iSACA Cybersecurity Fundamentals Certification Exam
Newest 2026 Questions and Correct Answers Already
Graded A+
Confidentiality - CORRECT ANSWER-Protection from unauthorized access
integrity - CORRECT ANSWER-Protection from unauthorized modification
Availability - CORRECT ANSWER-protection from disruptions in access
Cybersecurity - CORRECT ANSWER-the protection of information assets (digital
assets) by addressing threats to information processed, stored, and transported
by internetworked information systems
Threat Process - CORRECT ANSWER-1) Perform reconnaissance (gathering
information)
2) Create attack tools
3) Deliver malicious capabilities
4) Exploit and compromise
5) Conduct an attack
,6) Achieve results
7) Maintain a presence or set of capabilities
8) Coordinate a campaign
NIST Functions to Protect Digital Assets - CORRECT ANSWER-IPDRR
1) Identify
2) Protect
3) Detect
4) Respond
5) Recover
Nonrepudiation - CORRECT ANSWER-Def: ensuring that a message or other
piece of information is genuine
Examples: digital signatures and transaction logs
Risk - CORRECT ANSWER-combination of the probability of an event and its
consequences, mitigated through controls
,Threat - CORRECT ANSWER-Anything that is capable of acting against an asset
in a harmful manner
Asset - CORRECT ANSWER-something of either tangible or intangible value
that is worth protecting
Vulnerability - CORRECT ANSWER-A weakness in the design, implementation,
operation or internal control of a process that could expose the system to adverse
threats from threat events
Inherent risk - CORRECT ANSWER-The risk level or exposure without taking
into account the actions that management has taken or might take (e.g.,
implementing controls)
Residual risk - CORRECT ANSWER-the risk that remains after management
implements internal controls or some other response to risk
Likelihood - CORRECT ANSWER-A.K.A probability
measure of frequency of which an event may occur, which depends on the threat
and vulnerability
, Approaches to Cybersecurity Risk - CORRECT ANSWER-Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Threat Agents - CORRECT ANSWER-The actors causing the threats that might
exploit a vulnerability
Types:
1) Corporations - competitive advantage
2) Cybercriminals - profit
3) Cyberterrorists - critical infrastructures/government
4) Cyberwarriors - politically motivated
Newest 2026 Questions and Correct Answers Already
Graded A+
Confidentiality - CORRECT ANSWER-Protection from unauthorized access
integrity - CORRECT ANSWER-Protection from unauthorized modification
Availability - CORRECT ANSWER-protection from disruptions in access
Cybersecurity - CORRECT ANSWER-the protection of information assets (digital
assets) by addressing threats to information processed, stored, and transported
by internetworked information systems
Threat Process - CORRECT ANSWER-1) Perform reconnaissance (gathering
information)
2) Create attack tools
3) Deliver malicious capabilities
4) Exploit and compromise
5) Conduct an attack
,6) Achieve results
7) Maintain a presence or set of capabilities
8) Coordinate a campaign
NIST Functions to Protect Digital Assets - CORRECT ANSWER-IPDRR
1) Identify
2) Protect
3) Detect
4) Respond
5) Recover
Nonrepudiation - CORRECT ANSWER-Def: ensuring that a message or other
piece of information is genuine
Examples: digital signatures and transaction logs
Risk - CORRECT ANSWER-combination of the probability of an event and its
consequences, mitigated through controls
,Threat - CORRECT ANSWER-Anything that is capable of acting against an asset
in a harmful manner
Asset - CORRECT ANSWER-something of either tangible or intangible value
that is worth protecting
Vulnerability - CORRECT ANSWER-A weakness in the design, implementation,
operation or internal control of a process that could expose the system to adverse
threats from threat events
Inherent risk - CORRECT ANSWER-The risk level or exposure without taking
into account the actions that management has taken or might take (e.g.,
implementing controls)
Residual risk - CORRECT ANSWER-the risk that remains after management
implements internal controls or some other response to risk
Likelihood - CORRECT ANSWER-A.K.A probability
measure of frequency of which an event may occur, which depends on the threat
and vulnerability
, Approaches to Cybersecurity Risk - CORRECT ANSWER-Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Threat Agents - CORRECT ANSWER-The actors causing the threats that might
exploit a vulnerability
Types:
1) Corporations - competitive advantage
2) Cybercriminals - profit
3) Cyberterrorists - critical infrastructures/government
4) Cyberwarriors - politically motivated
