CISSP · topic practice

Scenario practice questions

Practise Certified Information Systems Security Professional CISSP Scenario practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Scenario

What the exam tests

What to know about Scenario

Scenario questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Scenario exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Scenario questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full Scenario explanation →

A company recently suffered a data breach where an attacker was able to intercept network traffic and read sensitive data. Which network security control should be implemented to prevent this type of attack?

Question 2mediummultiple choice
Read the full Scenario explanation →

An organization needs to ensure that its employees understand their responsibilities regarding information security. Which of the following is the MOST effective way to achieve this?

Question 3mediummultiple choice
Read the full Scenario explanation →

An organization uses OAuth 2.0 for delegated access to APIs. A developer creates a public client application that runs on mobile devices. Which OAuth 2.0 grant type is MOST appropriate for this scenario?

Question 4hardmultiple choice
Read the full Scenario explanation →

A financial institution is required to perform regular penetration tests on its online banking platform. The testing must be as realistic as possible while minimizing risk to production data. Which of the following approaches BEST meets these requirements?

Question 5mediummultiple choice
Read the full Scenario explanation →

A security team is planning a social engineering test for their organization. Which of the following scenarios would BEST assess the effectiveness of security awareness training?

Question 6mediummultiple choice
Study the full AAA explanation →

A company implements a centralized authentication system using RADIUS for network devices. The security team notices that after a user's password is changed in Active Directory, the user can still authenticate to network devices using the old password for up to 30 minutes. What is the most likely cause?

Question 7mediummultiple choice
Read the full Scenario explanation →

An organization is planning a penetration test of its internal network. The test team has been given network diagrams, source code access, and administrative credentials. This type of testing is known as:

Question 8easymultiple choice
Read the full Scenario explanation →

During a business impact analysis (BIA), the team identifies that the customer service application must be restored within 4 hours of a disruption. What is the term for this metric?

Question 9easymultiple choice
Read the full Scenario explanation →

A small business wants to implement a risk management framework. Which approach is best for identifying risks?

Question 10easymultiple choice
Read the full NAT/PAT explanation →

A business continuity coordinator is planning a test of the disaster recovery plan. Which type of test involves a walk-through of the plan with key stakeholders without actually invoking the technical recovery?

Question 11hardmultiple choice
Read the full Scenario explanation →

Refer to the exhibit. A database administrator implements the configuration shown to protect sensitive data. What is the most significant security flaw?

Exhibit

USE master;
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_256 ENCRYPTION BY PASSWORD = 'P@ssw0rd!';
ALTER DATABASE SalesDB SET ENCRYPTION ON;
Question 12mediummulti select
Read the full Scenario explanation →

Which TWO protocols are commonly used for identity federation?

Question 13hardmultiple choice
Read the full Scenario explanation →

An organization implements a data masking policy for production databases. Which of the following best describes the primary goal?

Question 14easymultiple choice
Read the full Scenario explanation →

A company requires employees to authenticate using a smart card and PIN to access the corporate network. This is an example of which type of authentication?

Question 15hardmultiple choice
Read the full Scenario explanation →

During a security audit, it is discovered that a network firewall is allowing traffic based on source IP address only, without inspecting application-layer data. Which type of firewall is this?

Question 16easymultiple choice
Read the full Scenario explanation →

A security analyst is conducting a review of aggregated logs from firewalls, IDS, and servers to detect anomalous behavior. This activity is best described as:

Question 17hardmultiple choice
Read the full Scenario explanation →

An organization uses a siem to collect logs from multiple sources. The security team notices that some events are missing during peak traffic hours. Analysis shows that the log sources are sending data via UDP. What is the most likely cause?

Question 18easymultiple choice
Read the full Scenario explanation →

Which of the following is a primary purpose of conducting a tabletop exercise for incident response?

Question 19easymultiple choice
Read the full Scenario explanation →

An organization is developing a business continuity plan (BCP). The IT department has identified a critical application that must be restored within 4 hours of a disruption. Which metric defines the maximum acceptable time that the application can be unavailable?

Question 20hardmultiple choice
Open the full BGP breakdown →

A multinational corporation operates a private MPLS VPN network connecting 50 branch offices to a central data center. The network uses BGP as the routing protocol within the VPN, with each branch announcing its internal prefixes to the data center routers. Over the past week, several branch offices have reported intermittent connectivity issues, with traffic being routed to incorrect destinations before recovering. Network logs show that during these incidents, the data center router receives unexpected BGP updates from one of the branch routers, advertising prefixes that belong to other branches. BGP sessions remain established without flaps. The security team is concerned that this could be a route leak or intentional hijack. The network engineer has verified that all BGP sessions are authenticated with MD5 and that RPKI validation is not currently deployed. Which course of action should the engineer take first to mitigate the issue?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Scenario sessions

Start a Scenario only practice session

Every question in these sessions is drawn from the Scenario domain — nothing else.

Related practice questions

Related CISSP topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CISSP exam test about Scenario?
Scenario questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Scenario questions in a focused session?
Yes — the session launcher on this page draws every question from the Scenario domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CISSP topics?
Use the topic links above to move to related areas, or go back to the CISSP question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CISSP exam covers. They are not copied from any real exam or dump site.