CISSP Practice Exam Question And Correct
Answers (Verified Answers) Plus Rationales
2026 Q&A Instant Download Pdf
1. Which CIA triad element ensures information is accessible
when needed?
A. Confidentiality
B. Integrity
C. Non-repudiation
D. Availability
Answer: D. Availability
Rationale: Availability ensures systems and data are
accessible to authorized users when required.
2. What principle requires users to have only the minimum
access necessary to perform their job?
A. Separation of duties
B. Least privilege
C. Need to know
D. Due care
Answer: B. Least privilege
Rationale: Least privilege limits access rights to only what
is necessary for a user's role.
,3. Which security control type attempts to stop an incident
before it occurs?
A. Detective
B. Corrective
C. Preventive
D. Recovery
Answer: C. Preventive
Rationale: Preventive controls are designed to stop
security incidents before they happen.
4. What type of attack involves overwhelming a system with
traffic?
A. Phishing
B. Spoofing
C. Man-in-the-middle
D. Denial of Service
Answer: D. Denial of Service
Rationale: A DoS attack floods a system with traffic to
make it unavailable.
5. Which document defines management’s expectations for
security?
A. Standard
B. Procedure
C. Guideline
D. Policy
, Answer: D. Policy
Rationale: Policies are high-level documents expressing
management’s intent and direction.
6. What is the primary goal of risk management?
A. Eliminate all risks
B. Ignore low-level risks
C. Reduce risk to acceptable levels
D. Transfer all risks
Answer: C. Reduce risk to acceptable levels
Rationale: Risk management seeks to lower risk to levels
acceptable to the organization.
7. Which OSI layer is responsible for routing?
A. Physical
B. Data Link
C. Network
D. Transport
Answer: C. Network
Rationale: The Network layer handles logical addressing
and routing.
8. Which access control model is based on security
classifications and labels?
A. DAC
B. MAC
C. RBAC
, D. ABAC
Answer: B. MAC
Rationale: Mandatory Access Control uses security labels
and classifications.
9. What is the main purpose of a checksum?
A. Encrypt data
B. Authenticate users
C. Validate data integrity
D. Compress files
Answer: C. Validate data integrity
Rationale: Checksums are used to detect changes in data.
10. Which cryptographic algorithm uses the same key to
encrypt and decrypt data?
A. RSA
B. ECC
C. Symmetric
D. Hashing
Answer: C. Symmetric
Rationale: Symmetric encryption uses a single shared
secret key.
11. Which security concept requires two people to
complete a critical task?
A. Rotation of duties
B. Separation of duties
Answers (Verified Answers) Plus Rationales
2026 Q&A Instant Download Pdf
1. Which CIA triad element ensures information is accessible
when needed?
A. Confidentiality
B. Integrity
C. Non-repudiation
D. Availability
Answer: D. Availability
Rationale: Availability ensures systems and data are
accessible to authorized users when required.
2. What principle requires users to have only the minimum
access necessary to perform their job?
A. Separation of duties
B. Least privilege
C. Need to know
D. Due care
Answer: B. Least privilege
Rationale: Least privilege limits access rights to only what
is necessary for a user's role.
,3. Which security control type attempts to stop an incident
before it occurs?
A. Detective
B. Corrective
C. Preventive
D. Recovery
Answer: C. Preventive
Rationale: Preventive controls are designed to stop
security incidents before they happen.
4. What type of attack involves overwhelming a system with
traffic?
A. Phishing
B. Spoofing
C. Man-in-the-middle
D. Denial of Service
Answer: D. Denial of Service
Rationale: A DoS attack floods a system with traffic to
make it unavailable.
5. Which document defines management’s expectations for
security?
A. Standard
B. Procedure
C. Guideline
D. Policy
, Answer: D. Policy
Rationale: Policies are high-level documents expressing
management’s intent and direction.
6. What is the primary goal of risk management?
A. Eliminate all risks
B. Ignore low-level risks
C. Reduce risk to acceptable levels
D. Transfer all risks
Answer: C. Reduce risk to acceptable levels
Rationale: Risk management seeks to lower risk to levels
acceptable to the organization.
7. Which OSI layer is responsible for routing?
A. Physical
B. Data Link
C. Network
D. Transport
Answer: C. Network
Rationale: The Network layer handles logical addressing
and routing.
8. Which access control model is based on security
classifications and labels?
A. DAC
B. MAC
C. RBAC
, D. ABAC
Answer: B. MAC
Rationale: Mandatory Access Control uses security labels
and classifications.
9. What is the main purpose of a checksum?
A. Encrypt data
B. Authenticate users
C. Validate data integrity
D. Compress files
Answer: C. Validate data integrity
Rationale: Checksums are used to detect changes in data.
10. Which cryptographic algorithm uses the same key to
encrypt and decrypt data?
A. RSA
B. ECC
C. Symmetric
D. Hashing
Answer: C. Symmetric
Rationale: Symmetric encryption uses a single shared
secret key.
11. Which security concept requires two people to
complete a critical task?
A. Rotation of duties
B. Separation of duties
