ISC2 PRE-ASSESSMENT: 2025–2026 LATEST EXAM PRACTICE
80 QUESTIONS WITH MOST TESTED TOPICS (HARVARD
STYLE)
✅ Key Features:
80 practice-style questions covering the most tested cybersecurity concepts
Updated for the 2025–2026 certification cycle to reflect ISC2 exam expectations
In-depth rationales and explanations for every practice question
Supported with Harvard-style referencing for academic rigor
Covers high-yield areas including:
o Security Principles and Risk Management
o Network and Communications Security
o Access Controls and Identity Management
o Incident Response and Recovery
o Cryptography and Data Protection
Helps learners identify strengths and weaknesses before attempting ISC2 exams
📘 Best For:
Students preparing for entry-level and intermediate ISC2 certifications
Learners seeking a diagnostic tool to measure readiness before the official exam
IT and cybersecurity professionals aiming to review high-priority domains efficiently
Candidates who want academically referenced explanations to reinforce study
The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data
the company possesses. This document is signed by Triffid senior management. What kind of
document is this? (D1, L1.4.1)
Question options:
A) Policy
B) Procedure
C) Standard
D) Law
A) Policy
A is correct. This is an internal, strategic document, and is therefore a policy. B is incorrect; this is a
strategic overview, not a specific process or practice, so it is not a procedure. C is incorrect; this is an
internal document, not an industry-wide recognized set of practices, so it is not a standard. D is
incorrect; this is not a legal mandate issued by a government, so it is not a law.
, The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.)
are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is
this? (D1, L1.3.1)
Question options:
A) Administrative
B) Entrenched
C) Physical
D) Technical
D) Technical
D is correct. A GPS unit is part of the IT environment, so this is a technical control. A is incorrect. The
GPS unit itself is not a rule or a policy or a process; it is part of the IT environment, so D is a better
answer. B is incorrect; "entrenched" is not a term commonly used to describe a particular type of
security control, and is used here only as a distractor. C is incorrect; while a GPS unit is a tangible
object, it is also part of the IT environment, and it does not interact directly with other physical
objects in order to prevent action, so "technical" is a better descriptor, and D is a better answer.
Triffid Corporation has a policy that all employees must receive security awareness instruction
before using email; the company wants to make employees aware of potential phishing attempts
that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1)
Question options:
A) Administrative
B) Finite
C) Physical
D) Technical
A) Administrative
A is correct. Both the policy and the instruction are administrative controls; rules and governance are
administrative. B is incorrect; "finite" is not a term commonly used to describe a particular type of
security control, and is used here only as a distractor. C is incorrect; training is not a tangible object,
so this is not a physical control. D is incorrect; training is not part of the IT environment, so it is not a
technical control.
80 QUESTIONS WITH MOST TESTED TOPICS (HARVARD
STYLE)
✅ Key Features:
80 practice-style questions covering the most tested cybersecurity concepts
Updated for the 2025–2026 certification cycle to reflect ISC2 exam expectations
In-depth rationales and explanations for every practice question
Supported with Harvard-style referencing for academic rigor
Covers high-yield areas including:
o Security Principles and Risk Management
o Network and Communications Security
o Access Controls and Identity Management
o Incident Response and Recovery
o Cryptography and Data Protection
Helps learners identify strengths and weaknesses before attempting ISC2 exams
📘 Best For:
Students preparing for entry-level and intermediate ISC2 certifications
Learners seeking a diagnostic tool to measure readiness before the official exam
IT and cybersecurity professionals aiming to review high-priority domains efficiently
Candidates who want academically referenced explanations to reinforce study
The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data
the company possesses. This document is signed by Triffid senior management. What kind of
document is this? (D1, L1.4.1)
Question options:
A) Policy
B) Procedure
C) Standard
D) Law
A) Policy
A is correct. This is an internal, strategic document, and is therefore a policy. B is incorrect; this is a
strategic overview, not a specific process or practice, so it is not a procedure. C is incorrect; this is an
internal document, not an industry-wide recognized set of practices, so it is not a standard. D is
incorrect; this is not a legal mandate issued by a government, so it is not a law.
, The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.)
are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is
this? (D1, L1.3.1)
Question options:
A) Administrative
B) Entrenched
C) Physical
D) Technical
D) Technical
D is correct. A GPS unit is part of the IT environment, so this is a technical control. A is incorrect. The
GPS unit itself is not a rule or a policy or a process; it is part of the IT environment, so D is a better
answer. B is incorrect; "entrenched" is not a term commonly used to describe a particular type of
security control, and is used here only as a distractor. C is incorrect; while a GPS unit is a tangible
object, it is also part of the IT environment, and it does not interact directly with other physical
objects in order to prevent action, so "technical" is a better descriptor, and D is a better answer.
Triffid Corporation has a policy that all employees must receive security awareness instruction
before using email; the company wants to make employees aware of potential phishing attempts
that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1)
Question options:
A) Administrative
B) Finite
C) Physical
D) Technical
A) Administrative
A is correct. Both the policy and the instruction are administrative controls; rules and governance are
administrative. B is incorrect; "finite" is not a term commonly used to describe a particular type of
security control, and is used here only as a distractor. C is incorrect; training is not a tangible object,
so this is not a physical control. D is incorrect; training is not part of the IT environment, so it is not a
technical control.
