ISSAP Cheat Sheet 2026
The 30 highest-yield ISSAP facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
125 questions
180 min time limit
70.00% to pass
- Which firewall deployment model inspects traffic based on the state of network connections and is considered more secure than simple packet filtering? → Stateful inspection firewall
- In a secure network architecture, which technique is used to prevent a compromised VLAN from sending tagged frames to unauthorized VLANs? → VLAN hopping prevention via disabling DTP and setting native VLANs
- What is the primary purpose of identity federation? → To enable seamless access across multiple systems or organizations
- When designing a federated identity solution using Security Assertion Markup Language (SAML), what is the primary role of the Identity Provider (IdP)? → To authenticate the user and issue a security assertion containing identity information.
- Which network security architecture principle involves placing systems in separate security zones to limit the blast radius of a breach? → Network segmentation
- Which network security architecture model uses software-defined perimeters to make infrastructure invisible to unauthorized users before authentication occurs? → Software-Defined Perimeter (SDP) / Zero Trust Network Access (ZTNA)
- Which DNS security extension provides cryptographic authentication of DNS responses to prevent cache poisoning attacks? → DNSSEC
- What is Single Sign-On (SSO) in the context of identity federation? → A system that allows users to authenticate once and access multiple systems
- In a traditional three-tier network architecture, what is the primary security purpose of a DMZ (Demilitarized Zone)? → To isolate publicly accessible services from the internal network
- Which VPN architecture model routes all remote user traffic — including internet-bound traffic — through the corporate network for inspection? → Full tunneling
- What is the principle of "least privilege" in security design? → Limiting access rights to the minimum necessary for a role
- Which type of cryptography uses the same key for encryption and decryption? → Symmetric cryptography
- A security architect is designing a Zero Trust network. Which of the following BEST describes the core tenet of Zero Trust? → Never trust, always verify — regardless of network location
- What is a service provider (SP) in identity federation? → A system that relies on identity information from an IdP to grant access
- What is a key component of risk analysis in cybersecurity? → Determining threat sources and vulnerabilities
- Which network security monitoring approach captures full packet data for retrospective analysis of security incidents? → Full packet capture (PCAP)
- Which cryptographic algorithm is considered asymmetric? → RSA (Rivest-Shamir-Adleman)
- Micro-segmentation in a data center environment is MOST effective at controlling which type of traffic? → East-west traffic between workloads within the data center
- What does the term identity provider (IdP) mean in a federated identity system? → A service that authenticates users and provides identity information
- When designing network security architecture, which concept ensures that only the minimum necessary network traffic is permitted between zones by default? → Default deny (implicit deny) policy
- What is the first step in the risk assessment process? → Identifying assets and their value
- Which security design principle involves dividing a system into smaller parts to reduce overall risk? → Separation of duties
- What is the primary goal of cryptography in information security? → To protect confidentiality, integrity, and authenticity of data
- What is a residual risk? → The risk remaining after implementing security measures
- Which design approach BEST improves network resilience by eliminating single points of failure at the network layer? → Implementing redundant links with dynamic routing protocols such as OSPF or BGP
- When conducting a network security architecture review, an architect evaluates trust zones. Which factor is MOST critical when defining trust zone boundaries? → The sensitivity of data and systems within the zone and the risk of interconnection
- Which of the following is the primary goal of security design principles? → To reduce vulnerabilities and mitigate risks
- What is the purpose of a digital signature? → To verify the authenticity and integrity of a message
- What does the principle of "fail-safe defaults" emphasize? → Systems should fail in a secure state, restricting access
- A security architect is leveraging Software-Defined Networking (SDN) for security. Which capability of SDN BEST enhances the security posture? → Enables centralized, programmable policy enforcement across the network
Turn these facts into recall: