CISSP Exam 2026 Questions and Answers
Accountability - Correct answer-Holds individuals accountable for their actions
Accountability Principle - Correct answer-OECD Privacy Guideline principle
which states individuals should have the right to challenge the content of any
personal data being held, and have a process for updating their personal data if
found to be inaccurate or incomplete
Act honorably, justly, responsibly, and legally - Correct answer-Second canon of
the (ISC)2 Code of ethics
Administrative Law - Correct answer-Law enacted by government agencies, aka
regulatory law
Advance and protect the profession - Correct answer-Fourth canon of the (ISC)2
Code of Ethics
Agents of law enforcement - Correct answer-Private citizens carrying out actions
on the behalf of law enforcement
AIC triad - Correct answer-The three security principles: availability, intregrity,
and confidentiality.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,ALE/Annualized Loss Expectancy - Correct answer-The cost of loss due to a risk
over a year
Annualized loss expectancy (ALE) - Correct answer-A dollar amount that
estiamtes the loss potenial from a risk in a span of a year. Single Loss Expectancy
(SLE) x annualized rate of occurrence (ARO) = ALE
Annualized Rate of Occurrence (ARO) - Correct answer-The value that represents
the estimated possibility of a specific threat taking place within a one-year
timeframe.
Antivirus Software - Correct answer-Software designed to prevent and detect
malware infections
ARO/Annual Rate of Occurrence - Correct answer-The number of losses suffered
per year
Attack - Correct answer-An attempt to bypass security controls in a system with
the mission of using that system or compromising it. An attack is usually
accomplished by exploiting a current vulnerability.
Authentication - Correct answer-Proof of an Identity claim
Authorization - Correct answer-Actions an individual can perform on a system
AV/Asset Value - Correct answer-The Value of a protected asset
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,Availability - Correct answer-The reliability and accessibility of data and resources
to authorized identified individuals in a timely manner.
Availability - Correct answer-Assures information is available when needed
Awareness - Correct answer-Security Control designed to change user behavior
Background checks - Correct answer-A Verification of a person's background and
experience, Also called pre-employment screening
Baseline - Correct answer-Uniform ways to implement a safeguard , administrative
control
Baseline - Correct answer-The minimum level of security necessary to support and
enforce a security policy.
Best evidence rule - Correct answer-Requires use of the strongest possible
evidence
Best practice - Correct answer-A consensus of the best way to protect the
confidentiality, integrity and availability of assets
Bot - Correct answer-A computer system running malware that is controlled via a
botnet
Botnet - Correct answer-A central bot command and control (C&C) network,
managed by humans
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, Breach notification - Correct answer-Notification of persons whose personal data
has been, or is likely to have been, compromised
Business Impact Analysis (BIA) - Correct answer-A functional analysis in which a
team collects data, documents business functions, develops a hierarchy of business
functions, and applies a classification scheme to indicate each individual function's
criticality level.
CIA triad - Correct answer-Confidentiality, Integrity and Availability
Circumstantial evidence - Correct answer-Evidence that servers to establish the
circumstances related to particular points or even other evidence
Civil law - Correct answer-Law that resolves disputes between individuals or
organizations
Civil law (legal system) - Correct answer-Legal system that leverages codified
laws or statues to determine what is considered within the bounds of law
Classification - Correct answer-A systematic arrangement of objects into groups or
categories according to a set of established criteria. Data and resources can be
assigned a level of sensitivity as they are being created, amended, enhanced,
stored, or transmitted. The classification level then determines the extent to which
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
Accountability - Correct answer-Holds individuals accountable for their actions
Accountability Principle - Correct answer-OECD Privacy Guideline principle
which states individuals should have the right to challenge the content of any
personal data being held, and have a process for updating their personal data if
found to be inaccurate or incomplete
Act honorably, justly, responsibly, and legally - Correct answer-Second canon of
the (ISC)2 Code of ethics
Administrative Law - Correct answer-Law enacted by government agencies, aka
regulatory law
Advance and protect the profession - Correct answer-Fourth canon of the (ISC)2
Code of Ethics
Agents of law enforcement - Correct answer-Private citizens carrying out actions
on the behalf of law enforcement
AIC triad - Correct answer-The three security principles: availability, intregrity,
and confidentiality.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,ALE/Annualized Loss Expectancy - Correct answer-The cost of loss due to a risk
over a year
Annualized loss expectancy (ALE) - Correct answer-A dollar amount that
estiamtes the loss potenial from a risk in a span of a year. Single Loss Expectancy
(SLE) x annualized rate of occurrence (ARO) = ALE
Annualized Rate of Occurrence (ARO) - Correct answer-The value that represents
the estimated possibility of a specific threat taking place within a one-year
timeframe.
Antivirus Software - Correct answer-Software designed to prevent and detect
malware infections
ARO/Annual Rate of Occurrence - Correct answer-The number of losses suffered
per year
Attack - Correct answer-An attempt to bypass security controls in a system with
the mission of using that system or compromising it. An attack is usually
accomplished by exploiting a current vulnerability.
Authentication - Correct answer-Proof of an Identity claim
Authorization - Correct answer-Actions an individual can perform on a system
AV/Asset Value - Correct answer-The Value of a protected asset
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,Availability - Correct answer-The reliability and accessibility of data and resources
to authorized identified individuals in a timely manner.
Availability - Correct answer-Assures information is available when needed
Awareness - Correct answer-Security Control designed to change user behavior
Background checks - Correct answer-A Verification of a person's background and
experience, Also called pre-employment screening
Baseline - Correct answer-Uniform ways to implement a safeguard , administrative
control
Baseline - Correct answer-The minimum level of security necessary to support and
enforce a security policy.
Best evidence rule - Correct answer-Requires use of the strongest possible
evidence
Best practice - Correct answer-A consensus of the best way to protect the
confidentiality, integrity and availability of assets
Bot - Correct answer-A computer system running malware that is controlled via a
botnet
Botnet - Correct answer-A central bot command and control (C&C) network,
managed by humans
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, Breach notification - Correct answer-Notification of persons whose personal data
has been, or is likely to have been, compromised
Business Impact Analysis (BIA) - Correct answer-A functional analysis in which a
team collects data, documents business functions, develops a hierarchy of business
functions, and applies a classification scheme to indicate each individual function's
criticality level.
CIA triad - Correct answer-Confidentiality, Integrity and Availability
Circumstantial evidence - Correct answer-Evidence that servers to establish the
circumstances related to particular points or even other evidence
Civil law - Correct answer-Law that resolves disputes between individuals or
organizations
Civil law (legal system) - Correct answer-Legal system that leverages codified
laws or statues to determine what is considered within the bounds of law
Classification - Correct answer-A systematic arrangement of objects into groups or
categories according to a set of established criteria. Data and resources can be
assigned a level of sensitivity as they are being created, amended, enhanced,
stored, or transmitted. The classification level then determines the extent to which
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
