CHAPTER 1: SECURITY PRINCIPLES LATEST
EXAM 2025-2026 QUESTIONS AND CORRECT
VERIFIED ANSWERS
Q: Adequate Security
Ans: Security commensurate with the risk and the magnitude of harm
resulting from the loss, misuse or unauthorized access to or modification of
information. Source: OMB Circular A-130
Q: Administrative Controls
Ans: Controls implemented through policy and procedures. Examples
include access control processes and requiring multiple personnel to conduct
a specific operation. Administrative controls in modern environments are
often enforced in conjunction with physical and/or technical controls, such as
an access-granting policy for new users that requires login and approval by
the hiring manager.
Q: Artificial Intelligence
Ans: The ability of computers and robots to simulate human intelligence
and behavior.
Q: Asset
, Ans: Anything of value that is owned by an organization. Assets include
both tangible items such as information systems and physical property and
intangible assets such as intellectual property.
Q: Authentication
Ans: The act of identifying or verifying the eligibility of a station,
originator, or individual to access specific categories of information.
Typically, a measure designed to protect against fraudulent transmissions by
establishing the validity of a transmission, message, station or originator.
Q: Authorization
Ans: The right or a permission that is granted to a system entity to access
a system resource. NIST 800-82 Rev.2
Q: Availability
Ans: Ensuring timely and reliable access to and use of information by
authorized users.
Q: Baseline
EXAM 2025-2026 QUESTIONS AND CORRECT
VERIFIED ANSWERS
Q: Adequate Security
Ans: Security commensurate with the risk and the magnitude of harm
resulting from the loss, misuse or unauthorized access to or modification of
information. Source: OMB Circular A-130
Q: Administrative Controls
Ans: Controls implemented through policy and procedures. Examples
include access control processes and requiring multiple personnel to conduct
a specific operation. Administrative controls in modern environments are
often enforced in conjunction with physical and/or technical controls, such as
an access-granting policy for new users that requires login and approval by
the hiring manager.
Q: Artificial Intelligence
Ans: The ability of computers and robots to simulate human intelligence
and behavior.
Q: Asset
, Ans: Anything of value that is owned by an organization. Assets include
both tangible items such as information systems and physical property and
intangible assets such as intellectual property.
Q: Authentication
Ans: The act of identifying or verifying the eligibility of a station,
originator, or individual to access specific categories of information.
Typically, a measure designed to protect against fraudulent transmissions by
establishing the validity of a transmission, message, station or originator.
Q: Authorization
Ans: The right or a permission that is granted to a system entity to access
a system resource. NIST 800-82 Rev.2
Q: Availability
Ans: Ensuring timely and reliable access to and use of information by
authorized users.
Q: Baseline
