CISSP Exam 2026 Questions and Answers
NIST SP800-53 discusses a set of security controls as what type of security tool?
A.A configuration list
B. A threat management strategy
C. A baseline
D. The CIS standard - Correct answer-C. NIST SP 800-53 discusses security
control baselines as a list of security controls. CIS releases security baselines, and a
baseline is a useful part of a threat management strategy and may contain a list of
acceptable configuration items.
Ed has been tasked with identifying a service that will provide a low-latency, high-
performance, and high-availability way to host content for his employer. What type
of solution should he seek out to ensure that his employer's customers around the
world can access their content quickly, easily, and reliably?
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,A hot site
A CDN
Redundant servers
A P2P CDN - Correct answer-B. A Content Distribution Network (CDN) is
designed to provide reliable, low-latency, geographically distributed content
distribution. In this scenario, a CDN is an ideal solution. A P2P CDN like
BitTorrent isn't a typical choice for a commercial entity, whereas redundant servers
or a hot site can provide high availability but won't provide the remaining
requirements.
Which one of the following is not a function of a forensic device controller?
Preventing the modification of data on a storage device
Returning data requested from the device
Reporting errors sent by the device to the forensic host
Blocking read commands sent to the device - Correct answer-D. A forensic disk
controller performs four functions. One of those, write blocking, intercepts write
commands sent to the device and prevents them from modifying data on the
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,device. The other three functions include returning data requested by a read
operation, returning access-significant information from the device, and reporting
errors from the device back to the forensic host. The controller should not prevent
read commands from being sent to the device because those commands may return
crucial information.
Mike is building a fault-tolerant server and wishes to implement RAID 1. How
many physical disks are required to build this solution?
1
2
3
5 - Correct answer-B. RAID 1, disk mirroring, requires two physical disks that will
contain copies of the same data.
Which Kerberos service generates a new ticket and session keys and sends them to
the client?
KDC
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, TGT
AS
TGS - Correct answer-D. The TGS, or Ticket-Granting Service (which is usually
on the same server as the KDC) receives a TGT from the client. It validates the
TGT and the user's rights to access the service they are requesting to use. The TGS
then issues a ticket and session keys to the client. The AS serves as the
authentication server, which forwards the username to the KDC.
Communication systems that rely on start and stop flags or bits to manage data
transmission are known as what type of communication?
Analog
Digital
Synchronous
Asynchronous - Correct answer-D. Asynchronous communications rely on a a
built-in stop and start flag or bit. This makes asynchronous communications less
efficient than synchronous communications, but better suited to some types of
communication.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
NIST SP800-53 discusses a set of security controls as what type of security tool?
A.A configuration list
B. A threat management strategy
C. A baseline
D. The CIS standard - Correct answer-C. NIST SP 800-53 discusses security
control baselines as a list of security controls. CIS releases security baselines, and a
baseline is a useful part of a threat management strategy and may contain a list of
acceptable configuration items.
Ed has been tasked with identifying a service that will provide a low-latency, high-
performance, and high-availability way to host content for his employer. What type
of solution should he seek out to ensure that his employer's customers around the
world can access their content quickly, easily, and reliably?
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,A hot site
A CDN
Redundant servers
A P2P CDN - Correct answer-B. A Content Distribution Network (CDN) is
designed to provide reliable, low-latency, geographically distributed content
distribution. In this scenario, a CDN is an ideal solution. A P2P CDN like
BitTorrent isn't a typical choice for a commercial entity, whereas redundant servers
or a hot site can provide high availability but won't provide the remaining
requirements.
Which one of the following is not a function of a forensic device controller?
Preventing the modification of data on a storage device
Returning data requested from the device
Reporting errors sent by the device to the forensic host
Blocking read commands sent to the device - Correct answer-D. A forensic disk
controller performs four functions. One of those, write blocking, intercepts write
commands sent to the device and prevents them from modifying data on the
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,device. The other three functions include returning data requested by a read
operation, returning access-significant information from the device, and reporting
errors from the device back to the forensic host. The controller should not prevent
read commands from being sent to the device because those commands may return
crucial information.
Mike is building a fault-tolerant server and wishes to implement RAID 1. How
many physical disks are required to build this solution?
1
2
3
5 - Correct answer-B. RAID 1, disk mirroring, requires two physical disks that will
contain copies of the same data.
Which Kerberos service generates a new ticket and session keys and sends them to
the client?
KDC
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, TGT
AS
TGS - Correct answer-D. The TGS, or Ticket-Granting Service (which is usually
on the same server as the KDC) receives a TGT from the client. It validates the
TGT and the user's rights to access the service they are requesting to use. The TGS
then issues a ticket and session keys to the client. The AS serves as the
authentication server, which forwards the username to the KDC.
Communication systems that rely on start and stop flags or bits to manage data
transmission are known as what type of communication?
Analog
Digital
Synchronous
Asynchronous - Correct answer-D. Asynchronous communications rely on a a
built-in stop and start flag or bit. This makes asynchronous communications less
efficient than synchronous communications, but better suited to some types of
communication.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
