Log in Start practising free
CISSP

Security & Risk Management

36 free practice questions with explanations

Practise all 36 questions free →

PassNova has 36 free CISSP practice questions on Security & Risk Management, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.

Sample questions

Security & Risk Management: example questions & answers

Here are 6 example questions from this topic. Practise the full set of 36 free in the browser.

  1. In the context of the CIA triad, which security objective is primarily compromised when an attacker successfully performs an unauthorized modification of data in transit?

    • A Non-repudiation
    • B Confidentiality
    • C Integrity
    • D Availability

    Answer: Integrity ensures data is not altered by unauthorized parties; modifying data in transit is a direct violation of integrity.

  2. An organization calculates that a particular threat will occur twice per year and that each occurrence will cause a $10,000 loss to a $50,000 asset. What is the Annualized Loss Expectancy (ALE)?

    • A $20,000
    • B $50,000
    • C $100,000
    • D $10,000

    Answer: ALE = SLE x ARO. With SLE of $10,000 and ARO of 2, ALE = $10,000 x 2 = $20,000.

  3. Which risk treatment option is being applied when an organization purchases a cyber-insurance policy to offset the financial impact of a potential data breach?

    • A Risk transference
    • B Risk acceptance
    • C Risk avoidance
    • D Risk mitigation

    Answer: Transferring the financial consequences of a risk to a third party, such as an insurer, is risk transference (also called risk sharing).

  4. Under the (ISC)2 Code of Ethics canons, which canon takes the highest precedence when canons appear to conflict?

    • A Protect society, the common good, necessary public trust and confidence, and the infrastructure
    • B Advance and protect the profession
    • C Act honorably, honestly, justly, responsibly, and legally
    • D Provide diligent and competent service to principals

    Answer: The canons are applied in order, and protecting society and the public infrastructure is listed first, giving it the highest precedence.

  5. A multinational company processing personal data of EU residents must designate a lead supervisory authority and may face fines of up to 4% of global annual turnover. Which regulation imposes these requirements?

    • A SOX
    • B PCI DSS
    • C HIPAA
    • D GDPR

    Answer: The EU General Data Protection Regulation (GDPR) governs personal data of EU residents and allows fines up to 4% of global annual turnover or 20 million euros.

  6. Which metric defines the maximum acceptable amount of data loss, measured in time, that an organization can tolerate after a disruption?

    • A Recovery Time Objective (RTO)
    • B Recovery Point Objective (RPO)
    • C Maximum Tolerable Downtime (MTD)
    • D Mean Time To Repair (MTTR)

    Answer: The Recovery Point Objective (RPO) specifies the maximum tolerable period of data loss, defining how far back recovery data must be valid.

Start practising Security & Risk Management →
More CISSP topics

Practise another topic

Asset Security & Security Architecture47 questions Security Assessment, Testing & Operations37 questions Communication & Network Security32 questions Identity & Access Management32 questions Software Development Security16 questions
← Back to CISSP