CISSP Multiple Choice Exam 2026
Questions and Answers
All of the following items should be included in a Business Impact Analysis (BIA)
questionnaire EXCEPT questions that:
A. determine the risk of a business interruption occurring
B. determine the technological dependence of the business processes
C. Identify the operational impacts of a business interruption
D. Identify the financial impacts of a business interruption - Correct answer-B.
determine the technological dependence of the business processes
Which of the following actions will reduce risk to a laptop before traveling to a
high risk area?
A. Examine the device for physical tampering
B. Implement more stringent baseline configurations
C. Purge or re-image the hard disk drive
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,D. Change access codes - Correct answer-B. Implement more stringent baseline
configurations
Which of the following represents the GREATEST risk to data confidentiality?
A. Network redundancies are not implemented
B. Security awareness training is not completed
C. Backup tapes are generated unencrypted
D. Users have administrative privileges - Correct answer-C. Backup tapes are
generated unencrypted
What is the MOST important consideration from a data security perspective when
an organization plans to relocate?
A. Ensure the fire prevention and detection systems are sufficient to protect
personnel
B. Review the architectural plans to determine how many emergency exits are
present
C. Conduct a gap analysis of a new facilities against existing security requirements
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan - Correct
answer-C. Conduct a gap analysis of a new facilities against existing security
requirements
A company whose Information Technology (IT) services are being delivered from
a Tier 4 data center, is preparing a companywide Business Continuity
Planning(BCP). Which of the following failures should the IT manager be
concerned with?
A. Application
B. Storage
C. Power
D. Network - Correct answer-A. Application ??
When assessing an organization's security policy according to standards
established by the International Organization for Standardization (ISO) 27001 and
27002, when can management responsibilities be defined?
A. Only when assets are clearly defined
B. Only when standards are defined
C. Only when controls are put in place
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, D. Only procedures are defined - Correct answer-A. Only when assets are clearly
defined
Which of the following types of technologies would be the MOST cost-effective
method to provide a reactive control for protecting personnel in public areas?
A. Install mantraps at the building entrances
B. Enclose the personnel entry area with polycarbonate plastic
C. Supply a duress alarm for personnel exposed to the public
D. Hire a guard to protect the public area - Correct answer-C. Supply a duress
alarm for personnel exposed to the public
An important principle of defense in depth is that achieving information security
requires a balanced focus on which PRIMARY elements?
A. Development, testing, and deployment
B. Prevention, detection, and remediation
C. People, technology, and operations
D. Certification, accreditation, and monitoring - Correct answer-C. People,
technology, and operations
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
Questions and Answers
All of the following items should be included in a Business Impact Analysis (BIA)
questionnaire EXCEPT questions that:
A. determine the risk of a business interruption occurring
B. determine the technological dependence of the business processes
C. Identify the operational impacts of a business interruption
D. Identify the financial impacts of a business interruption - Correct answer-B.
determine the technological dependence of the business processes
Which of the following actions will reduce risk to a laptop before traveling to a
high risk area?
A. Examine the device for physical tampering
B. Implement more stringent baseline configurations
C. Purge or re-image the hard disk drive
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,D. Change access codes - Correct answer-B. Implement more stringent baseline
configurations
Which of the following represents the GREATEST risk to data confidentiality?
A. Network redundancies are not implemented
B. Security awareness training is not completed
C. Backup tapes are generated unencrypted
D. Users have administrative privileges - Correct answer-C. Backup tapes are
generated unencrypted
What is the MOST important consideration from a data security perspective when
an organization plans to relocate?
A. Ensure the fire prevention and detection systems are sufficient to protect
personnel
B. Review the architectural plans to determine how many emergency exits are
present
C. Conduct a gap analysis of a new facilities against existing security requirements
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan - Correct
answer-C. Conduct a gap analysis of a new facilities against existing security
requirements
A company whose Information Technology (IT) services are being delivered from
a Tier 4 data center, is preparing a companywide Business Continuity
Planning(BCP). Which of the following failures should the IT manager be
concerned with?
A. Application
B. Storage
C. Power
D. Network - Correct answer-A. Application ??
When assessing an organization's security policy according to standards
established by the International Organization for Standardization (ISO) 27001 and
27002, when can management responsibilities be defined?
A. Only when assets are clearly defined
B. Only when standards are defined
C. Only when controls are put in place
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, D. Only procedures are defined - Correct answer-A. Only when assets are clearly
defined
Which of the following types of technologies would be the MOST cost-effective
method to provide a reactive control for protecting personnel in public areas?
A. Install mantraps at the building entrances
B. Enclose the personnel entry area with polycarbonate plastic
C. Supply a duress alarm for personnel exposed to the public
D. Hire a guard to protect the public area - Correct answer-C. Supply a duress
alarm for personnel exposed to the public
An important principle of defense in depth is that achieving information security
requires a balanced focus on which PRIMARY elements?
A. Development, testing, and deployment
B. Prevention, detection, and remediation
C. People, technology, and operations
D. Certification, accreditation, and monitoring - Correct answer-C. People,
technology, and operations
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
