Cybersecurity Management Final Exam
Questions and Answers (Latest 2026)
__________ provide the detailed steps needed to carry out
___________. - Correct Answers ✅Procedures, policies
A __________ grants the authority to perform an action on a
system. A __________ grants access to a resource. - Correct
Answers ✅right, permission
A business continuity plan (BCP) is an example of a(n): -
Correct Answers ✅security plan
A hacker wants to launch an attack on an organization. The
hacker uses a tool to capture data sent over the network in
cleartext, hoping to gather information that will help make
the attack successful. What tool is the hacker using? -
Correct Answers ✅a packet analyzer
A threat is any activity that represents a possible danger,
which includes any circumstances or events with the
potential to cause an adverse impact on all of the following,
except: - Correct Answers ✅assessments
A(n) ____________ assessment attempts to identify
vulnerabilities that can be exploited.
A. risk
B. threat
,Cybersecurity Management Final Exam
Questions and Answers (Latest 2026)
C. vulnerability
D. exploit - Correct Answers ✅D. exploit
An access control such as a firewall or intrusion prevention
system cannot protect against which of the following? -
Correct Answers ✅Social engineering
Another term for data range and reasonableness checks is: -
Correct Answers ✅input validation
Background checks, software testing, and awareness training
are all categories of: - Correct Answers ✅procedural
controls.
Bill is a security professional. He is in a meeting with co-
workers and describes a system that will make web sessions
more secure. He says when a user connects to the web
server and starts a secure session, the server sends a
certificate to the user. The certificate includes a public key.
The user can encrypt data with the public key and send it to
the server. Because the server holds the private key, it can
decrypt the data. Because no other entity has the private
key, no one else can decrypt the data. What is Bill
describing?
A. Public key infrastructure (PKI)
B. Certificate authority (CA)
,Cybersecurity Management Final Exam
Questions and Answers (Latest 2026)
C. A hashing algorithm
D. A digital signature - Correct Answers ✅A. Public key
infrastructure (PKI)
Bonding is a type of __________ that covers against losses by
theft, fraud, or dishonesty. - Correct Answers ✅Insurance
Complete the equation for the relationship between risk,
vulnerabilities, and threats: Risk equals: - Correct Answers
✅Vulnerability × Threat .
Functionality testing is primarily used with: - Correct
Answers ✅Software Development
Ideally, when should you perform threat modeling?
A. After writing an application or deploying a system
B. Before writing an application, but after deploying a system
C. After writing an application, but before deploying a system
D. Before writing an application or deploying a system -
Correct Answers ✅D. Before writing an application or
deploying a system
, Cybersecurity Management Final Exam
Questions and Answers (Latest 2026)
In a SQL injection attack, an attacker can: - Correct
Answers ✅read sections of a database or a whole database
without authorization.
Piggybacking is also known as:
A. tailgating.
B. a mantrap.
C. social engineering.
D. shoulder surfing. - Correct Answers ✅A. tailgating.
Primary considerations for assessing threats based on
historical data in your local area are __________ and
___________.
A. property value, insurance
B. weather conditions, natural disasters
C. historical data, threat modeling
D. crime statistics, flood frequency - Correct Answers ✅B.
weather conditions, natural disasters
Purchasing insurance is the primary way for an organization
to __________ or ___________ risk.
Questions and Answers (Latest 2026)
__________ provide the detailed steps needed to carry out
___________. - Correct Answers ✅Procedures, policies
A __________ grants the authority to perform an action on a
system. A __________ grants access to a resource. - Correct
Answers ✅right, permission
A business continuity plan (BCP) is an example of a(n): -
Correct Answers ✅security plan
A hacker wants to launch an attack on an organization. The
hacker uses a tool to capture data sent over the network in
cleartext, hoping to gather information that will help make
the attack successful. What tool is the hacker using? -
Correct Answers ✅a packet analyzer
A threat is any activity that represents a possible danger,
which includes any circumstances or events with the
potential to cause an adverse impact on all of the following,
except: - Correct Answers ✅assessments
A(n) ____________ assessment attempts to identify
vulnerabilities that can be exploited.
A. risk
B. threat
,Cybersecurity Management Final Exam
Questions and Answers (Latest 2026)
C. vulnerability
D. exploit - Correct Answers ✅D. exploit
An access control such as a firewall or intrusion prevention
system cannot protect against which of the following? -
Correct Answers ✅Social engineering
Another term for data range and reasonableness checks is: -
Correct Answers ✅input validation
Background checks, software testing, and awareness training
are all categories of: - Correct Answers ✅procedural
controls.
Bill is a security professional. He is in a meeting with co-
workers and describes a system that will make web sessions
more secure. He says when a user connects to the web
server and starts a secure session, the server sends a
certificate to the user. The certificate includes a public key.
The user can encrypt data with the public key and send it to
the server. Because the server holds the private key, it can
decrypt the data. Because no other entity has the private
key, no one else can decrypt the data. What is Bill
describing?
A. Public key infrastructure (PKI)
B. Certificate authority (CA)
,Cybersecurity Management Final Exam
Questions and Answers (Latest 2026)
C. A hashing algorithm
D. A digital signature - Correct Answers ✅A. Public key
infrastructure (PKI)
Bonding is a type of __________ that covers against losses by
theft, fraud, or dishonesty. - Correct Answers ✅Insurance
Complete the equation for the relationship between risk,
vulnerabilities, and threats: Risk equals: - Correct Answers
✅Vulnerability × Threat .
Functionality testing is primarily used with: - Correct
Answers ✅Software Development
Ideally, when should you perform threat modeling?
A. After writing an application or deploying a system
B. Before writing an application, but after deploying a system
C. After writing an application, but before deploying a system
D. Before writing an application or deploying a system -
Correct Answers ✅D. Before writing an application or
deploying a system
, Cybersecurity Management Final Exam
Questions and Answers (Latest 2026)
In a SQL injection attack, an attacker can: - Correct
Answers ✅read sections of a database or a whole database
without authorization.
Piggybacking is also known as:
A. tailgating.
B. a mantrap.
C. social engineering.
D. shoulder surfing. - Correct Answers ✅A. tailgating.
Primary considerations for assessing threats based on
historical data in your local area are __________ and
___________.
A. property value, insurance
B. weather conditions, natural disasters
C. historical data, threat modeling
D. crime statistics, flood frequency - Correct Answers ✅B.
weather conditions, natural disasters
Purchasing insurance is the primary way for an organization
to __________ or ___________ risk.
