Back to CISSP Practice
Domain 1: Security and Risk Management
Practice questions for the Security and Risk Management domain (15% of exam)
Domain Topics
- Understand, adhere to, and promote professional ethics
- Understand and apply security concepts
- Evaluate and apply security governance principles
- Determine compliance and other requirements
- Understand legal and regulatory issues that pertain to information security in a holistic context
- Understand requirements for investigation types
- Develop, document, and implement security policy, standards, procedures, and guidelines
- Identify, analyze, and prioritize Business Continuity requirements
- Contribute to and enforce personnel security policies and procedures
- Understand and apply risk management concepts
- Understand and apply threat modeling concepts and methodologies
- Apply Supply Chain Risk Management (SCRM) concepts
- Establish and maintain a security awareness, education, and training program
Practice Questions
Test your knowledge with 10 practice questions covering key concepts from Domain 1: Security and Risk Management, including:
- Risk management strategies and methodologies
- Professional ethics and the ISC² Code of Ethics
- Business continuity planning concepts
- Security principles and governance
- Compliance and regulatory requirements