Back to Certified Information Systems Security Professional CISSP questions

Scenario-based practice

Drag and Drop Matching Questions

Practise Certified Information Systems Security Professional CISSP practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

10
scenario questions
CISSP
exam code
ISC2
vendor

Scenario guide

How to approach drag and drop matching questions

Matching questions give you two columns — concepts, commands, or protocols on the left, and their definitions or use-cases on the right. You drag each left item to its correct match. These appear on most certification exams and punish superficial memorisation.

Quick answer

Drag and Drop Matching Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CISSP topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummatching
Full question →

Match each PKI component to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Issues and revokes certificates

Verifies identity before certificate issuance

List of revoked certificates

Binds a public key to an identity

Question 2mediummatching
Full question →

Match each security assessment type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Automated check for known vulnerabilities

Simulated attack to exploit vulnerabilities

Systematic evaluation of compliance with policies

Identification and analysis of risks

Question 3mediummatching
Full question →

Match each OSI layer to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Frames and MAC addressing

Routing and logical addressing

End-to-end reliability and segmentation

User interface and application services

Question 4mediummatching
Full question →

Match each security control to its category (preventive, detective, corrective).

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Preventive

Detective

Corrective

Preventive

Detective

Question 5mediummatching
Full question →

Match each cryptographic algorithm to its type.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Symmetric block cipher

Asymmetric (public-key) cipher

Hash function

Keyed-hash message authentication code

Elliptic curve digital signature algorithm

Question 6mediummatching
Full question →

Match each security policy to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Defines allowed use of organizational assets

Categorizes data based on sensitivity

Procedures for handling security incidents

Rules for password creation and management

Question 7mediummatching
Full question →

Match each access control type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Owner controls access permissions

System-enforced based on labels

Access based on job roles

Access based on rules and policies

Question 8mediummatching
Full question →

Match each business continuity term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Maximum acceptable downtime after a disaster

Maximum acceptable data loss measured in time

Average time between system failures

Average time to repair a failed system

Service level agreement defining performance metrics

Question 9mediummatching
Full question →

Match each security model to its primary characteristic.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

No read up, no write down

No read down, no write up

Well-formed transactions and separation of duties

Prevents conflict of interest among clients

Rules for granting and taking permissions

Question 10mediummatching
Full question →

Match each threat type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Fraudulent emails to obtain sensitive info

Targeted phishing at specific individuals

Phishing targeting senior executives

Voice phishing over phone

Phishing via SMS

These CISSP practice questions are part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style CISSP questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.