ISACA Studying Cybersecurity
Fundamentals Exam Questions &
Answers (Grade A+)
Three common controls used to protect availability.
a) redundancy, backups and access control
b. Encryption, file permissions and access controls.
c. Access controls, logging and digital signatures.
d. Hashes, logging and backups. - correct answer ✅A.
Redundancy, backups and access control
Governance has several goals including:
a. providing strategic direction
b. ensuring that objectives are achieved
c. verifying that organizational resources are being used
appropriately
d. directing and monitoring security activities.
e.Ascertaining whether risk is being managed properly - correct
answer ✅a. provisioning strategic direction.
b. ensuring that objective are achieved
c. verifying that organizational resources are being used
appropriately
e. Ascertaining whether risk is being managed properly.
,ISACA Studying Cybersecurity
Fundamentals Exam Questions &
Answers (Grade A+)
Choose 3. According to the NIST framework which of the following
are considered key functions necessary for the protection of digital
assets?
a. Encrypt b. Protect c. Investigate d. Recover e. Identify - correct
answer ✅B. Protect
D.recover
E. Identify
Which of the following is the best definition for cybersecurity?
a. The process by which an organization manages cybersecurity risk
to an acceptable level
b. The protection of information from unauthorized access or
disclosure
c. The protection of paper documents, digital and intellectual
property, and verbal or visual communications d. Protecting
information assets by addressing threats to information that is
processed, stored or transported by interworked information
systems - correct answer ✅d. Protecting information assets by
addressing threats to information that is processed, stored or
transported by internetworked information systems.
,ISACA Studying Cybersecurity
Fundamentals Exam Questions &
Answers (Grade A+)
Which of the following cybersecurity roles is charged with the duty
of managing incidents and remediation?
a. Board of directors
b. Executive committee
c. Cybersecurity management
d. Cybersecurity practitioner - correct answer ✅c. Cybersecurity
managment
The core duty of cybersecurity is to identify, respond and manage
________ to an organization's digital assets. - correct answer
✅Risk
A ________ is anything capable of acting against an asset in a
manner that can cause harm. - correct answer ✅Threat
A _______ is something of value worth protecting. - correct answer
✅Asset
, ISACA Studying Cybersecurity
Fundamentals Exam Questions &
Answers (Grade A+)
A _________ is a weakness in the design, implementation,
operation or internal controls in a process that could be exploited
to violate the system security - correct answer ✅vulnerability
the path or route used to gain access to the target asset is known as
a ______ - correct answer ✅attack vector
In an attack, the container that delivers the exploit to the target is
called? - correct answer ✅Payload
______ communicates required and prohibited activities and
behaviors - correct answer ✅Policies
_____ is a class of malware that hides the existence of other
malware by modifying the underlying operating system - correct
answer ✅Rootkit
_______ provides details on how to comply with policies and
standards. - correct answer ✅Procedures
Fundamentals Exam Questions &
Answers (Grade A+)
Three common controls used to protect availability.
a) redundancy, backups and access control
b. Encryption, file permissions and access controls.
c. Access controls, logging and digital signatures.
d. Hashes, logging and backups. - correct answer ✅A.
Redundancy, backups and access control
Governance has several goals including:
a. providing strategic direction
b. ensuring that objectives are achieved
c. verifying that organizational resources are being used
appropriately
d. directing and monitoring security activities.
e.Ascertaining whether risk is being managed properly - correct
answer ✅a. provisioning strategic direction.
b. ensuring that objective are achieved
c. verifying that organizational resources are being used
appropriately
e. Ascertaining whether risk is being managed properly.
,ISACA Studying Cybersecurity
Fundamentals Exam Questions &
Answers (Grade A+)
Choose 3. According to the NIST framework which of the following
are considered key functions necessary for the protection of digital
assets?
a. Encrypt b. Protect c. Investigate d. Recover e. Identify - correct
answer ✅B. Protect
D.recover
E. Identify
Which of the following is the best definition for cybersecurity?
a. The process by which an organization manages cybersecurity risk
to an acceptable level
b. The protection of information from unauthorized access or
disclosure
c. The protection of paper documents, digital and intellectual
property, and verbal or visual communications d. Protecting
information assets by addressing threats to information that is
processed, stored or transported by interworked information
systems - correct answer ✅d. Protecting information assets by
addressing threats to information that is processed, stored or
transported by internetworked information systems.
,ISACA Studying Cybersecurity
Fundamentals Exam Questions &
Answers (Grade A+)
Which of the following cybersecurity roles is charged with the duty
of managing incidents and remediation?
a. Board of directors
b. Executive committee
c. Cybersecurity management
d. Cybersecurity practitioner - correct answer ✅c. Cybersecurity
managment
The core duty of cybersecurity is to identify, respond and manage
________ to an organization's digital assets. - correct answer
✅Risk
A ________ is anything capable of acting against an asset in a
manner that can cause harm. - correct answer ✅Threat
A _______ is something of value worth protecting. - correct answer
✅Asset
, ISACA Studying Cybersecurity
Fundamentals Exam Questions &
Answers (Grade A+)
A _________ is a weakness in the design, implementation,
operation or internal controls in a process that could be exploited
to violate the system security - correct answer ✅vulnerability
the path or route used to gain access to the target asset is known as
a ______ - correct answer ✅attack vector
In an attack, the container that delivers the exploit to the target is
called? - correct answer ✅Payload
______ communicates required and prohibited activities and
behaviors - correct answer ✅Policies
_____ is a class of malware that hides the existence of other
malware by modifying the underlying operating system - correct
answer ✅Rootkit
_______ provides details on how to comply with policies and
standards. - correct answer ✅Procedures
