Question practice for CISSP Professional Exams in 2026

CISSP, Certified Information Systems Security Professional, updated 2026, IT Analyst, IS, ISC2, ISACA, CBK

CISSP - Certified Information Systems Security Professional

The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market. CISSP validates an information security professional’s deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization.

The broad spectrum of topics included in the CISSP Common Body of Knowledge (CBK®) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following eight domains:

1. Security and Risk Management16%

2. Asset Security10%

3. Security Architecture and Engineering13%

4. Communication and Network Security13%

5. Identity and Access Management (IAM)13%

6. Security Assessment and Testing12%

7. Security Operations13%

8. Software Development Security10%

CISSP DOMAIN

Domain 1 - Security and Risk Management. This domain is one of the most important domains in the CISSP exam. It lays the foundation, covering security concepts that all the other domains build upon. Understanding exactly what security means and the core concepts around assessing and managing the wide array of risks we face is fundamental to every domain in the CISSP.

Domain 2 - Asset Security. An asset is anything we value. When we have highly valued assets, such as sensitive data, securing those assets throughout their lifecycle is paramount. We will learn about data standards, classification, regulations, retention, and controls to protect organizational value.

Domain 3 - Security Engineering. Engineering is about understanding and designing systems that work. Security is a fundamental part of any well-designed system. This domain will help you understand the engineering lifecycle and various models and security components required in data structures and physical facilities. We also learn how cryptography fits in to information security.

Domain 4 - Communication and Network Security. Information is not just stored; it is also transmitted and must be secured in transit. Understanding networking models, protocols, hardware components, and possible attack vectors is vital to information security. It is one of the most important domains on the CISSP exam.

Domain 5 - Identity and Access Management. Controlling who can access valuable resources can lead to proper confidentiality, integrity, and availability. A CISSP must understand mechanisms and techniques to verify a subject’s authenticity before authorizing access. They must be able to assure that only proper interactions have occurred and mitigate potential attacks.

Domain 6 - Security Assessment and Testing. Understanding the effectiveness of your security measures is vital. As you collect and review logs, verify software development security, and undergo security audits and certification you can have some assurance and insight into your security status and needs.

Domain 7- Security Operations. From incident response that involves investigation of evidence to facility access management and disaster recovery planning, testing, and implementation, this domain requires putting security principles and concepts into practice.

Domain 8 - Software Development Security. Many of the most publicized security issues have stemmed from flaws in the software code. While a CISSP does not have to be a software developer, they must understand and be able to communicate software development security needs. In this domain you will learn important terminology and concepts of software development.

CISSP CAT Examination Information

The CISSP exam uses Computerized Adaptive Testing (CAT) for all English exams. CISSP exams in all other languages are administered as linear, fixed-form exams. You can learn more about CISSP CAT.

Length of exam: 3 hours

Number of items: 100 - 150

Item format: Multiple choice and advanced innovative items

Passing grade: 700 out of 1000 points

Exam language availability: Chinese, English, German, Japanese, Spanish

Testing center: ISC2 Authorized PPC and PVTC Select Pearson VUE Testing Centers

Effective April 15, 2024 the Chinese language CISSP will be available for a one-month appointment window. Appointments will resume on September 1, 2024 for one-month windows at the end of each quarter:

• 04/15 – 05/15/2024 (April 15 to May 15, 2024)

• 09/01 – 09/30/2024 (September 1 to September 30, 2024)

• 12/01 – 12/31/2024 (December 1 to December 31, 2024)