FUNDAMENTALS OF INFORMATION
SECURITY 2026 EXAM WITH
CORRECT ANSWERS GRADED A+
Controls that protect the systems, networks, and environments that
process, transmit, and store our data are called _______. - ANSWER-
Logical Controls
During what phase of the incident response process do we determine
what happened, why it happened, and what we can do to keep it from
happening again? - ANSWER- Post-Incident Activity
Something that has the potential to cause harm to our assets is known as
a(n) ________. - ANSWER- Threat
What is the first and arguably one of the most important steps of the risk
management process? - ANSWER- Identify assess
,The Fabrication attack type most commonly affects which principle(s) of
the CIA triad? - ANSWER- Integrity and Availability
The Interception attack type most commonly affects which principle(s)
of the CIA triad? - ANSWER- Confidentiality
A badge or token is considered what type of authentication? -
ANSWER- Something you have
A password or PIN is considered what type of authentication? -
ANSWER- Something you know
The set of methods we use to establish a claim of identity as being true is
called ______. - ANSWER- Authentication
A fingerprint is considered what type of authentication? - ANSWER-
Something you are
What type of authentication can prevent a man-in-the-middle attack? -
ANSWER- Mutual
The biometric characteristic that measures how well a factor resists
change over time and with advancing age is called __________ -
ANSWER- Permanence
,What dictates that we should only allow the bare minimum of access, as
needed? - ANSWER- Principle of least privilege
Access controls are policies or procedures used to control access to
certain items. - ANSWER- True
What is implemented through the use of access controls? - ANSWER-
Authorization
Which answer best describes the authorization component of access
control? - ANSWER- Authorization is the process of determining
who is approved for access and what resources they are approved
for.
A client-side attack that involves the attacker placing an invisible layer
over something on a website that the user would normally click on, in
order to execute a command differing from what the user thinks they are
performing, is known as ___________. - ANSWER- Clickjacking
What type of access control can prevent the confused deputy problem? -
ANSWER- Capability-based security
A user who creates a network share and sets permissions on that share is
employing which model of access control? - ANSWER- Discretionary
access control
, A VPN connection that is set to time out after 24 hours is demonstrating
which model of access control? - ANSWER- Attribute-based access
control
Confidential Services Inc. is a military-support branch consisting of
1,400 computers with Internet access and 250 servers. All employees are
required to have security clearances. From the options listed below, what
access control model would be most appropriate for this organization? -
ANSWER- Mandatory access control
What is information security? - ANSWER- Protecting information and
information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction.
Using the concept of defense in depth we can protect ourselves against
someone using a USB flash drive to remove confidential data from an
office space within our building. - ANSWER- True
Select the example(s) of identity verification. (Choose all that apply.) -
ANSWER- SSN
Passport
Birth certificate
Multifactor authentication is the use of more than one authentication
method to access an information system. - ANSWER- True
SECURITY 2026 EXAM WITH
CORRECT ANSWERS GRADED A+
Controls that protect the systems, networks, and environments that
process, transmit, and store our data are called _______. - ANSWER-
Logical Controls
During what phase of the incident response process do we determine
what happened, why it happened, and what we can do to keep it from
happening again? - ANSWER- Post-Incident Activity
Something that has the potential to cause harm to our assets is known as
a(n) ________. - ANSWER- Threat
What is the first and arguably one of the most important steps of the risk
management process? - ANSWER- Identify assess
,The Fabrication attack type most commonly affects which principle(s) of
the CIA triad? - ANSWER- Integrity and Availability
The Interception attack type most commonly affects which principle(s)
of the CIA triad? - ANSWER- Confidentiality
A badge or token is considered what type of authentication? -
ANSWER- Something you have
A password or PIN is considered what type of authentication? -
ANSWER- Something you know
The set of methods we use to establish a claim of identity as being true is
called ______. - ANSWER- Authentication
A fingerprint is considered what type of authentication? - ANSWER-
Something you are
What type of authentication can prevent a man-in-the-middle attack? -
ANSWER- Mutual
The biometric characteristic that measures how well a factor resists
change over time and with advancing age is called __________ -
ANSWER- Permanence
,What dictates that we should only allow the bare minimum of access, as
needed? - ANSWER- Principle of least privilege
Access controls are policies or procedures used to control access to
certain items. - ANSWER- True
What is implemented through the use of access controls? - ANSWER-
Authorization
Which answer best describes the authorization component of access
control? - ANSWER- Authorization is the process of determining
who is approved for access and what resources they are approved
for.
A client-side attack that involves the attacker placing an invisible layer
over something on a website that the user would normally click on, in
order to execute a command differing from what the user thinks they are
performing, is known as ___________. - ANSWER- Clickjacking
What type of access control can prevent the confused deputy problem? -
ANSWER- Capability-based security
A user who creates a network share and sets permissions on that share is
employing which model of access control? - ANSWER- Discretionary
access control
, A VPN connection that is set to time out after 24 hours is demonstrating
which model of access control? - ANSWER- Attribute-based access
control
Confidential Services Inc. is a military-support branch consisting of
1,400 computers with Internet access and 250 servers. All employees are
required to have security clearances. From the options listed below, what
access control model would be most appropriate for this organization? -
ANSWER- Mandatory access control
What is information security? - ANSWER- Protecting information and
information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction.
Using the concept of defense in depth we can protect ourselves against
someone using a USB flash drive to remove confidential data from an
office space within our building. - ANSWER- True
Select the example(s) of identity verification. (Choose all that apply.) -
ANSWER- SSN
Passport
Birth certificate
Multifactor authentication is the use of more than one authentication
method to access an information system. - ANSWER- True
