CISSP – PRACTICE QUESTIONS AND CORRECT ANSWERS (VERIFIED
ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT DOWNLOAD PDF.
Core Domains
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
Introduction
The purpose of this comprehensive assessment is to evaluate a candidate’s mastery
of the eight domains within the Common Body of Knowledge (CBK). This exam
measures the technical and managerial skills required to design, engineer,
implement, and manage an organization’s overall security posture. The questions
comprise a mix of foundational theory, regulatory compliance, and complex scenario-
,based inquiries. By emphasizing real-world application and ethical decision-making,
this assessment ensures the candidate can apply high-level security concepts to
practical organizational challenges. The multiple-choice format is designed to test
critical thinking and the ability to select the best possible solution in a professional
environment.
Section One: Questions 1–100
1. Which of the following is the most important consideration when developing a
business continuity plan (BCP)?
A. Documenting every technical process in detail
B. Obtaining management support and approval
C. Ensuring all data is backed up off-site
D. Testing the plan every six months
🟢 Correct answer B. Option
🔴 RATIONALE: Without senior management support, the BCP will lack the
necessary resources, authority, and strategic alignment to be effective during a crisis.
2. A security administrator needs to protect sensitive data on a laptop from
physical theft. Which technology provides the best protection for data-at-rest?
,A. File-level permissions
B. Full disk encryption (FDE)
C. BIOS password
D. Screen lock with complexity requirements
🟢 Correct answer B. Option
🔴 RATIONALE: Full disk encryption ensures that even if the hardware is stolen, the
data remains unreadable without the proper cryptographic key.
3. During an investigation, which type of evidence is considered "hearsay" in a
court of law?
A. A signed confession from a suspect
B. A copy of a system log file
C. Direct testimony from a witness
D. An original hard drive
🟢 Correct answer B. Option
🔴 RATIONALE: Logs are considered hearsay because they are not direct
statements made by a person under oath, though they may be admissible under the
"business records" exception.
4. Which access control model uses security labels to make access decisions?
, A. Discretionary Access Control (DAC)
B. Role-Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Rule-Based Access Control
🟢 Correct answer C. Option
🔴 RATIONALE: MAC systems compare a subject's clearance label with an object's
classification label to determine if access is permitted.
5. What is the primary goal of Egress filtering?
A. To prevent unauthorized users from entering the network
B. To monitor incoming traffic for malware signatures
C. To prevent sensitive data or malicious traffic from leaving the network
D. To balance the load across multiple web servers
🟢 Correct answer C. Option
🔴 RATIONALE: Egress filtering inspects and restricts traffic exiting a network to
prevent data exfiltration or botnet communications.
6. Which risk management strategy involves purchasing an insurance policy to
cover potential losses?
ANSWERS) PLUS RATIONALES 2026 Q&A | INSTANT DOWNLOAD PDF.
Core Domains
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
Introduction
The purpose of this comprehensive assessment is to evaluate a candidate’s mastery
of the eight domains within the Common Body of Knowledge (CBK). This exam
measures the technical and managerial skills required to design, engineer,
implement, and manage an organization’s overall security posture. The questions
comprise a mix of foundational theory, regulatory compliance, and complex scenario-
,based inquiries. By emphasizing real-world application and ethical decision-making,
this assessment ensures the candidate can apply high-level security concepts to
practical organizational challenges. The multiple-choice format is designed to test
critical thinking and the ability to select the best possible solution in a professional
environment.
Section One: Questions 1–100
1. Which of the following is the most important consideration when developing a
business continuity plan (BCP)?
A. Documenting every technical process in detail
B. Obtaining management support and approval
C. Ensuring all data is backed up off-site
D. Testing the plan every six months
🟢 Correct answer B. Option
🔴 RATIONALE: Without senior management support, the BCP will lack the
necessary resources, authority, and strategic alignment to be effective during a crisis.
2. A security administrator needs to protect sensitive data on a laptop from
physical theft. Which technology provides the best protection for data-at-rest?
,A. File-level permissions
B. Full disk encryption (FDE)
C. BIOS password
D. Screen lock with complexity requirements
🟢 Correct answer B. Option
🔴 RATIONALE: Full disk encryption ensures that even if the hardware is stolen, the
data remains unreadable without the proper cryptographic key.
3. During an investigation, which type of evidence is considered "hearsay" in a
court of law?
A. A signed confession from a suspect
B. A copy of a system log file
C. Direct testimony from a witness
D. An original hard drive
🟢 Correct answer B. Option
🔴 RATIONALE: Logs are considered hearsay because they are not direct
statements made by a person under oath, though they may be admissible under the
"business records" exception.
4. Which access control model uses security labels to make access decisions?
, A. Discretionary Access Control (DAC)
B. Role-Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Rule-Based Access Control
🟢 Correct answer C. Option
🔴 RATIONALE: MAC systems compare a subject's clearance label with an object's
classification label to determine if access is permitted.
5. What is the primary goal of Egress filtering?
A. To prevent unauthorized users from entering the network
B. To monitor incoming traffic for malware signatures
C. To prevent sensitive data or malicious traffic from leaving the network
D. To balance the load across multiple web servers
🟢 Correct answer C. Option
🔴 RATIONALE: Egress filtering inspects and restricts traffic exiting a network to
prevent data exfiltration or botnet communications.
6. Which risk management strategy involves purchasing an insurance policy to
cover potential losses?
