Browse Certification Practice Tests by Exam Family

SABSA Foundation Practice Test

May 1, 2026

Try 12 SABSA Foundation sample questions on business-driven security architecture, model layers, attributes, risk alignment, controls, traceability, and assurance.

On this page

SABSA Foundation preparation centers on business-driven security architecture: attributes, model layers, traceability, controls, risk alignment, and assurance.

These 12 original questions are a public preview, not official SABSA questions.

Practice option: Sample questions available

SABSA Foundation practice update

Start with the 12 sample questions on this page. Dedicated practice for SABSA Foundation is not currently included as a full web-app practice page; enter your email to get updates when full practice becomes available or expands for this exam.

Need live practice now? See currently available IT Mastery exam pages.

Occasional practice updates. Unsubscribe anytime. We only publish independently written practice questions, not real, leaked, copied, or recalled exam questions.

What these questions test

  • mapping business requirements to security attributes and architecture decisions
  • distinguishing conceptual, logical, physical, component, and operational architecture concerns
  • using security architecture as traceable design, not only a list of controls

Official-source check

Verify current certification levels, policies, and training requirements with the SABSA certification page .

Sample Exam Questions

Question 1

Topic: business attributes

What is the purpose of security attributes in SABSA-style thinking?

  • A. To name only technology products
  • B. To express business security requirements in a way architecture can trace
  • C. To replace all risk assessment
  • D. To hide stakeholder needs

Best answer: B

Explanation: Security attributes translate business needs into qualities the architecture must support, such as confidentiality, availability, integrity, accountability, or resilience.

Question 2

Topic: traceability

Why is traceability important in security architecture?

  • A. It connects controls and design decisions back to business requirements and risk drivers
  • B. It makes documentation optional
  • C. It proves every control is perfect
  • D. It removes the need for assurance

Best answer: A

Explanation: Traceability lets reviewers see why a control or architecture decision exists and which business requirement it supports.

Question 3

Topic: model layers

Which statement best reflects layered architecture reasoning?

  • A. Every layer should contain the same level of detail
  • B. Conceptual concerns, logical services, physical technology, and operations can be separated for clearer analysis
  • C. Only hardware matters
  • D. Operations should never be considered

Best answer: B

Explanation: Separating layers helps candidates reason from business intent through implementation and operation without mixing every concern at once.

Question 4

Topic: risk alignment

A business requires continuous online ordering during peak periods. Which security attribute is most directly emphasized?

  • A. Typography
  • B. Availability
  • C. Color consistency
  • D. Meeting frequency

Best answer: B

Explanation: Continuous service during peak demand is an availability and resilience concern. Other attributes may also matter, but availability is central.

Question 5

Topic: control selection

Which control decision is strongest?

  • A. Choose the most popular tool without linking it to requirements
  • B. Select controls that are traceable to risk, attributes, architecture context, and operating needs
  • C. Copy another company’s control catalog without review
  • D. Avoid documenting control rationale

Best answer: B

Explanation: Security architecture needs context. Controls should be selected because they satisfy traceable requirements in a specific business and technical setting.

Question 6

Topic: assurance

What does assurance add to security architecture?

  • A. Evidence that the architecture and controls are working as intended
  • B. A guarantee that incidents cannot occur
  • C. A reason to skip operations
  • D. A replacement for design

Best answer: A

Explanation: Assurance uses evidence, testing, review, monitoring, and governance to support confidence in design and operation.

Question 7

Topic: stakeholder language

Why should security architecture avoid only technical jargon with executives?

  • A. Executives need risk, value, accountability, and outcome language to make decisions
  • B. Technical terms are never useful
  • C. Architecture should hide risk
  • D. Controls should be selected privately

Best answer: A

Explanation: Security architecture must communicate at the right level. Executive conversations often require risk and value framing rather than low-level configuration details.

Question 8

Topic: architecture scope

Which item is most clearly an architecture concern?

  • A. How identity, access, logging, resilience, and data protection support the business service
  • B. The lunch order
  • C. The meeting wallpaper
  • D. The office plant list

Best answer: A

Explanation: Architecture connects security capabilities and design choices to a business service and its operating context.

Question 9

Topic: common trap

Which approach is weakest?

  • A. Start from business drivers and risk, then trace to controls
  • B. Treat security architecture as a control checklist with no business context
  • C. Validate control effectiveness
  • D. Review requirements with stakeholders

Best answer: B

Explanation: SABSA-style security architecture is business-driven. A detached checklist cannot show why controls are needed or whether they fit.

Question 10

Topic: logical architecture

What belongs in a logical security architecture view?

  • A. Security services and relationships such as identity, policy enforcement, monitoring, and trust boundaries
  • B. A specific desk number
  • C. A travel receipt
  • D. A random password hint

Best answer: A

Explanation: Logical views describe security services and relationships without forcing one product or physical implementation too early.

Question 11

Topic: operational view

Why include an operational view?

  • A. Security architecture must be monitored, maintained, reviewed, and improved after deployment
  • B. Operations never affect security
  • C. Designs are always perfect after approval
  • D. Incident response is unrelated

Best answer: A

Explanation: Operational architecture covers how security capabilities are run, monitored, supported, and improved.

Question 12

Topic: exam reasoning

When two answer choices both mention controls, which one is usually stronger?

  • A. The one that names more products
  • B. The one that links the control to business requirement, risk, architecture layer, and assurance evidence
  • C. The one that avoids stakeholders
  • D. The one with no rationale

Best answer: B

Explanation: Strong security architecture reasoning ties controls to business context and reviewable evidence, not just product names.

Revised on Monday, May 25, 2026
Master