ISSAP Cheat Sheet 2026

The 30 highest-yield ISSAP facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

125 questions
180 min time limit
70.00% to pass
  1. Which firewall deployment model inspects traffic based on the state of network connections and is considered more secure than simple packet filtering? Stateful inspection firewall
  2. In a secure network architecture, which technique is used to prevent a compromised VLAN from sending tagged frames to unauthorized VLANs? VLAN hopping prevention via disabling DTP and setting native VLANs
  3. What is the primary purpose of identity federation? To enable seamless access across multiple systems or organizations
  4. When designing a federated identity solution using Security Assertion Markup Language (SAML), what is the primary role of the Identity Provider (IdP)? To authenticate the user and issue a security assertion containing identity information.
  5. Which network security architecture principle involves placing systems in separate security zones to limit the blast radius of a breach? Network segmentation
  6. Which network security architecture model uses software-defined perimeters to make infrastructure invisible to unauthorized users before authentication occurs? Software-Defined Perimeter (SDP) / Zero Trust Network Access (ZTNA)
  7. Which DNS security extension provides cryptographic authentication of DNS responses to prevent cache poisoning attacks? DNSSEC
  8. What is Single Sign-On (SSO) in the context of identity federation? A system that allows users to authenticate once and access multiple systems
  9. In a traditional three-tier network architecture, what is the primary security purpose of a DMZ (Demilitarized Zone)? To isolate publicly accessible services from the internal network
  10. Which VPN architecture model routes all remote user traffic — including internet-bound traffic — through the corporate network for inspection? Full tunneling
  11. What is the principle of "least privilege" in security design? Limiting access rights to the minimum necessary for a role
  12. Which type of cryptography uses the same key for encryption and decryption? Symmetric cryptography
  13. A security architect is designing a Zero Trust network. Which of the following BEST describes the core tenet of Zero Trust? Never trust, always verify — regardless of network location
  14. What is a service provider (SP) in identity federation? A system that relies on identity information from an IdP to grant access
  15. What is a key component of risk analysis in cybersecurity? Determining threat sources and vulnerabilities
  16. Which network security monitoring approach captures full packet data for retrospective analysis of security incidents? Full packet capture (PCAP)
  17. Which cryptographic algorithm is considered asymmetric? RSA (Rivest-Shamir-Adleman)
  18. Micro-segmentation in a data center environment is MOST effective at controlling which type of traffic? East-west traffic between workloads within the data center
  19. What does the term identity provider (IdP) mean in a federated identity system? A service that authenticates users and provides identity information
  20. When designing network security architecture, which concept ensures that only the minimum necessary network traffic is permitted between zones by default? Default deny (implicit deny) policy
  21. What is the first step in the risk assessment process? Identifying assets and their value
  22. Which security design principle involves dividing a system into smaller parts to reduce overall risk? Separation of duties
  23. What is the primary goal of cryptography in information security? To protect confidentiality, integrity, and authenticity of data
  24. What is a residual risk? The risk remaining after implementing security measures
  25. Which design approach BEST improves network resilience by eliminating single points of failure at the network layer? Implementing redundant links with dynamic routing protocols such as OSPF or BGP
  26. When conducting a network security architecture review, an architect evaluates trust zones. Which factor is MOST critical when defining trust zone boundaries? The sensitivity of data and systems within the zone and the risk of interconnection
  27. Which of the following is the primary goal of security design principles? To reduce vulnerabilities and mitigate risks
  28. What is the purpose of a digital signature? To verify the authenticity and integrity of a message
  29. What does the principle of "fail-safe defaults" emphasize? Systems should fail in a secure state, restricting access
  30. A security architect is leveraging Software-Defined Networking (SDN) for security. Which capability of SDN BEST enhances the security posture? Enables centralized, programmable policy enforcement across the network
Turn these facts into recall: