CISSP Study Guide · Domain 3
CISSP Domain 3 Explained: Security Architecture and Engineering
Domain 3 (~13%) covers secure design principles, security models, cryptography, and physical security — the most technical core of the exam.
A practical guide with free practice questions · by Domain8
The CISSP — Certified Information Systems Security Professional — is ISC2’s globally recognized cybersecurity certification, organized into eight domains.
Security Architecture and Engineering spans secure design, evaluation criteria, the major security models, cryptography, and physical security. Focus on what each model or control protects and why.
Want to drill Domain 3? Domain8 has adaptive quizzes, a 700-question bank, and a diagnostic that finds your weak spots. Domain 8 is free to try, no card.
Study free at Domain8 →1. Secure design principles
Build security in from the start.
- Secure defaults and least functionality — the safest configuration ships by default.
- Defense in depth, separation of duties, fail securely (fail closed).
- Trusted Computing Base (TCB) and the reference monitor mediate all access and must be tamperproof and verifiable.
2. Security models
Know what each model enforces:
- Bell-LaPadula protects confidentiality (no read up, no write down).
- Biba protects integrity (no read down, no write up).
- Clark-Wilson enforces integrity via well-formed transactions and separation of duties.
3. Security evaluation
Independent assurance of products:
- Common Criteria evaluates a Target of Evaluation (TOE) against a Protection Profile (PP) and Security Target (ST).
- EAL (Evaluation Assurance Level) 1-7 reflects assurance depth, not security strength.
- Higher EAL means more rigorous evaluation, not necessarily a safer product.
4. Cryptography
The exam tests concepts, not math:
- Symmetric (one shared key, fast, scaling problem) vs asymmetric (key pair, solves key distribution, slower).
- Hashing provides integrity; combine with keys (HMAC) or signatures for authenticity.
- PKI: certificate authorities issue certs; revocation via CRL/OCSP; protect private keys above all.
5. Cryptographic attacks and physical security
Know the threat models and the physical layer:
- Attacks: brute force, known/chosen plaintext, side-channel, and the long-term quantum threat to asymmetric crypto.
- Physical security uses layered controls, facility design, and life-safety priorities.
- People safety always outranks asset protection.
Free practice questions
Try these in the exam's "best answer" style, then expand for the explanation.
1. A system must strictly prevent users from reading data above their clearance and from writing data down to a lower level. Which model BEST fits?
- Biba, for integrity
- Bell-LaPadula, for confidentiality
- Clark-Wilson, for transactions
- Brewer-Nash, for conflicts of interest
Show answer
B. Bell-LaPadula enforces confidentiality with 'no read up' and 'no write down.' Biba is the integrity counterpart; Clark-Wilson and Brewer-Nash address different goals.
2. Why is asymmetric cryptography used to exchange a symmetric session key rather than encrypting all traffic asymmetrically?
- Asymmetric is less secure
- Asymmetric is much slower, so it is used to securely share a fast symmetric key
- Symmetric cannot encrypt large data
- Asymmetric has no key distribution benefit
Show answer
B. Asymmetric crypto solves key distribution but is computationally slow, so it is commonly used to exchange a symmetric session key that then encrypts the bulk traffic efficiently.
3. What does a higher Common Criteria EAL indicate about a product?
- It is mathematically unbreakable
- It was evaluated more rigorously, with greater assurance
- It has more features
- It is cheaper to deploy
Show answer
B. EAL reflects the depth and rigor of the evaluation (assurance), not the inherent strength or feature set of the product.
Like these? Get a full adaptive quiz engine and a diagnostic that scores you by difficulty and question style. All of Domain 8 is free to try.
Study free at Domain8 →Frequently asked questions
Do I need to do crypto math for Domain 3?
Generally no. Focus on concepts: symmetric vs asymmetric, hashing, PKI, and what each security model protects.
Why do candidates struggle here?
It is the most technical domain. Anchor on the goal of each model and control (confidentiality vs integrity, assurance vs strength).
More CISSP domain guides
D1 · D2 · D4 · D5 · D6 · D7 · D8 · All guides