10,000) - $15,000 = $40,000 - $15,000 = $25,000. Because the result is positive, the control provides a net financial benefit. Question 12. Which document type provides a high-level, authoritative statement of management's intentions, goals, and requirements regarding security, and is
considered mandatory for all employees to follow? A. Procedure B. Policy C. Guideline D. Baseline Answer: B Rationale: Policies are top-level documents that lay down management's vision, objectives, and mandates for security. They are high-level, broad, and strictly compulsory. Procedures are detailed step-by-step instructions, guidelines are discretionary, and baselines are minimum security states. Question 13. A company hires an independent third party to perform a security assessment. The assessment relies entirely on reviewing the system's architectural diagrams, security policies, and technical documentation without executing any active exploits or scanning tools. What type of assessment is this? A. Vulnerability assessment B. Penetration test C. Tabletop exercise D. Code review Answer: A Rationale: A vulnerability assessment can involve passive techniques like documentation review and architectural analysis to discover theoretical or systemic weaknesses in an organization's defensive posture, distinguishing it from active penetration tests or operational simulations. Question 14. What does the principle of "need to know" dictate within an access control architecture? A. Users should have access to all data within their specific department or division. B. Users should only be granted access to data necessary to perform their specific job functions, regardless of clearance level. C. System administrators should monitor all files opened by users to ensure proper data handling. D. Managers must review and re-approve all user privileges on a weekly basis. Answer: B Rationale: "Need to know" is a granular layer of access control that operates alongside security clearances. Even if an individual possesses a high clearance level, they should not be granted access to specific sensitive data unless their current operational assignments require it. Question 15. An organization suffers a data breach exposing thousands of customer records. Under most modern data privacy legislations, who holds ultimate legal accountability for the security of that personal data? A. The lead
Question 18. An organization is crafting a Business Continuity Plan (BCP). What is the first operational phase that must be completed to ensure the BCP is grounded in accurate corporate realities? A. Disaster Recovery Plan design B. Business Impact Analysis (BIA) C. Tabletop testing of emergency response teams D. Procurement of an offsite warm facility Answer: B Rationale: The Business Impact Analysis (BIA) is the foundational phase of Business Continuity Planning. It identifies critical business processes, evaluates the quantitative and qualitative impacts of disruptions, and establishes critical thresholds such as Maximum Tolerable Downtime (MTD) and Recovery Time Objectives (RTO). Question 19. During a threat modeling session, a security engineer evaluates the risk that an attacker might intercept unencrypted database credentials traversing the internal corporate LAN. Which pillar of the CIA Triad is threatened here? A. Confidentiality B. Integrity C. Availability D. Accountability Answer: A Rationale: Confidentiality prevents the unauthorized disclosure of information. Intercepting unencrypted credentials allows an adversary to see sensitive data that they should not have access to, directly violating the confidentiality of those authentication tokens. Question 20. A financial institution implements a policy where employees working in high-risk financial trading positions are mandated to take a continuous two- week vacation every calendar year, during which their system access is completely revoked. What is the primary security benefit of this policy? A. It boosts morale and lowers operational burnout rates. B. It provides an opportunity to upgrade the employee's workstation hardware. C. It helps detect internal fraudulent activities or unauthorized collusion. D. It complies with local physical occupational health safety standards. Answer: C Rationale: Mandatory vacation policies are an administrative control designed to detect internal fraud. When an employee is away for a continuous block of time and their access is frozen, any ongoing fraudulent schemes that
require their daily maintenance or manipulation will likely fail or be discovered by cross-trained personnel. Question 21. Which type of asset security classification is typically used by commercial corporate organizations to protect information that, if disclosed, could cause severe financial or reputational damage to the firm? A. Secret B. Confidential C. Proprietary D. Public Answer: B Rationale: While military frameworks use Classifications like Top Secret and Secret, corporate frameworks commonly use labels like Confidential or Private to protect highly sensitive internal information (such as trade secrets or strategic financial projections) whose disclosure could harm the business competitive advantage. Question 22. A database administrator uses a data masking technique that replaces sensitive customer credit card numbers with realistic-looking but entirely fictitious numbers before copying the database to a non-production testing environment. What is the primary security goal of this action? A. To improve database query execution times in test environments. B. To protect data privacy while maintaining functional utility for application developers. C. To compress the database size to save on non-production storage costs. D. To convert the data format from structured to completely unstructured. Answer: B Rationale: Data masking or obfuscation alters sensitive data fields so that they cannot be exploited if the test environment is compromised, while still retaining the original data structure and formatting characteristics required for valid testing and software development. Question 23. An IT asset manager is implementing a secure decommissioning procedure for retired hard disk drives that contained highly sensitive proprietary research data. Which method is most effective at ensuring the data cannot be recovered using advanced laboratory recovery techniques? A. Reformatting the drive using a standard operating system quick-format tool. B. Deleting all files and emptying the operating system's recycle bin. C. Subjecting the drive to a high-
Question 26. A cloud security architect wants to ensure that data written to solid- state drives (SSDs) in a multi-tenant environment is rendered completely unrecoverable when a virtual machine is deleted. Why is traditional multi-pass software overwriting unreliable on SSDs compared to traditional magnetic Hard Disk Drives (HDDs)? A. SSDs contain internal flash translation layers (FTL) and over- provisioned blocks that software overwriters cannot directly access. B. SSD blocks can only be overwritten a finite number of times before burning out entirely. C. Software overwriting tools only function on rotating platter architectures. D. SSDs automatically encrypt all incoming data with a hardware-bound master key that cannot be changed. Answer: A Rationale: Solid-State Drives employ an internal controller running a Flash Translation Layer (FTL) to manage wear leveling and bad blocks. Because of this abstraction layer, standard operating system software utilities cannot reliably target specific underlying physical memory cells, leaving remnants of data in over-provisioned blocks. Cryptographic erasure or physical destruction are the preferred sanitation methods for SSDs. Question 27. Who is ultimately responsible for defining the security classification of an information asset and ensuring it is protected throughout its lifecycle within an organization? A. The Chief Information Security Officer (CISO) B. The Data Owner / Information Owner C. The Database Administrator (DBA) D. The System Custodian Answer: B Rationale: The Data Owner or Information Owner is typically a business manager responsible for a specific corporate dataset. They possess the business context required to evaluate the asset's value, determine its appropriate security classification, and explicitly state the security protection requirements to the custodians. Question 28. A health clinic must ensure that electronic Protected Health Information (ePHI) stored on corporate laptops is completely unreadable if a laptop is physically stolen. Which control is most appropriate to satisfy this requirement? A. Setting a strong complex alphanumeric BIOS/UEFI power-on password. B. Enabling Full Disk Encryption (FDE) utilizing a verified AES- 256
algorithm. C. Storing all files inside a hidden directory with a leading period in the filename. D. Implementing a remote-wipe solution that relies on active cellular network connectivity. Answer: B Rationale: Full Disk Encryption (FDE) renders the entirety of the storage medium unreadable to anyone who does not possess the correct cryptographic decryption key. If the laptop is stolen while powered off, an adversary cannot bypass the operating system to scrape raw data off the drive, maintaining confidentiality. Question 29. A system administrator is tasked with executing the technical security configurations mandated by the corporate data owner, such as performing regular data backups and configuring file system access control lists (ACLs). What role is this administrator fulfilling? A. Data Processor B. Data Controller C. Data Custodian D. Data Steward Answer: C Rationale: A Data Custodian (or System Custodian) is responsible for the technical maintenance, hands-on administration, and daily protection of information assets as directed by the Data Owner. Their duties typically include running backups, implementing access controls, and applying patches. Question 30. When an organization decides to dispose of magnetic backup tapes that once held highly classified government data, which sanitation method is acceptable if the tapes are to be reused in a lower-classification environment? A. Erasing the files using a standard file-shredding utility application. B. Exposing the tapes to a certified commercial degausser that exceeds the magnetic coercivity of the media. C. Writing random binary characters across the first and last sectors of the tape. D. Soaking the tapes in an industrial chemical solvent for 24 hours. Answer: B Rationale: Degaussing subjects magnetic media to a powerful, disruptive magnetic field that resets the magnetic domains, effectively wiping all data and formatting signatures simultaneously. For magnetic tape, proper degaussing completely sanitizes the data while allowing the media to be reused safely.
label to determine access permissions, preventing individual users from modifying permissions. Question 34. Which mathematical security model is designed specifically to prevent conflicts of interest in commercial organizations by dynamically isolating datasets belonging to competing corporate entities using "Chinese Wall" mechanics? A. Bell-LaPadula Model B. Biba Integrity Model C. Clark-Wilson Model D. Brewer-Nash Model Answer: D Rationale: The Brewer-Nash (or Chinese Wall) model is built specifically to address conflicts of interest. It dynamically restricts access to information based on what information the subject has already viewed, ensuring that consultants or financial analysts do not access competing datasets within the same consulting firm. Question 35. The Bell-LaPadula security model focuses primarily on preserving which pillar of the CIA Triad? A. Confidentiality B. Integrity C. Availability D. Non- repudiation Answer: A * Rationale: The Bell-LaPadula model is a formal, state-transition security model developed for the military to preserve data confidentiality. It prevents unauthorized disclosure of information through two primary rules: the Simple Security Property ("no read up") and the - Property ("no write down"). Question 36. What does the *-Property (Star Property) of the Biba Integrity Model dictate to ensure data integrity is maintained? A. No read down B. No read up C. No write down D. No write up Answer: D * Rationale: The Biba model focuses strictly on integrity. The - Property of Biba is the "no write up" rule. It prevents a subject at a lower integrity level from writing to or modifying an object at a higher integrity level, thereby preventing the contamination of high-integrity data by low-integrity sources. Question 37. A security architect wants to implement a dedicated hardware cryptographic module integrated into a corporate laptop's motherboard. This module will securely store encryption keys, passwords, and digital certificates, and validate system boot integrity. What is this component called? A. Hardware
Security Module (HSM) B. Trusted Platform Module (TPM) C. Central Processing Unit (CPU) D. Redundant Array of Independent Disks (RAID) Answer: B Rationale: A Trusted Platform Module (TPM) is a specialized, hardware-bound cryptographic chip integrated into a computer's motherboard. It provides secure cryptographic key generation, storage, and device authentication, and supports measured boot processes to verify system state integrity. Question 38. A large enterprise uses a dedicated, high-performance physical network appliance attached to its corporate network infrastructure to perform centralized cryptographic key management, digital signing operations, and bulk encryption processing. What is this appliance called? A. Hardware Security Module (HSM) B. Trusted Platform Module (TPM) C. Next-Generation Firewall (NGFW) D. Intrusion Prevention System (IPS) Answer: A Rationale: A Hardware Security Module (HSM) is a dedicated, physical network appliance designed specifically to safeguard and manage digital keys for strong authentication and provide accelerated cryptographic processing. Unlike a TPM, which is bound to a single local endpoint, an HSM is a centralized network resource built for high-throughput enterprise applications. Question 39. Which of the following cloud computing service models shifts the greatest amount of operational security responsibility to the Cloud Service Provider (CSP), leaving the corporate customer responsible only for their data and localized client configurations? A. Infrastructure as a Service (IaaS) B. Platform as a Service (PaaS) C. Software as a Service (SaaS) D. On-Premises Data Center Answer: C Rationale: In a Software as a Service (SaaS) model, the provider manages the entire application stack, including the underlying infrastructure, operating systems, network configurations, and database engines. The customer's responsibility is limited to managing data access policies and localized endpoint settings. Question 40. An administrative assistant accidentally triggers an alert in a multi- tenant cloud environment by attempting to access a database partition belonging
acknowledgments, and a three-way handshake mechanism? A. User Datagram Protocol (UDP) B. Internet Protocol (IP) C. Transmission Control Protocol (TCP) D. Internet Control Message Protocol (ICMP) Answer: C Rationale: TCP is a connection-oriented, Transport Layer protocol that ensures reliable delivery of data packets across networks. It utilizes a three-way handshake (SYN, SYN-ACK, ACK) to establish a connection and employs sequence numbers and acknowledgments to handle lost or out-of-order packets. Question 44. A security analyst is reviewing network logs and notes an influx of traffic hitting port 53. Which critical network infrastructure service relies on port 53 for resolving human-readable domain names into logical IP addresses? A. Dynamic Host Configuration Protocol (DHCP) B. Hypertext Transfer Protocol (HTTP) C. Domain Name System (DNS) D. Simple Mail Transfer Protocol (SMTP) Answer: C Rationale: The Domain Name System (DNS) translates human-friendly domain names (e.g., example.com) into machine-readable IP addresses. It primarily utilizes UDP port 53 for standard name queries and TCP port 53 for structural zone transfers. Question 45. An organization wants to secure its internal wireless network. They choose to implement WPA3. Which cryptographic handshake mechanism does WPA3 use to replace the vulnerable Pre-Shared Key (PSK) 4-way handshake found in WPA2, thereby mitigating offline dictionary attacks? A. Temporal Key Integrity Protocol (TKIP) B. Wired Equivalent Privacy (WEP) C. Simultaneous Authentication of Equals (SAE) D. Extensible Authentication Protocol (EAP) Answer: C Rationale: WPA3 implements the Simultaneous Authentication of Equals (SAE) handshake, based on the dragonfly key exchange protocol. SAE protects against offline dictionary attacks by ensuring that an attacker cannot capture a handshake and brute-force the password without actively interacting with the network. Question 46. A remote employee connects to the corporate data center over the public internet using an encrypted IPsec Virtual Private Network (VPN). Which IPsec protocol provides data confidentiality in addition to origin authentication
and integrity protection? A. Authentication Header (AH) B. Encapsulating Security Payload (ESP) C. Internet Key Exchange (IKE) D. Layer 2 Tunneling Protocol (L2TP) Answer: B Rationale: Within the IPsec protocol suite, Encapsulating Security Payload (ESP) provides data encryption to ensure confidentiality, alongside authentication and integrity features. Authentication Header (AH) provides authentication and integrity but does not encrypt the data payload. Question 47. Which type of firewall tracks the entire state of an active network connection, mapping inbound packets against a dynamic state table to ensure they correspond to a pre-existing, authorized outbound request? A. Static Packet Filtering Firewall B. Stateful Inspection Firewall C. Circuit-Level Gateway D. Application-Level Proxy Firewall Answer: B Rationale: A stateful inspection firewall monitors the context and state of network connections. By maintaining a dynamic state table, it allows inbound traffic only if it matches an established, valid connection initiated from inside the trusted network, offering significantly better security than static packet filters. Question 48. An attacker floods a target web server with a massive volume of synchronized traffic originating from thousands of compromised IoT devices scattered globally, completely exhausting the server's bandwidth and processing capacity. What type of attack is this? A. Man-in-the-Middle (MitM) Attack B. Distributed Denial of Service (DDoS) Attack C. Buffer Overflow Attack D. Replay Attack Answer: B Rationale: A Distributed Denial of Service (DDoS) attack leverages a distributed network of compromised systems (a botnet) to inundate a targeted resource with traffic. The sheer volume overwhelms the target's capacity, denying legitimate users access to the service. Question 49. Which of the following networking protocols is considered inherently insecure because it transmits all user credentials and session data in unencrypted, cleartext format across the wire? A. Secure Shell (SSH) B. Hypertext Transfer
for each separate system. What concept does this describe? A. Multi-Factor Authentication (MFA) B. Single Sign-On (SSO) C. Identity Provisioning D. Federated Identity Management Answer: B Rationale: Single Sign-On (SSO) is an authentication mechanism that allows a user to authenticate once to a centralized identity provider and subsequently gain access to multiple independent software applications or systems during that session without re-authenticating. Question 53. Which authentication factor represents an "inherence" factor within a multi-factor authentication framework? A. A temporary hardware-generated One-Time Password (OTP) token. B. A complex 16-character alphanumeric passphrase. C. A high-resolution physical iris scan. D. A smartcard cryptographic badge. Answer: C Rationale: Authentication factors are categorized as something you know (knowledge), something you have (possession), and something you are (inherence). Biometric data, such as a fingerprint, facial scan, or iris scan, represents physical characteristics inherent to the individual. Question 54. An identity federation system utilizes an open, XML-based standard for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP). What is this standard called? A. OAuth 2.0 B. Security Assertion Markup Language (SAML) C. OpenID Connect (OIDC) D. Kerberos Answer: B Rationale: SAML is an XML-based open standard framework developed for exchanging security assertions between an Identity Provider (the entity that authenticates the user) and a Service Provider (the application the user wants to access), facilitating cross-domain Single Sign-On. Question 55. A security administrator is configuring a Kerberos authentication environment. Which central component of Kerberos acts as the trusted third- party service containing the Authentication Server (AS) and the Ticket-Granting Server (TGS)? A. Principal B. Ticket Granting Ticket (TGT) C. Key Distribution Center (KDC) D. Authenticator
Answer: C Rationale: The Key Distribution Center (KDC) is the core structural piece of a Kerberos infrastructure. It maintains a database of all cryptographic keys and consists of two sub-services: the Authentication Server (AS), which issues Ticket-Granting Tickets (TGTs), and the Ticket-Granting Server (TGS), which issues service tickets. Question 56. An organization wants to prevent an attacker from executing a brute- force attack against its user accounts. They implement a policy that temporarily locks out a user account for 30 minutes after five consecutive failed login attempts. What type of control is this account lockout policy? A. Preventive Control B. Detective Control C. Corrective Control D. Compensating Control Answer: A Rationale: An account lockout policy acts as a preventive control because it actively blocks or stops an ongoing brute-force attack by disabling the target account's ability to accept further authentication attempts once the defined threshold is breached. Question 57. A security manager is reviewing identity access logs and notices that a user account belonging to a former contractor who left the company six months ago is still active and has recently logged in. What term best describes this security risk? A. Orphaned Account B. Service Account C. Shared Account D. Privileged Account Answer: A Rationale: An orphaned account is a user account that remains active in an identity management system after the associated employee or contractor has terminated their relationship with the organization. These accounts are prime targets for malicious exploitation due to a lack of active monitoring. Question 58. Which access control model organizes permissions based on structural job descriptions, where users are assigned to specific groups (e.g., Human Resources, Engineering) and inherit all permissions mapped to that group? A. Discretionary Access Control (DAC) B. Role-Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Rule-Based Access Control Answer: B Rationale: Role-Based Access Control (RBAC) aligns access privileges with organizational roles or job functions rather than individual user identities.