ISC2 CYBERSECURITY LATEST 2026 EXAM QUESTIONS AND
ANSWERS RATED A+
✔✔Baseline - ✔✔A documented, lowest level of security configuration allowed by a
standard or organization.
✔✔Biometric - ✔✔Biological characteristics of an individual, such as a fingerprint, hand
geometry, voice, or iris patterns.
✔✔Bit - ✔✔The most essential representation of data (zero or one) at Layer 1 of the
Open Systems Interconnection (OSI) model.
✔✔Bot - ✔✔Malicious code that acts like a remotely controlled "robot" for an attacker,
with other Trojan and worm capabilities.
✔✔Breach - ✔✔The loss of control, compromise, unauthorized disclosure, unauthorized
acquisition or any similar occurrence where: a person other than an authorized user
accesses or potentially accesses personally identifiable information; or an authorized
user accesses personally identifiable information for other than an authorized purpose.
Source: NIST SP 800-53 Rev. 5
✔✔Broadcast - ✔✔Broadcast transmission is a one-to-many (one-to-everyone) form of
sending internet traffic.
✔✔Business Continuity (BC) - ✔✔Actions, processes and tools for ensuring an
organization can continue critical operations during a contingency.
✔✔Business Continuity Plan (BCP) - ✔✔The documentation of a predetermined set of
instructions or procedures that describe how an organization's mission/business
processes will be sustained during and after a significant disruption.
✔✔Business Impact Analysis (BIA) - ✔✔An analysis of an information system's
requirements, functions, and interdependencies used to characterize system
contingency requirements and priorities in the event of a significant disruption. NIST SP
800-34 Rev. 1
✔✔Byte - ✔✔The byte is a unit of digital information that most commonly consists of
eight bits.
✔✔Checksum - ✔✔A digit representing the sum of the correct digits in a piece of stored
or transmitted digital data, against which later comparisons can be made to detect
errors in the data.
, ✔✔Ciphertext - ✔✔The altered form of a plaintext message so it is unreadable for
anyone except the intended recipients. In other words, it has been turned into a secret.
✔✔Classification - ✔✔Classification identifies the degree of harm to the organization, its
stakeholders or others that might result if an information asset is divulged to an
unauthorized person, process or organization. In short, classification is focused first and
foremost on maintaining the confidentiality of the data, based on the data sensitivity.
✔✔Classified or Sensitive Information - ✔✔Information that has been determined to
require protection against unauthorized disclosure and is marked to indicate its
classified status and classification level when in documentary form.
✔✔Cloud Computing - ✔✔A model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction. NIST 800-145
✔✔Community Cloud - ✔✔A system in which the cloud infrastructure is provisioned for
exclusive use by a specific community of consumers from organizations that have
shared concerns (e.g., mission, security requirements, policy and compliance
considerations). It may be owned, managed and operated by one or more of the
organizations in the community, a third party or some combination of them, and it may
exist on or off premises. NIST 800-145
✔✔Confidentiality - ✔✔The characteristic of data or information when it is not made
available or disclosed to unauthorized persons or processes. NIST 800-66
✔✔Configuration Management - ✔✔A process and discipline used to ensure that the
only changes made to a system are those that have been authorized and validated.
✔✔Crime Prevention through Environmental Design (CPTED) - ✔✔An architectural
approach to the design of buildings and spaces that emphasizes passive features to
reduce the likelihood of criminal activity.
✔✔Criticality - ✔✔A measure of the degree to which an organization depends on the
information or information system for the success of a mission or of a business function.
NIST SP 800-60 Vol. 1, Rev. 1
✔✔Cryptanalyst - ✔✔One who performs cryptanalysis, which is the study of
mathematical techniques for attempting to defeat cryptographic techniques and/or
information systems security. This includes the process of looking for errors or
weaknesses in the implementation of an algorithm or of the algorithm itself.
ANSWERS RATED A+
✔✔Baseline - ✔✔A documented, lowest level of security configuration allowed by a
standard or organization.
✔✔Biometric - ✔✔Biological characteristics of an individual, such as a fingerprint, hand
geometry, voice, or iris patterns.
✔✔Bit - ✔✔The most essential representation of data (zero or one) at Layer 1 of the
Open Systems Interconnection (OSI) model.
✔✔Bot - ✔✔Malicious code that acts like a remotely controlled "robot" for an attacker,
with other Trojan and worm capabilities.
✔✔Breach - ✔✔The loss of control, compromise, unauthorized disclosure, unauthorized
acquisition or any similar occurrence where: a person other than an authorized user
accesses or potentially accesses personally identifiable information; or an authorized
user accesses personally identifiable information for other than an authorized purpose.
Source: NIST SP 800-53 Rev. 5
✔✔Broadcast - ✔✔Broadcast transmission is a one-to-many (one-to-everyone) form of
sending internet traffic.
✔✔Business Continuity (BC) - ✔✔Actions, processes and tools for ensuring an
organization can continue critical operations during a contingency.
✔✔Business Continuity Plan (BCP) - ✔✔The documentation of a predetermined set of
instructions or procedures that describe how an organization's mission/business
processes will be sustained during and after a significant disruption.
✔✔Business Impact Analysis (BIA) - ✔✔An analysis of an information system's
requirements, functions, and interdependencies used to characterize system
contingency requirements and priorities in the event of a significant disruption. NIST SP
800-34 Rev. 1
✔✔Byte - ✔✔The byte is a unit of digital information that most commonly consists of
eight bits.
✔✔Checksum - ✔✔A digit representing the sum of the correct digits in a piece of stored
or transmitted digital data, against which later comparisons can be made to detect
errors in the data.
, ✔✔Ciphertext - ✔✔The altered form of a plaintext message so it is unreadable for
anyone except the intended recipients. In other words, it has been turned into a secret.
✔✔Classification - ✔✔Classification identifies the degree of harm to the organization, its
stakeholders or others that might result if an information asset is divulged to an
unauthorized person, process or organization. In short, classification is focused first and
foremost on maintaining the confidentiality of the data, based on the data sensitivity.
✔✔Classified or Sensitive Information - ✔✔Information that has been determined to
require protection against unauthorized disclosure and is marked to indicate its
classified status and classification level when in documentary form.
✔✔Cloud Computing - ✔✔A model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction. NIST 800-145
✔✔Community Cloud - ✔✔A system in which the cloud infrastructure is provisioned for
exclusive use by a specific community of consumers from organizations that have
shared concerns (e.g., mission, security requirements, policy and compliance
considerations). It may be owned, managed and operated by one or more of the
organizations in the community, a third party or some combination of them, and it may
exist on or off premises. NIST 800-145
✔✔Confidentiality - ✔✔The characteristic of data or information when it is not made
available or disclosed to unauthorized persons or processes. NIST 800-66
✔✔Configuration Management - ✔✔A process and discipline used to ensure that the
only changes made to a system are those that have been authorized and validated.
✔✔Crime Prevention through Environmental Design (CPTED) - ✔✔An architectural
approach to the design of buildings and spaces that emphasizes passive features to
reduce the likelihood of criminal activity.
✔✔Criticality - ✔✔A measure of the degree to which an organization depends on the
information or information system for the success of a mission or of a business function.
NIST SP 800-60 Vol. 1, Rev. 1
✔✔Cryptanalyst - ✔✔One who performs cryptanalysis, which is the study of
mathematical techniques for attempting to defeat cryptographic techniques and/or
information systems security. This includes the process of looking for errors or
weaknesses in the implementation of an algorithm or of the algorithm itself.
