Google Cybersecurity Professional
Certificate, |||questions and answers
with rationales/graded A+/2026
update/100% correct /instant
download
Part 1: Foundations & Core Concepts (Domains & Ethics)
Topics: CIA Triad, NIST Framework, CISSP Domains, Security Ethics.
1. A security analyst is reviewing access logs to ensure that data is only
viewable by authorized users. Which core principle of the CIA Triad is being
prioritized?
A. Availability
B. Integrity
C. Confidentiality (RATIONALE: Ensuring data is not disclosed to unauthorized
parties is confidentiality.)
D. Authentication
2. During a ransomware attack, encrypted files are restored from an offline
backup. This primarily ensures which aspect of the CIA Triad?
A. Confidentiality
B. Non-repudiation
C. Integrity
D. Availability (RATIONALE: Maintaining accessibility to authorized users—
even after an attack—defines availability.)
3. A cybersecurity team implements hashing to verify that log files have not
been altered. Which security goal is being directly achieved?
A. Integrity (RATIONALE: Hashing verifies that data has not been tampered
with, ensuring integrity.)
B. Authorization
,C. Confidentiality
D. Accounting
4. According to the NIST Risk Management Framework (RMF), which step
involves being accountable for the security and privacy risks?
A. Categorize
B. Select
C. Authorize (RATIONALE: Step 6 of the NIST RMF specifically refers to
authorizing the system and accepting the risk.)
D. Monitor
5. An entry-level analyst is expected to handle sensitive PII (Personally
Identifiable Information) responsibly. This falls under which professional
concept?
A. Security architecture
B. Security ethics (RATIONALE: Ethics guide behavior regarding handling
sensitive data and respecting privacy.)
C. Network hardening
D. Reverse engineering
6. Which of the following is an example of a "Security Control" classified as
"Administrative"?
A. Firewall rules
B. Security awareness training (RATIONALE: Administrative controls are
policies and training; technical controls are hardware/software.)
C. Intrusion Detection System (IDS)
D. Encryption
Part 2: Threats, Vulnerabilities & Risk Management
Topics: APTs, Phishing, AAA Framework, Threat Modeling.
7. Which type of threat actor maintains unauthorized access to a system for an
extended period, often to steal data over time?
A. Hacktivist
B. Advanced Persistent Threat (APT) (RATIONALE: APTs focus on long-term
espionage/data theft, not immediate destruction.)
C. Script Kiddie
D. Adware Distributor
, 8. A user receives a legitimate-looking text message claiming their bank
account is locked, urging them to click a malicious link. This is an example of:
A. Vishing
B. Smishing (RATIONALE: SMS-based phishing is smishing; voice calls are
vishing; email is phishing.)
C. Angler Phishing
D. Watering Hole
9. In the AAA framework (Authentication, Authorization, Accounting), what
does "Accounting" track?
A. What a user can do
B. Who a user is
C. What a user did (RATIONALE: Accounting logs resource usage and user
actions for audits.)
D. Where the user is located
10. Which vulnerability scoring system is used to communicate the severity of
a software flaw?
A. CVE
B. CVSS (Common Vulnerability Scoring System) (RATIONALE: CVSS
provides a numerical score (0-10) for severity; CVE is the list of IDs.)
C. AES-256
D. SSL/TLS
11. What is the primary goal of a "Posture Management" tool (like CSPM)?
A. To scan for network traffic anomalies
B. To identify misconfigurations and compliance risks (RATIONALE: Posture
management focuses on configuration drift and compliance in cloud assets.)
C. To decrypt SSL traffic
D. To manage physical access badges
12. An analyst uses a honeypot to attract attackers. What is the primary
security purpose of this technique?
A. To patch vulnerabilities
B. To divert and study attacker behavior (RATIONALE: Honeypots are decoys
to distract attackers and analyze their methods without risking real assets.)
C. To increase network speed
D. To encrypt backup data
Part 3: Network Security: IDS, Firewalls, Protocols
Certificate, |||questions and answers
with rationales/graded A+/2026
update/100% correct /instant
download
Part 1: Foundations & Core Concepts (Domains & Ethics)
Topics: CIA Triad, NIST Framework, CISSP Domains, Security Ethics.
1. A security analyst is reviewing access logs to ensure that data is only
viewable by authorized users. Which core principle of the CIA Triad is being
prioritized?
A. Availability
B. Integrity
C. Confidentiality (RATIONALE: Ensuring data is not disclosed to unauthorized
parties is confidentiality.)
D. Authentication
2. During a ransomware attack, encrypted files are restored from an offline
backup. This primarily ensures which aspect of the CIA Triad?
A. Confidentiality
B. Non-repudiation
C. Integrity
D. Availability (RATIONALE: Maintaining accessibility to authorized users—
even after an attack—defines availability.)
3. A cybersecurity team implements hashing to verify that log files have not
been altered. Which security goal is being directly achieved?
A. Integrity (RATIONALE: Hashing verifies that data has not been tampered
with, ensuring integrity.)
B. Authorization
,C. Confidentiality
D. Accounting
4. According to the NIST Risk Management Framework (RMF), which step
involves being accountable for the security and privacy risks?
A. Categorize
B. Select
C. Authorize (RATIONALE: Step 6 of the NIST RMF specifically refers to
authorizing the system and accepting the risk.)
D. Monitor
5. An entry-level analyst is expected to handle sensitive PII (Personally
Identifiable Information) responsibly. This falls under which professional
concept?
A. Security architecture
B. Security ethics (RATIONALE: Ethics guide behavior regarding handling
sensitive data and respecting privacy.)
C. Network hardening
D. Reverse engineering
6. Which of the following is an example of a "Security Control" classified as
"Administrative"?
A. Firewall rules
B. Security awareness training (RATIONALE: Administrative controls are
policies and training; technical controls are hardware/software.)
C. Intrusion Detection System (IDS)
D. Encryption
Part 2: Threats, Vulnerabilities & Risk Management
Topics: APTs, Phishing, AAA Framework, Threat Modeling.
7. Which type of threat actor maintains unauthorized access to a system for an
extended period, often to steal data over time?
A. Hacktivist
B. Advanced Persistent Threat (APT) (RATIONALE: APTs focus on long-term
espionage/data theft, not immediate destruction.)
C. Script Kiddie
D. Adware Distributor
, 8. A user receives a legitimate-looking text message claiming their bank
account is locked, urging them to click a malicious link. This is an example of:
A. Vishing
B. Smishing (RATIONALE: SMS-based phishing is smishing; voice calls are
vishing; email is phishing.)
C. Angler Phishing
D. Watering Hole
9. In the AAA framework (Authentication, Authorization, Accounting), what
does "Accounting" track?
A. What a user can do
B. Who a user is
C. What a user did (RATIONALE: Accounting logs resource usage and user
actions for audits.)
D. Where the user is located
10. Which vulnerability scoring system is used to communicate the severity of
a software flaw?
A. CVE
B. CVSS (Common Vulnerability Scoring System) (RATIONALE: CVSS
provides a numerical score (0-10) for severity; CVE is the list of IDs.)
C. AES-256
D. SSL/TLS
11. What is the primary goal of a "Posture Management" tool (like CSPM)?
A. To scan for network traffic anomalies
B. To identify misconfigurations and compliance risks (RATIONALE: Posture
management focuses on configuration drift and compliance in cloud assets.)
C. To decrypt SSL traffic
D. To manage physical access badges
12. An analyst uses a honeypot to attract attackers. What is the primary
security purpose of this technique?
A. To patch vulnerabilities
B. To divert and study attacker behavior (RATIONALE: Honeypots are decoys
to distract attackers and analyze their methods without risking real assets.)
C. To increase network speed
D. To encrypt backup data
Part 3: Network Security: IDS, Firewalls, Protocols
