GUIDE | PRACTICE QUESTIONS &
ANSWERS (ALL DOMAINS)
| GRADED A+ | GUARANTEED SUCCESS
Updated 2026 Questions and Answers
100% Verified Exam Prep and Comprehensive
Rationales Included
,Annualized loss expectancy (ALE) A dollar amount that estiamtes the loss potenial from a risk in a span of a year.
Single Loss Expectancy (SLE) x annualized rate of occurrence (ARO) = ALE
Annualized Rate of Occurrence (ARO) The value that represents the estimated possibility of a specific threat taking place
within a one-year timeframe.
Antivirus Software Software designed to prevent and detect malware infections
ARO/Annual Rate of Occurrence The number of losses suffered per year
Attack An attempt to bypass security controls in a system with the mission of using that
system or compromising it. An attack is usually accomplished by exploiting a
current vulnerability.
Authentication Proof of an Identity claim
Authorization Actions an individual can perform on a system
AV/Asset Value The Value of a protected asset
Availability The reliability and accessibility of data and resources to authorized identified
individuals in a timely manner.
Availability Assures information is available when needed
Awareness Security Control designed to change user behavior
Background checks A Verification of a person's background and experience, Also called pre-
employment screening
Baseline Uniform ways to implement a safeguard , administrative control
,Baseline The minimum level of security necessary to support and enforce a security policy.
Best evidence rule Requires use of the strongest possible evidence
Best practice A consensus of the best way to protect the confidentiality, integrity and
availability of assets
Bot A computer system running malware that is controlled via a botnet
Botnet A central bot command and control (C&C) network, managed by humans
Breach notification Notification of persons whose personal data has been, or is likely to have been,
compromised
Business Impact Analysis (BIA) A functional analysis in which a team collects data, documents business functions,
develops a hierarchy of business functions, and applies a classification scheme to
indicate each individual function's criticality level.
CIA triad Confidentiality, Integrity and Availability
Circumstantial evidence Evidence that servers to establish the circumstances related to particular points or
even other evidence
Civil law Law that resolves disputes between individuals or organizations
Civil law (legal system) Legal system that leverages codified laws or statues to determine what is
considered within the bounds of law
Classification A systematic arrangement of objects into groups or categories according to a set
of established criteria. Data and resources can be assigned a level of sensitivity as
they are being created, amended, enhanced, stored, or transmitted. The
classification level then determines the extent to which the resource needs to be
controlled and secured, and is indicative of its value in terms of information
assets.
Collection Limitation Principle OECD Privacy Guideline principle which states personal data collection should
have limits, be obtained in a lawful manner, and, unless there is a compelling
reason to the contrary, with the individuals knowledge and approval.
, Collusion Two or more people working together to carry out a fraudulent activity. More
than one person would need to work together to cause some type of destruction
or fraud; this drastically reduces its probability.
Color of law Acting on the authority of law enforcement
Commandments of Computer Ethics The Computer Ethics institute code of ethics
Common law Legal system that places significant emphasis on particular cases and judicial
precedent as a determinant of laws
Compensation controls Additional security controls put in place to compensate for weaknesses in other
controls
Compensatory damages Damages provided as compensation
Computer crimes Crimes using computers
Computer Fraud and Abuse Act Title 18 United States Code Section 1030
Copyright Type of intellectual property that protects the form of expression in artistic,
musical, or literary works
Copyright A legal right that protects the expression of ideas.
Corrective controls Controls that correct a damaged system or process
Corroborative evidence Evidence that provides additional support for a fact that might have been called
into question
cost/benefit analysis An assessment that is performed to ensure that the cost of a safeguard does not
outweighs the benefit of the safeguard. Spending more to protect an asset than
the asset is actually worth does not make good business sense. All possible
safeguards must be evaluated to ensure that the most security-effective and cost-
effective choice is made.
countermeasure A control, method, technique, or procedure that is put into place to prevent a
threat agent from exploiting a vulnerability. A countermeasure is put into place to
mitigate risk. Also called a safeguard or control
Cracker A black hat hacker