SABSA CERTIFICATION EXAM PREP 2026 |
UPDATED ACTUAL EXAM QUESTIONS &
VERIFIED CORRECT ANSWERS |
ENTERPRISE SECURITY ARCHITECTURE
STUDY GUIDE
SABSA CERTIFICATION EXAM PREP 2026
Enterprise Security Architecture Study Guide | Updated Actual Exam
Questions & Verified Correct Answers
• This guide contains 200 carefully curated SABSA exam-style questions with
verified correct answers, clear EXPERT RATIONALE, and full coverage of all exam
domains — designed to fast-track your certification readiness.
• Study tip: Work through each question independently before checking the
answer; use the EXPERT RATIONALE to reinforce understanding, not just
memorization.
1. What does SABSA stand for?
A) Structured Architecture for Business Security Assurance
B) Security Architecture for Business Systems Analysis
C) Systems Assurance for Business Security Architecture
D) Secure Applications for Business Systems Architecture
E) Security Assessment for Business Systems Assurance
C) Sherwood Applied Business Security Architecture
EXPERT RATIONALE: SABSA stands for Sherwood Applied Business Security
Architecture, named after John Sherwood who developed the framework. It is a proven
methodology for developing risk-driven enterprise information security architectures.
,2. The SABSA framework is primarily derived from which well-known
enterprise architecture framework?
A) COBIT
B) TOGAF
C) Zachman Framework
D) ITIL
E) ISO 27001
C) Zachman Framework
EXPERT RATIONALE: SABSA is derived from the Zachman Framework for enterprise
architecture. It adapts Zachman's matrix structure to security architecture, using rows
(layers) and columns (aspects) to organize security thinking across the enterprise.
3. How many architectural layers does the SABSA framework consist of?
A) Three
B) Four
C) Five
D) Six
E) Seven
D) Six
EXPERT RATIONALE: The SABSA framework consists of six architectural layers:
Contextual, Conceptual, Logical, Physical, Component, and Operational. Each layer
represents a different perspective of the security architecture.
4. Which SABSA layer is associated with the business context and the question
"Why?"
A) Conceptual Layer
,B) Logical Layer
C) Physical Layer
D) Contextual Layer
E) Component Layer
D) Contextual Layer
EXPERT RATIONALE: The Contextual Layer (also called the Business Layer) addresses
the "Why" question — why does the business need security? It defines the business
context, drivers, risks, and governance requirements that shape the entire security
architecture.
5. In SABSA, the Conceptual Layer answers which fundamental question?
A) How?
B) Who?
C) What?
D) Where?
E) When?
C) What?
EXPERT RATIONALE: The Conceptual Layer answers "What?" — what are the
conceptual security requirements? It translates business requirements into high-level
security concepts and policies, defining what needs to be protected and what security
services are needed.
6. Which SABSA layer is concerned with the detailed design of security
mechanisms and technologies?
A) Logical Layer
B) Contextual Layer
, C) Conceptual Layer
D) Physical Layer
E) Operational Layer
D) Physical Layer
EXPERT RATIONALE: The Physical Layer in SABSA is concerned with the detailed
design of security mechanisms and technology solutions. It answers "How?" in terms of
specific technologies, products, and tools used to implement the logical security
architecture.
7. What is the primary purpose of the SABSA Business Attributes Profile?
A) To define technical security controls
B) To map business requirements to security services
C) To document network topology
D) To assess vendor compliance
E) To list all security policies
B) To map business requirements to security services
EXPERT RATIONALE: The Business Attributes Profile (BAP) is a core SABSA tool that
bridges the gap between business requirements and security services. It captures
measurable security attributes derived from the business context and maps them to
appropriate security services.
8. Which of the following best describes the SABSA Contextual Layer
deliverable?
A) Security architecture blueprint
B) Network security design
C) Business risk model
UPDATED ACTUAL EXAM QUESTIONS &
VERIFIED CORRECT ANSWERS |
ENTERPRISE SECURITY ARCHITECTURE
STUDY GUIDE
SABSA CERTIFICATION EXAM PREP 2026
Enterprise Security Architecture Study Guide | Updated Actual Exam
Questions & Verified Correct Answers
• This guide contains 200 carefully curated SABSA exam-style questions with
verified correct answers, clear EXPERT RATIONALE, and full coverage of all exam
domains — designed to fast-track your certification readiness.
• Study tip: Work through each question independently before checking the
answer; use the EXPERT RATIONALE to reinforce understanding, not just
memorization.
1. What does SABSA stand for?
A) Structured Architecture for Business Security Assurance
B) Security Architecture for Business Systems Analysis
C) Systems Assurance for Business Security Architecture
D) Secure Applications for Business Systems Architecture
E) Security Assessment for Business Systems Assurance
C) Sherwood Applied Business Security Architecture
EXPERT RATIONALE: SABSA stands for Sherwood Applied Business Security
Architecture, named after John Sherwood who developed the framework. It is a proven
methodology for developing risk-driven enterprise information security architectures.
,2. The SABSA framework is primarily derived from which well-known
enterprise architecture framework?
A) COBIT
B) TOGAF
C) Zachman Framework
D) ITIL
E) ISO 27001
C) Zachman Framework
EXPERT RATIONALE: SABSA is derived from the Zachman Framework for enterprise
architecture. It adapts Zachman's matrix structure to security architecture, using rows
(layers) and columns (aspects) to organize security thinking across the enterprise.
3. How many architectural layers does the SABSA framework consist of?
A) Three
B) Four
C) Five
D) Six
E) Seven
D) Six
EXPERT RATIONALE: The SABSA framework consists of six architectural layers:
Contextual, Conceptual, Logical, Physical, Component, and Operational. Each layer
represents a different perspective of the security architecture.
4. Which SABSA layer is associated with the business context and the question
"Why?"
A) Conceptual Layer
,B) Logical Layer
C) Physical Layer
D) Contextual Layer
E) Component Layer
D) Contextual Layer
EXPERT RATIONALE: The Contextual Layer (also called the Business Layer) addresses
the "Why" question — why does the business need security? It defines the business
context, drivers, risks, and governance requirements that shape the entire security
architecture.
5. In SABSA, the Conceptual Layer answers which fundamental question?
A) How?
B) Who?
C) What?
D) Where?
E) When?
C) What?
EXPERT RATIONALE: The Conceptual Layer answers "What?" — what are the
conceptual security requirements? It translates business requirements into high-level
security concepts and policies, defining what needs to be protected and what security
services are needed.
6. Which SABSA layer is concerned with the detailed design of security
mechanisms and technologies?
A) Logical Layer
B) Contextual Layer
, C) Conceptual Layer
D) Physical Layer
E) Operational Layer
D) Physical Layer
EXPERT RATIONALE: The Physical Layer in SABSA is concerned with the detailed
design of security mechanisms and technology solutions. It answers "How?" in terms of
specific technologies, products, and tools used to implement the logical security
architecture.
7. What is the primary purpose of the SABSA Business Attributes Profile?
A) To define technical security controls
B) To map business requirements to security services
C) To document network topology
D) To assess vendor compliance
E) To list all security policies
B) To map business requirements to security services
EXPERT RATIONALE: The Business Attributes Profile (BAP) is a core SABSA tool that
bridges the gap between business requirements and security services. It captures
measurable security attributes derived from the business context and maps them to
appropriate security services.
8. Which of the following best describes the SABSA Contextual Layer
deliverable?
A) Security architecture blueprint
B) Network security design
C) Business risk model
