ISACA CYBERSECURITY FUNDAMENTALS
CERTIFICATION EXAM 2026 TEST
ASSESSMENT COMPREHENSIVE QUESTIONS
AND SOLUTIONS VERIFIED PREP KIT
GRADED A+
⩥ integrity.
Answer: Protection from unauthorized modification
⩥ Availability.
Answer: protection from disruptions in access
⩥ Cybersecurity.
Answer: the protection of information assets (digital assets) by
addressing threats to information processed, stored, and transported by
internetworked information systems
⩥ NIST Functions to Protect Digital Assets.
Answer: IPDRR
1) Identify
2) Protect
,3) Detect
4) Respond
5) Recover
⩥ Nonrepudiation.
Answer: Def: ensuring that a message or other piece of information is
genuine
Examples: digital signatures and transaction logs
⩥ Risk.
Answer: combination of the probability of an event and its
consequences, mitigated through controls
⩥ Threat.
Answer: Anything that is capable of acting against an asset in a harmful
manner
⩥ Asset.
Answer: something of either tangible or intangible value that is worth
protecting
⩥ Vulnerability.
,Answer: A weakness in the design, implementation, operation or internal
control of a process that could expose the system to adverse threats from
threat events
⩥ Inherent risk.
Answer: The risk level or exposure without taking into account the
actions that management has taken or might take (e.g., implementing
controls)
⩥ Residual risk.
Answer: the risk that remains after management implements internal
controls or some other response to risk
⩥ Likelihood.
Answer: A.K.A probability
measure of frequency of which an event may occur, which depends on
the threat and vulnerability
⩥ Approaches to Cybersecurity Risk.
Answer: Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
, Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
⩥ Threat Agents.
Answer: The actors causing the threats that might exploit a vulnerability
Types:
1) Corporations - competitive advantage
2) Cybercriminals - profit
3) Cyberterrorists - critical infrastructures/government
4) Cyberwarriors - politically motivated
5) Employees - revenge
6) Hacktivists - politically motivated
7) Nation states - government/private entities
8) Online social hackers - identity theft, profit
9) Script kiddies - learning to hack
⩥ Attack vector.
Answer: The path or route used to gain access to the target (asset)
CERTIFICATION EXAM 2026 TEST
ASSESSMENT COMPREHENSIVE QUESTIONS
AND SOLUTIONS VERIFIED PREP KIT
GRADED A+
⩥ integrity.
Answer: Protection from unauthorized modification
⩥ Availability.
Answer: protection from disruptions in access
⩥ Cybersecurity.
Answer: the protection of information assets (digital assets) by
addressing threats to information processed, stored, and transported by
internetworked information systems
⩥ NIST Functions to Protect Digital Assets.
Answer: IPDRR
1) Identify
2) Protect
,3) Detect
4) Respond
5) Recover
⩥ Nonrepudiation.
Answer: Def: ensuring that a message or other piece of information is
genuine
Examples: digital signatures and transaction logs
⩥ Risk.
Answer: combination of the probability of an event and its
consequences, mitigated through controls
⩥ Threat.
Answer: Anything that is capable of acting against an asset in a harmful
manner
⩥ Asset.
Answer: something of either tangible or intangible value that is worth
protecting
⩥ Vulnerability.
,Answer: A weakness in the design, implementation, operation or internal
control of a process that could expose the system to adverse threats from
threat events
⩥ Inherent risk.
Answer: The risk level or exposure without taking into account the
actions that management has taken or might take (e.g., implementing
controls)
⩥ Residual risk.
Answer: the risk that remains after management implements internal
controls or some other response to risk
⩥ Likelihood.
Answer: A.K.A probability
measure of frequency of which an event may occur, which depends on
the threat and vulnerability
⩥ Approaches to Cybersecurity Risk.
Answer: Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
, Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
⩥ Threat Agents.
Answer: The actors causing the threats that might exploit a vulnerability
Types:
1) Corporations - competitive advantage
2) Cybercriminals - profit
3) Cyberterrorists - critical infrastructures/government
4) Cyberwarriors - politically motivated
5) Employees - revenge
6) Hacktivists - politically motivated
7) Nation states - government/private entities
8) Online social hackers - identity theft, profit
9) Script kiddies - learning to hack
⩥ Attack vector.
Answer: The path or route used to gain access to the target (asset)