2026 FINAL UPDATE!!
Official Exam Blueprint Replica | 100% Correct Answers
SECTION 1: Core Knowledge & Terminology — 15 Questions
Q1: What does the acronym 'WISE' stand for in the context of this certification?
• A. Workforce Information Security Enforcement
• B. Workplace Information Security Essentials [CORRECT]
• C. Web-based Integrated Security Environment
• D. Wireless Internet Security Encryption
Correct Answer: B
Rationale: Correct because WISE stands for Workplace Information Security Essentials, a
framework designed to establish foundational security awareness, controls, and practices
across organizational environments. The certification validates competency in core security
principles applicable to all personnel handling workplace information assets.
______________________________________________________________________
Q2: Which of the following is the PRIMARY goal of information security in a
workplace setting?
• A. To eliminate all technology from the organization
• B. To protect the confidentiality, integrity, and availability of information assets
[CORRECT]
• C. To increase the complexity of all passwords to 50 characters
• D. To prevent employees from accessing the internet
Correct Answer: B
Rationale: Correct because the CIA triad—Confidentiality, Integrity, and Availability—
represents the foundational objectives of information security. Confidentiality ensures
authorized access only, integrity ensures data accuracy and trustworthiness, and availability
ensures timely and reliable access to information for authorized users.
______________________________________________________________________
Q3: What is 'social engineering' in the context of information security?
• A. The design of secure social media platforms
,• B. The manipulation of people into divulging confidential information or
performing actions [CORRECT]
• C. The engineering of physical security doors
• D. The development of firewalls and intrusion detection systems
Correct Answer: B
Rationale: Correct because social engineering is a non-technical attack vector that exploits
human psychology rather than software vulnerabilities. Attackers manipulate individuals
through deception, urgency, authority impersonation, or trust exploitation to obtain
passwords, access credentials, or sensitive information.
______________________________________________________________________
Q4: Which term describes the practice of verifying that a user is who they claim to be?
• A. Authorization
• B. Authentication [CORRECT]
• C. Accounting
• D. Anonymization
Correct Answer: B
Rationale: Correct because authentication is the process of verifying the identity of a user,
device, or system. Common methods include passwords, biometrics, smart cards, and multi-
factor authentication. Authorization, by contrast, determines what an authenticated user is
permitted to do after identity is verified.
______________________________________________________________________
Q5: What is 'phishing' as a security threat?
• A. A recreational fishing activity near office buildings
• B. A fraudulent attempt to obtain sensitive information by disguising as a
trustworthy entity in electronic communication [CORRECT]
• C. A method of encrypting data using fish-shaped algorithms
• D. A physical security technique for locking filing cabinets
Correct Answer: B
Rationale: Correct because phishing is a cyberattack that uses fraudulent emails, messages,
or websites disguised as legitimate communications to trick recipients into revealing
credentials, financial information, or installing malware. It is the most common form of social
engineering and a leading cause of data breaches.
______________________________________________________________________
Q6: Which of the following is an example of a 'physical security control'?
, • A. A software firewall
• B. A badge-access entry system for server rooms [CORRECT]
• C. An email spam filter
• D. A network intrusion detection system
Correct Answer: B
Rationale: Correct because physical security controls protect tangible assets, facilities, and
personnel through physical measures such as locks, badge readers, surveillance cameras,
security guards, and biometric access systems. Badge-access entry systems restrict physical
access to sensitive areas like server rooms, data centers, and equipment storage.
______________________________________________________________________
Q7: What does 'least privilege' mean in access management?
• A. All employees should have the same level of access
• B. Users should be granted only the minimum access necessary to perform their
job functions [CORRECT]
• C. Senior executives should have no access to any systems
• D. Temporary employees should have full administrative access
Correct Answer: B
Rationale: Correct because the principle of least privilege requires that users, applications,
and systems be granted only the minimum level of access and permissions necessary to
perform their authorized functions. This reduces the attack surface, limits damage from
compromised accounts, and prevents unauthorized data access or system modifications.
______________________________________________________________________
Q8: Which of the following is a characteristic of 'malware'?
• A. It is always visible to the user as a pop-up notification
• B. It is malicious software designed to damage, disrupt, or gain unauthorized
access to systems [CORRECT]
• C. It is a type of hardware firewall
• D. It is a legitimate software update from the vendor
Correct Answer: B
Rationale: Correct because malware (malicious software) encompasses viruses, worms,
trojans, ransomware, spyware, and adware designed to damage systems, steal data, disrupt
operations, or gain unauthorized access. Malware often operates covertly and is distributed
through infected downloads, email attachments, or compromised websites.
______________________________________________________________________