Question 1

How many questions are on the Certified Information Systems Security Professional?

Accepted Answer

The Certified Information Systems Security Professional consists of 150 questions. You are given 180 minutes to complete the exam.

Question 2

What is the passing score for the Certified Information Systems Security Professional?

Accepted Answer

You need to score at least 70% to pass the Certified Information Systems Security Professional.

Question 3

How long do I have to complete the Certified Information Systems Security Professional?

Accepted Answer

You have 180 minutes to complete the Certified Information Systems Security Professional. That works out to roughly 72 seconds per question, so time management is important during your preparation.

Question 4

What topics does the Certified Information Systems Security Professional cover?

Accepted Answer

The Certified Information Systems Security Professional covers the following domains: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security. Each domain carries a different weight on the exam, so focus your study time on the areas that count most.

Question 5

What level is the Certified Information Systems Security Professional?

Accepted Answer

The Certified Information Systems Security Professional is rated Advanced. This means significant hands-on experience and prior certifications are strongly recommended.

Question 6

What prerequisites are recommended before the Certified Information Systems Security Professional?

Accepted Answer

Before attempting the Certified Information Systems Security Professional, it is recommended to complete Security+ CompTIA Security+. These certifications build the foundational knowledge you'll need to succeed.

Question 7

What career paths include the Certified Information Systems Security Professional?

Accepted Answer

The Certified Information Systems Security Professional is part of one career path:
• Cybersecurity Path: Network+ → Security+ → CISSP

Question 8

What study modes are available for the Certified Information Systems Security Professional?

Accepted Answer

MindMesh Academy provides multiple study modes to match your preparation style. Timed Practice simulates real exam conditions with a countdown timer. Review Mode shows detailed explanations after every question so you can learn as you go. Section-Based Practice lets you focus on specific exam domains to target weak areas. Flashcards support spaced repetition (SRS) for long-term retention, plus burst, deep study, and cram modes for flexible review. A guided Learning Journey ties everything together into a structured study path. All modes are fully mobile-friendly, so you can study on any device.

Question 9

How does MindMesh Academy compare to the official Certified Information Systems Security Professional practice test?

Accepted Answer

Official vendor practice tests typically offer a limited number of questions with minimal explanations. MindMesh Academy provides a comprehensive question bank with detailed explanations for every answer choice — both correct and incorrect — so you understand the reasoning behind each answer. You also get flashcards with spaced repetition, a complete study guide covering every exam domain, section-based practice, progress analytics that identify your weakest topics, and a guided learning journey. All study materials are accessible on desktop and mobile.

Question 10

Are the Certified Information Systems Security Professional practice questions regularly updated?

Accepted Answer

Yes. Our team reviews and updates the question bank to reflect the latest exam objectives and real-world scenarios. When exam versions change or new topics are added, we update our practice questions, flashcards, and study guide to ensure you are always studying current material.

Question 11

How can I prepare for the Certified Information Systems Security Professional?

Accepted Answer

MindMesh Academy offers practice exams that simulate real test conditions, flashcards with spaced repetition to strengthen long-term retention, and an integrated study guide covering every exam domain. You can also track your progress with analytics that pinpoint your weak areas so you know exactly where to focus.

Item	Value	Notes
ALE formula	ALE = SLE × ARO	Annual Loss Expectancy
Safeguard justification	(ALE_before − ALE_after) > Annual safeguard cost	Cost-benefit for controls
NIST RMF steps	6: Categorize, Select, Implement, Assess, Authorize, Monitor	Continuous
ISC2 Ethics canon 1	Protect society, common good, public trust	Highest priority
GDPR breach notification	72 hours to supervisory authority	From awareness
GDPR max penalty	€20M or 4% global annual revenue, whichever higher

Item	Value
AES key sizes	128, 192, 256 bits
RSA minimum key size	2048 bits (3072+ recommended)
ECDSA equivalent strength	256-bit ECDSA ≈ 3072-bit RSA
SHA-1 status	Deprecated — do not use
SHA-256+	Current standard
MD5 status	Broken — do not use
TLS minimum	TLS 1.2 (TLS 1.3 preferred for new deployments)
Bell-LaPadula	No Read Up, No Write Down (confidentiality)
Biba	No Read Down, No Write Up (integrity)
BLP + Biba rules	Opposite — cannot both apply simultaneously

Protocol	Port	Notes
SSH	22	Encrypted remote access
HTTPS	443	TLS-encrypted web
DNS	53	TCP + UDP; DNSSEC adds origin auth
DHCP server	67	UDP
RADIUS	1812/1813	Authentication / accounting
TACACS+	49	Cisco; TCP; full encryption
Kerberos	88	UDP/TCP
LDAPS	636	TLS-encrypted LDAP
BGP	179	TCP; RPKI for route origin validation
IPsec ESP	Protocol 50	Encryption + integrity
IPsec AH	Protocol 51	Integrity only; no NAT traversal

Scenario	Answer
Phishing-resistant MFA	FIDO2 / passkeys
Weakest MFA	SMS OTP
Enterprise SSO to SaaS	SAML 2.0
App user authentication (modern)	OpenID Connect
API authorization delegation	OAuth 2.0
Windows/AD SSO	Kerberos
Biometric accuracy metric	CER / EER (lower = better)
Cannot be changed if compromised	Biometric (inherence factor)
Privileged account controls	PAM: JIT access, session recording, credential vaulting

Item	Definition	Who Sets It
MTD	Maximum Tolerable Downtime — business ceiling	Business owners
RTO	Recovery Time Objective — IT target; must be < MTD	IT + Business
RPO	Max acceptable data loss in time; drives backup frequency	Business owners
Hot site	Minutes to hours RTO; real-time replication	Very High cost
Warm site	Hours to days RTO; periodic backup restoration	Medium cost
Cold site	Days to weeks RTO; empty facility	Low cost

10.3. Exam Domain Quick Reference Tables

Domain 1: Critical Formulas and Thresholds

Domain 3: Cryptography Quick Reference

Domain 4: Network Protocol Reference

Domain 5: IAM Decision Table

Domain 7: BCP/DR Decision Table