ISACA CYBERSECURITY FUNDAMENTALS
CERTIFICATION EXAM 2026 EXAM SCRIPT
COMPLETE QUESTIONS AND VERIFIED
ANSWERS PREMIUM REVIEW SET GRADED
A+
⩥ Which line of defense is responsible for formal risk evaluations?
Answer: A. First
B. Second (Answer)
C. Third
D. All of the above
⩥ Which NIST control function includes control objectives relating to
security continuous monitoring?
Answer: A. Identify
B. Protect
C. Detect (Answer)
D. Respond
E. Recover
⩥ Cybersecurity is focused on protection of information assets from loss
of:
,Answer: A. Confidentiality
B. Integrity
C. Availability
D. All of the above (Answer)
⩥ Cybersecurity controls are related to which of the following network
environments?
Answer: A. The Internet network
B. Internet network
C. Wireless networks
D. Business partner connections
E. All of the above (Answer)
⩥ Nation states, political hacktivists and organized crime groups are
examples of:
Answer: A. Vulnerabilities
B. Threat events
C. Threat actors (Answer)
D. Risk
⩥ A data breach is an example of a:
Answer: A. Vulnerability
, B. Threat event (Answer)
C. Threat actor
D. Risk
⩥ Which of the following are not key clauses that should be a part of a
third-party contract?
Answer: A. Requirement that the vendor comply with industry and
regulatory requirements in a timely manner
B. Right to audit vendors controls
C. Right to review vendor processes
D. Performance measurement metrics (Answer)
⩥ Security awareness training includes which of the following areas?
(Select all that apply)
Answer: A. Passwords (Answer)
B. Operating system security
C. Phishing (Answer)
D. Malware (Answer)
E. Social engineering (Answer)
⩥ Which of the following is considered part of developing cybersecurity
performance measurement metrics? (Select all that apply)
Answer: A. Information security continuous monitoring (Answer)
CERTIFICATION EXAM 2026 EXAM SCRIPT
COMPLETE QUESTIONS AND VERIFIED
ANSWERS PREMIUM REVIEW SET GRADED
A+
⩥ Which line of defense is responsible for formal risk evaluations?
Answer: A. First
B. Second (Answer)
C. Third
D. All of the above
⩥ Which NIST control function includes control objectives relating to
security continuous monitoring?
Answer: A. Identify
B. Protect
C. Detect (Answer)
D. Respond
E. Recover
⩥ Cybersecurity is focused on protection of information assets from loss
of:
,Answer: A. Confidentiality
B. Integrity
C. Availability
D. All of the above (Answer)
⩥ Cybersecurity controls are related to which of the following network
environments?
Answer: A. The Internet network
B. Internet network
C. Wireless networks
D. Business partner connections
E. All of the above (Answer)
⩥ Nation states, political hacktivists and organized crime groups are
examples of:
Answer: A. Vulnerabilities
B. Threat events
C. Threat actors (Answer)
D. Risk
⩥ A data breach is an example of a:
Answer: A. Vulnerability
, B. Threat event (Answer)
C. Threat actor
D. Risk
⩥ Which of the following are not key clauses that should be a part of a
third-party contract?
Answer: A. Requirement that the vendor comply with industry and
regulatory requirements in a timely manner
B. Right to audit vendors controls
C. Right to review vendor processes
D. Performance measurement metrics (Answer)
⩥ Security awareness training includes which of the following areas?
(Select all that apply)
Answer: A. Passwords (Answer)
B. Operating system security
C. Phishing (Answer)
D. Malware (Answer)
E. Social engineering (Answer)
⩥ Which of the following is considered part of developing cybersecurity
performance measurement metrics? (Select all that apply)
Answer: A. Information security continuous monitoring (Answer)
