ISC2 CISSP — Certified Information Systems Security Professional · Domain 3 · 13% of exam

Security Architecture and Engineering

Drill 17 practice questions focused entirely on Security Architecture and Engineering for the ISC2 CISSP exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer17 questions
Question 1 of 17

A software company must digitally sign its release binaries so that customers can verify both the authenticity and integrity of downloads, and so the company cannot later deny having produced a given release. Which key should be used to create the signature, and what property does this primarily provide?

Reviewed for accuracy · Report an issue
Question 2 of 17

A defense contractor deploys a multilevel security system enforcing the Bell-LaPadula model. An analyst holding a Secret clearance is logged in at the Secret level and attempts to save a newly authored file classified as Confidential into a Confidential-level repository. According to the model's rules, how should the system respond to this action?

Reviewed for accuracy · Report an issue
Question 3 of 17

A financial services firm deploys an integrity-focused security model to protect a critical ledger system. A batch process running at the 'Medium Integrity' level attempts to write records into a data store classified at 'High Integrity.' Under the Biba model, how should the system respond to this write attempt?

Reviewed for accuracy · Report an issue
Question 4 of 17

A development team is building an API gateway that must encrypt session tokens in transit between microservices. They require both confidentiality and assurance that ciphertext has not been tampered with, without bolting on a separate MAC computation. Which block cipher mode of operation should the security architect recommend?

Reviewed for accuracy · Report an issue
Question 5 of 17

A financial services company is designing a new accounts-payable system. Regulators require that clerks cannot directly manipulate ledger balances; instead, all changes must occur through approved programs that validate each entry, and the person who initiates a payment must not be the same person who approves it. Which security model most directly addresses these requirements?

Reviewed for accuracy · Report an issue
Question 6 of 17

A government procurement team is evaluating two firewall products. Vendor A advertises that its product achieved EAL4+ certification. Vendor B states its product was certified against a specific network device Protection Profile (PP). The procurement officer asks the security architect which certification best assures that the product's security functions meet the government's actual operational security requirements. What should the architect explain?

Reviewed for accuracy · Report an issue
Question 7 of 17

A financial services company is hardening its TLS configuration. Security architects want to ensure that if an attacker later obtains the server's long-term private key, they still cannot decrypt previously captured TLS session traffic. Which cryptographic property, and its supporting mechanism, best achieves this requirement?

Reviewed for accuracy · Report an issue
Question 8 of 17

A financial services firm is upgrading fire suppression in a densely packed data center. The room houses expensive networking gear and must remain operational during and immediately after any incident. Staff occasionally work inside the room. Management wants a system that extinguishes fire without damaging electronics, leaves no residue, and is safe for occupants at design concentrations. Which fire suppression approach best meets these requirements?

Reviewed for accuracy · Report an issue
Question 9 of 17

A financial services company is deploying a new payment processing platform that must generate and store the master encryption keys used to protect cardholder data. Regulators require that the private keys never exist in plaintext outside a tamper-resistant boundary, and that key operations be auditable. Which control best satisfies these requirements?

Reviewed for accuracy · Report an issue
Question 10 of 17

A manufacturing company operates a plant floor with programmable logic controllers (PLCs) and legacy SCADA systems that cannot be patched without vendor recertification and use unauthenticated, cleartext industrial protocols. The corporate IT network needs occasional access to production data for reporting. As the security architect, which approach BEST protects the industrial control environment while meeting the business requirement?

Reviewed for accuracy · Report an issue
Question 11 of 17

A manufacturer is designing an IoT smart-thermostat that receives over-the-air firmware updates from a cloud server. The security team must ensure devices install only authentic, unmodified firmware, even though the devices have limited compute power and no secure display for user verification. Which control BEST achieves this goal?

Reviewed for accuracy · Report an issue
Question 12 of 17

A security analyst reviewing a legacy application discovers that it encrypts every message with a fixed header ('BEGIN-MSG') that an attacker can predict. The attacker has captured many ciphertexts and knows the corresponding header plaintext for each. Using this pairing of known input and output, the attacker attempts to derive the encryption key. Which type of cryptanalytic attack is being conducted?

Reviewed for accuracy · Report an issue
Question 13 of 17

A financial services company still uses a legacy application that encrypts transaction records with Double DES (2DES), applying DES twice with two independent 56-bit keys, giving what management believes is 112 bits of effective security. A security architect reviewing the design warns that the actual effective key strength is far less than assumed. Which cryptanalytic attack is the architect most concerned about, and what is the resulting effective security?

Reviewed for accuracy · Report an issue
Question 14 of 17

A data center experiences frequent brief voltage sags and occasional momentary total outages lasting under two seconds, caused by unstable utility power. Critical servers must never lose power, but the facility budget does not justify a backup generator because extended outages have never occurred in the region. Which control most directly addresses this specific power quality problem?

Reviewed for accuracy · Report an issue
Question 15 of 17

A security engineer is redesigning how user passwords are stored in a web application database. The current design applies a single unsalted SHA-256 hash to each password. During a recent penetration test, the assessor recovered numerous passwords quickly using precomputed hash lookup tables. Which change most directly defeats the precomputed-table attack the assessor used?

Reviewed for accuracy · Report an issue
Question 16 of 17

A financial services firm is deploying new laptops that must prove their firmware and boot components have not been tampered with before they are granted access to sensitive internal resources. Security wants each device to cryptographically record the state of every boot-stage component and allow a remote server to verify that record before authorizing the connection. Which hardware-based capability BEST satisfies this requirement?

Reviewed for accuracy · Report an issue
Question 17 of 17

A financial services firm is redesigning its internal network after a breach where an attacker moved laterally from a compromised marketing workstation to reach database servers holding customer records. The CISO mandates a zero trust architecture. Which design decision most directly embodies the core zero trust principle needed to prevent this lateral movement?

Reviewed for accuracy · Report an issue

More CISSP practice

Keep going with the other ISC2 CISSP — Certified Information Systems Security Professional domains, or take a full timed mock exam.

← Back to CISSP overview