100 Common Cybersecurity Questions
and Answers
This resource covers fundamental concepts, network security,
application security, and governance, risk, and compliance (GRC).
Section 1: Fundamentals and Basics (Questions 1-25)
N
B Question Answer
R
The CIA Triad stands for Confidentiality,
What is the CIA
Integrity, and Availability. It is foundational
Triad, and why is it
1 because these three principles represent the core
foundational to
goals of any information security system—
cybersecurity?
protecting the state of data and systems.
Confidentiality: Preventing unauthorized
Define disclosure of data. Integrity: Ensuring data is
Confidentiality, accurate, complete, and protected from
2
Integrity, and unauthorized modification. Availability:
Availability (CIA). Guaranteeing authorized users have timely and
uninterrupted access to resources.
A weakness in a system's design,
What is a implementation, or operation and management
3
vulnerability? that could be exploited to violate the system's
security policy.
A potential danger that might exploit a
vulnerability to breach security and compromise
4 What is a threat?
data or systems. (e.g., a malware attack, a
disgruntled employee).
The likelihood of a threat exploiting a
What is a risk in the vulnerability, combined with the resulting
5
context of security? negative impact. Risk = Threat x Vulnerability x
Impact.
, A Threat Actor is the person or entity (e.g.,
Explain the hacker, state-sponsored group) responsible for
difference between a the attack. A Threat Vector is the path or
6
threat actor and a method used to deliver the attack (e.g., a
threat vector. malicious email attachment, a vulnerable web
server port).
The process of converting plain text into
What is encryption, ciphertext to hide its meaning. The two main
7 and what are its two types are Symmetric (using one key for both
main types? encryption and decryption) and Asymmetric
(using a pair of public and private keys).
Symmetric (e.g., AES) is fast and uses the same
Differentiate between
secret key for both parties. Asymmetric (e.g.,
symmetric and
8 RSA) is slower, uses different keys (public for
asymmetric
encrypting, private for decrypting), and is used
encryption.
for secure key exchange and digital signatures.
A mathematical algorithm that converts input
data into a fixed-size string of characters (a hash
What is a hash
value or digest). It is one-way because it is
9 function, and why is
computationally infeasible to reverse the
it one-way?
process and derive the original input data from
the hash.
A security measure requiring a user to provide
Define Multi-Factor two or more verification factors to gain access.
1 Authentication Factors include: Knowledge (something you
0 (MFA) and list know, like a password), Possession (something
common factors. you have, like a phone/token), and Inherence
(something you are, like a fingerprint).
The psychological manipulation of people into
What is Social performing actions or divulging confidential
1
Engineering? Give information. Examples: Phishing, Pretexting
1
three examples. (creating a fake scenario), and Tailgating
(following someone into a restricted area).
and Answers
This resource covers fundamental concepts, network security,
application security, and governance, risk, and compliance (GRC).
Section 1: Fundamentals and Basics (Questions 1-25)
N
B Question Answer
R
The CIA Triad stands for Confidentiality,
What is the CIA
Integrity, and Availability. It is foundational
Triad, and why is it
1 because these three principles represent the core
foundational to
goals of any information security system—
cybersecurity?
protecting the state of data and systems.
Confidentiality: Preventing unauthorized
Define disclosure of data. Integrity: Ensuring data is
Confidentiality, accurate, complete, and protected from
2
Integrity, and unauthorized modification. Availability:
Availability (CIA). Guaranteeing authorized users have timely and
uninterrupted access to resources.
A weakness in a system's design,
What is a implementation, or operation and management
3
vulnerability? that could be exploited to violate the system's
security policy.
A potential danger that might exploit a
vulnerability to breach security and compromise
4 What is a threat?
data or systems. (e.g., a malware attack, a
disgruntled employee).
The likelihood of a threat exploiting a
What is a risk in the vulnerability, combined with the resulting
5
context of security? negative impact. Risk = Threat x Vulnerability x
Impact.
, A Threat Actor is the person or entity (e.g.,
Explain the hacker, state-sponsored group) responsible for
difference between a the attack. A Threat Vector is the path or
6
threat actor and a method used to deliver the attack (e.g., a
threat vector. malicious email attachment, a vulnerable web
server port).
The process of converting plain text into
What is encryption, ciphertext to hide its meaning. The two main
7 and what are its two types are Symmetric (using one key for both
main types? encryption and decryption) and Asymmetric
(using a pair of public and private keys).
Symmetric (e.g., AES) is fast and uses the same
Differentiate between
secret key for both parties. Asymmetric (e.g.,
symmetric and
8 RSA) is slower, uses different keys (public for
asymmetric
encrypting, private for decrypting), and is used
encryption.
for secure key exchange and digital signatures.
A mathematical algorithm that converts input
data into a fixed-size string of characters (a hash
What is a hash
value or digest). It is one-way because it is
9 function, and why is
computationally infeasible to reverse the
it one-way?
process and derive the original input data from
the hash.
A security measure requiring a user to provide
Define Multi-Factor two or more verification factors to gain access.
1 Authentication Factors include: Knowledge (something you
0 (MFA) and list know, like a password), Possession (something
common factors. you have, like a phone/token), and Inherence
(something you are, like a fingerprint).
The psychological manipulation of people into
What is Social performing actions or divulging confidential
1
Engineering? Give information. Examples: Phishing, Pretexting
1
three examples. (creating a fake scenario), and Tailgating
(following someone into a restricted area).
