CISSP Chapter 1 Exam 2026 Questions
and Answers
Which of the following contains the primary goals and objectives of security?
A. A network's border perimeter
B. The CIA Triad
C. A stand-alone system
D. The Internet - Correct answer-B. The primary goals and objectives of security
are confidentiality, integrity, and availability, commonly referred to as the CIA
Triad .
Vulnerabilities and risks are evaluated based on their threats against which of the
following?
A. One or more of the CIA Triad principles
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,B. Data usefulness
C. Due care
D. Extent of liability - Correct answer-A. Vulnerabilities and risks are evaluated
based on their threats against one or more of the CIA Triad principles.
Which of the following is a principle of the CIA Triad that means authorized
subjects are granted timely and uninterrupted access to objects?
A. Identification
B. Availability
C. Encryption
D. Layering - Correct answer-B. Availability means that authorized subjects are
granted timely and uninterrupted access to objects.
Which of the following is not considered a violation of confidentiality?
A. Stealing passwords
B. Eavesdropping
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, C. Hardware destruction
D. Social engineering - Correct answer-C. Hardware destruction is a violation of
availability and possibly integrity. Violations of confidentiality include capturing
network traffic, stealing password files, social engineering, port scanning, shoulder
surfing, eavesdropping, and sniffing.
Which of the following is not true?
A. Violations of confidentiality include human error.
B. Violations of confidentiality include management oversight.
C. Violations of confidentiality are limited to direct intentional attacks.
D. Violations of confidentiality can occur when a transmission is not properly
encrypted. - Correct answer-C. Violations of confidentiality are not limited to
direct intentional attacks. Many instances of unauthorized disclosure of sensitive or
confidential information are due to human error, oversight, or ineptitude.
STRIDE is often used in relation to assessing threats against applications or
operating systems. Which of the following is not an element of STRIDE?
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
and Answers
Which of the following contains the primary goals and objectives of security?
A. A network's border perimeter
B. The CIA Triad
C. A stand-alone system
D. The Internet - Correct answer-B. The primary goals and objectives of security
are confidentiality, integrity, and availability, commonly referred to as the CIA
Triad .
Vulnerabilities and risks are evaluated based on their threats against which of the
following?
A. One or more of the CIA Triad principles
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,B. Data usefulness
C. Due care
D. Extent of liability - Correct answer-A. Vulnerabilities and risks are evaluated
based on their threats against one or more of the CIA Triad principles.
Which of the following is a principle of the CIA Triad that means authorized
subjects are granted timely and uninterrupted access to objects?
A. Identification
B. Availability
C. Encryption
D. Layering - Correct answer-B. Availability means that authorized subjects are
granted timely and uninterrupted access to objects.
Which of the following is not considered a violation of confidentiality?
A. Stealing passwords
B. Eavesdropping
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, C. Hardware destruction
D. Social engineering - Correct answer-C. Hardware destruction is a violation of
availability and possibly integrity. Violations of confidentiality include capturing
network traffic, stealing password files, social engineering, port scanning, shoulder
surfing, eavesdropping, and sniffing.
Which of the following is not true?
A. Violations of confidentiality include human error.
B. Violations of confidentiality include management oversight.
C. Violations of confidentiality are limited to direct intentional attacks.
D. Violations of confidentiality can occur when a transmission is not properly
encrypted. - Correct answer-C. Violations of confidentiality are not limited to
direct intentional attacks. Many instances of unauthorized disclosure of sensitive or
confidential information are due to human error, oversight, or ineptitude.
STRIDE is often used in relation to assessing threats against applications or
operating systems. Which of the following is not an element of STRIDE?
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
