Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

CISSP Practice Exam: 2026 Edition||questions and answers with rationales/graded A+/ update/100% correct /instant download

Rating
-
Sold
-
Pages
22
Grade
A+
Uploaded on
02-07-2026
Written in
2025/2026

CISSP Practice Exam: 2026 Edition||questions and answers with rationales/graded A+/ update/100% correct /instant download

Institution
2026
Course
2026

Content preview

CISSP Practice Exam: 2026
Edition||questions and answers with
rationales/graded A+/ update/100%
correct /instant download
Target Audience: Aspiring CISSP candidates
Questions: 80
Format: Multiple choice (one best answer)
Correct answers are highlighted in bold.
Rationales provided for each question.


Domain 1: Security and Risk Management (12 questions)
1. A global enterprise is implementing an AI-driven identity governance
system. Which ethical principle is MOST critical to prevent algorithmic bias
in access decisions?
A. Accountability
B. Non-repudiation
C. Fairness
D. Privacy by design
Rationale: Fairness ensures AI models do not discriminate based on protected
attributes. Accountability is important but addresses auditability; fairness directly
mitigates bias.
2. A company adopts the NIST Cybersecurity Framework (CSF) 2.0. Which
new category introduced in CSF 2.0 focuses on continuous improvement of
security processes?
A. Identify
B. Protect
C. Govern
D. Recover

,Rationale: CSF 2.0 added the “Govern” function as a cross-cutting category,
emphasizing organizational context, risk management strategy, and policy
oversight.
3. Which of the following represents the BEST method to quantify risk for a
proposed cloud migration?
A. Qualitative risk assessment
B. Annualized Loss Expectancy (ALE) calculation
C. Single Loss Expectancy (SLE) only
D. Threat modeling only
Rationale: ALE (SLE × ARO) quantifies financial impact over time, allowing cost-
benefit decisions for controls. Qualitative lacks numbers; SLE alone ignores
frequency.
4. A European bank processes personal data of EU citizens. Under GDPR,
what is the maximum fine for non-compliance with data breach notification
requirements?
A. €10 million or 2% of global turnover
B. €20 million or 4% of global turnover, whichever is higher
C. €5 million flat
D. €50 million or 5% of global turnover
Rationale: Article 83(5) GDPR sets higher tier (4% or €20M) for breaches of data
subject rights and notification duties.
5. A business continuity plan (BCP) test is performed by walking through the
plan with key stakeholders without actually activating systems. This is called:
A. Full interruption test
B. Simulation test
C. Structured walkthrough
D. Parallel test
Rationale: Structured walkthrough (tabletop) involves discussing roles and steps.
Parallel test runs systems in recovery mode; full interruption is live failover.
6. Which concept ensures that an employee cannot deny performing an action
due to digital evidence logs?
A. Authorization
B. Non-repudiation

, C. Authenticity
D. Confidentiality
Rationale: Non-repudiation uses digital signatures, audit trails, or blockchain to
prove an action occurred, preventing denial.
7. A new U.S. federal law in 2026 requires real-time reporting of material
cybersecurity incidents within 24 hours. This law most closely aligns with
which SEC rule concept?
A. Regulation SCI
B. Cyber incident materiality disclosure
C. GLBA safeguards rule
D. HIPAA breach rule
Rationale: The SEC’s 2023 rules (and expanded 2026 updates) mandate 4-day
disclosure, but proposed tighter rules push 24 hours for critical infrastructure;
“materiality” is key.
8. Which risk treatment strategy is being used if a company purchases a cyber
insurance policy?
A. Risk avoidance
B. Risk mitigation
C. Risk transference
D. Risk acceptance
Rationale: Transference shifts financial risk to an insurer. Mitigation reduces
likelihood/impact; avoidance eliminates the activity.
9. A security architect adopts “security by design” for a new IoT product. This
means:
A. Adding firewall after development
B. Integrating security controls from initial requirements phase
C. Only testing for vulnerabilities at launch
D. Relying on air gaps
Rationale: Security by design means embedding controls (e.g., secure boot,
encryption) throughout SDLC, not retrofitting.
10. Which type of control is a “captcha” on a login page?
A. Preventive – technical
B. Preventive – logical (or technical)

Written for

Institution
2026
Course
2026

Document information

Uploaded on
July 2, 2026
Number of pages
22
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$23.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
trustednurse NURSING
View profile
Follow You need to be logged in order to follow users or courses
Sold
949
Member since
3 year
Number of followers
411
Documents
9860
Last sold
1 week ago

On this platform, you will discover a variety of meticulously crafted study materials, including detailed documents, comprehensive bundles, and expertly designed flashcards provided by the seller, Trustednurse. These resources are thoughtfully prepared to support your learning journey and make your studies and exam preparations smooth and effective. I am here to offer any assistance or answer any questions you may have regarding your academic needs. Please don’t hesitate to reach out for guidance or support—I am more than happy to help you achieve success in your courses and exams. Wishing you a seamless and rewarding learning experience. Thank you so much for choosing these resources!

Read more Read less
4.9

2502 reviews

5
2395
4
30
3
36
2
17
1
24

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions