Security Architecture and Engineering — CISSP Practice Questions
Security architecture principles, models, and capabilities This domain is about 13% of the CISSP exam. Every question below is cross-checked by two AI models and grounded in public NIST sources.
12 free Security Architecture and Engineering practice questions
Answer them right here — no signup. Pick an option and you'll see the correct answer and a full explanation instantly.
Try it now — no signup. Answer and get instant feedback.
Question 1
beginner
What is the MOST important factor to consider when researching security models and architecture for an IoT system?
Why: Consider device and network segmentation to limit attack surfaces
IoT systems often have a large number of devices and connections, making device and network segmentation crucial to limit attack surfaces and prevent lateral movement
Question 2
beginner
An organization is implementing a new security architecture. What should be done FIRST to ensure a secure design?
Why: Risk assessment is the foundation of security design
Conducting a risk assessment and vulnerability analysis is the first step in ensuring a secure design, as it helps identify potential threats and vulnerabilities that need to be addressed.
Question 3
beginner
What should be done FIRST when designing a secure site and facility to protect against physical threats?
Why: Identify the first step in designing a secure site and facility
Conducting a risk assessment is the first step in designing a secure site and facility as it helps to identify potential vulnerabilities and threats, allowing for the development of effective countermeasures
Question 4
intermediate
An organization is migrating its data center to a cloud-based infrastructure. What is the MOST comprehensive approach to ensure the security of sensitive data during the migration process?
Why: Ensure security of sensitive data during cloud migration
Developing a comprehensive data migration plan ensures that all aspects of data security are considered, including encryption, access controls, and monitoring, reducing the risk of data breaches during the migration process.
Question 5
intermediate
A security team is responsible for designing a secure facility for a new data center, the site is located near a high risk flood zone. What should be done FIRST to ensure the security of the facility?
Why: Conduct risk assessment to ensure facility security
Conducting a risk assessment of the facility's location is crucial to identify potential risks, such as flooding, and take necessary measures to mitigate them, ensuring the security and integrity of the facility.
Question 6
intermediate
An organization is planning to deploy a new cloud-based service that will handle sensitive customer data. What is the MOST important security capability for the organization to prioritize when selecting a cloud service provider?
Why: Data encryption is a critical security control for protecting sensitive data in the cloud
Data encryption is essential for protecting sensitive customer data, both at rest and in transit, to prevent unauthorized access
Question 7
advanced
A security manager discovers that the company's current data center has reached maximum capacity and is no longer able to support business operations. What should be done FIRST to address this issue?
Why: Engaging stakeholders is crucial in determining business needs for security architecture
Engaging stakeholders is essential to understand the business requirements and determine the best course of action to address the data center capacity issue.
Question 8
beginner
A security architect is designing a new data center. What is the MOST important consideration for the site and facility design?
Why: Physical security is crucial for data center design
Physical security and access controls are the most critical considerations for a data center design to protect against unauthorized access and ensure the confidentiality, integrity, and availability of data.
Question 9
beginner
An organization is implementing a secure facility design. What is the BEST approach to physical security?
Why: Defense in depth is key to physical security
Implementing multiple layers of physical security controls, such as fences, gates, doors, and intrusion detection systems, provides a defense-in-depth approach that helps prevent unauthorized access and protect the facility.
Question 10
beginner
What is the BEST way to assess and mitigate vulnerabilities in a security architecture?
Why: Understand how to assess and mitigate vulnerabilities in a security architecture
Conducting regular penetration testing and vulnerability scans is the best way to assess and mitigate vulnerabilities as it provides a proactive and continuous approach to identifying and addressing potential weaknesses
Question 11
intermediate
An organization is migrating its on-premises data center to a cloud-based infrastructure. What should be done FIRST to ensure a secure transition?
Why: Identify the initial step in securing a cloud migration
Performing a risk analysis of the cloud migration process is the first step in identifying potential security risks and developing strategies to mitigate them.
Question 12
intermediate
An organization is designing a new facility that will house sensitive data and equipment. What is the MOST important security consideration for the facility's design?
Why: Identify the primary security consideration for facility design
Physical security measures, such as walls, doors, and locks, are the most important consideration for facility design, as they provide the first line of defense against unauthorized access.
Like this? There's a full CISSP bank behind it.
Create a free account to take a real adaptive CISSPexam, track every domain, and get a readiness score that tells you when you're ready.
How many CISSP Security Architecture and Engineering practice questions does CramKit have?+
CramKit's Security Architecture and Engineering domain has verified CISSP practice questions, each blind re-answered by two independent AI models and grounded in public NIST sources before it goes live. This page shows 12 of them free; the full set is available after a free sign-up.
What percentage of the CISSP exam is Security Architecture and Engineering?+
Security Architecture and Engineering accounts for about 13% of the CISSP exam blueprint, so CramKit weights its question bank to match that emphasis.
Are these Security Architecture and Engineering questions verified?+
Yes. Every question is independently re-answered by two different AI model families and only goes live if both agree it is correct and unambiguous, so you are not practicing on wrong-keyed questions.