Cyber Security 2025/2026 Exam Study Guide
Introduction: This guide covers the critical domains of the modern cybersecurity
landscape, reflecting the updated 2025/2026 syllabus. It emphasizes cloud security,
AI/ML in cyber, zero-trust architectures, and modern privacy regulations. Use these
questions to test your knowledge and identify areas for further study.
Domain 1: Fundamentals of Cybersecurity & Governance
1. What are the three core principles of the CIA Triad?
ANSWER ✓ Confidentiality, Integrity, and Availability.
2. How does the "AAA" framework in security control access?
ANSWER ✓ Authentication, Authorization, and Accounting.
3. What is the primary purpose of a Risk Assessment?
ANSWER ✓ To identify, analyze, and evaluate cybersecurity risks to an organization's
operations and assets.
4. Differentiate between a vulnerability, a threat, and a risk.
ANSWER ✓ A vulnerability is a weakness, a threat is an actor that can exploit the
weakness, and risk is the potential for loss or damage when the threat exploits the
vulnerability.
5. What is the key difference between a policy, a standard, and a procedure?
ANSWER ✓ A policy is a high-level statement of management intent, a standard is a
mandatory rule to support the policy, and a procedure is a step-by-step guide to
implement the standard.
6. What regulation focuses on the privacy and security of health data in the United
States?
ANSWER ✓ HIPAA (Health Insurance Portability and Accountability Act).
7. What is the primary goal of the GDPR?
ANSWER ✓ To protect the personal data and privacy of individuals within the European
Union.
, 8. What does the term "defense in depth" refer to?
ANSWER ✓ A layered security approach that uses multiple, redundant controls to
protect assets.
9. What is the purpose of a Business Impact Analysis (BIA)?
ANSWER ✓ To identify and evaluate the potential effects of an interruption to critical
business operations.
10. What framework, developed by NIST, provides a policy framework for
improving critical infrastructure cybersecurity?
ANSWER ✓ The NIST Cybersecurity Framework (CSF).
Domain 2: Network Security & Zero Trust
11. What is the fundamental principle of a Zero Trust architecture?
ANSWER ✓ "Never trust, always verify." No user or device, inside or outside the network,
is trusted by default.
12. How does a VPN provide secure remote access?
ANSWER ✓ By creating an encrypted tunnel over a public network (like the internet) to
securely connect a remote user to a private network.
13. What is the primary function of a firewall?
ANSWER ✓ To monitor and control incoming and outgoing network traffic based on
predetermined security rules.
14. Differentiate between an IDS and an IPS.
ANSWER ✓ An Intrusion Detection System (IDS) monitors and alerts on suspicious
activity, while an Intrusion Prevention System (IPS) actively blocks and prevents the
detected threats.
15. What network protocol is considered insecure and should be replaced by its
encrypted counterpart, SSH?
ANSWER ✓ Telnet.
16. What is a DMZ (Demilitarized Zone) in network security?
ANSWER ✓ A physical or logical subnetwork that contains and exposes an
organization's external-facing services to a larger, untrusted network, typically the
internet.
Introduction: This guide covers the critical domains of the modern cybersecurity
landscape, reflecting the updated 2025/2026 syllabus. It emphasizes cloud security,
AI/ML in cyber, zero-trust architectures, and modern privacy regulations. Use these
questions to test your knowledge and identify areas for further study.
Domain 1: Fundamentals of Cybersecurity & Governance
1. What are the three core principles of the CIA Triad?
ANSWER ✓ Confidentiality, Integrity, and Availability.
2. How does the "AAA" framework in security control access?
ANSWER ✓ Authentication, Authorization, and Accounting.
3. What is the primary purpose of a Risk Assessment?
ANSWER ✓ To identify, analyze, and evaluate cybersecurity risks to an organization's
operations and assets.
4. Differentiate between a vulnerability, a threat, and a risk.
ANSWER ✓ A vulnerability is a weakness, a threat is an actor that can exploit the
weakness, and risk is the potential for loss or damage when the threat exploits the
vulnerability.
5. What is the key difference between a policy, a standard, and a procedure?
ANSWER ✓ A policy is a high-level statement of management intent, a standard is a
mandatory rule to support the policy, and a procedure is a step-by-step guide to
implement the standard.
6. What regulation focuses on the privacy and security of health data in the United
States?
ANSWER ✓ HIPAA (Health Insurance Portability and Accountability Act).
7. What is the primary goal of the GDPR?
ANSWER ✓ To protect the personal data and privacy of individuals within the European
Union.
, 8. What does the term "defense in depth" refer to?
ANSWER ✓ A layered security approach that uses multiple, redundant controls to
protect assets.
9. What is the purpose of a Business Impact Analysis (BIA)?
ANSWER ✓ To identify and evaluate the potential effects of an interruption to critical
business operations.
10. What framework, developed by NIST, provides a policy framework for
improving critical infrastructure cybersecurity?
ANSWER ✓ The NIST Cybersecurity Framework (CSF).
Domain 2: Network Security & Zero Trust
11. What is the fundamental principle of a Zero Trust architecture?
ANSWER ✓ "Never trust, always verify." No user or device, inside or outside the network,
is trusted by default.
12. How does a VPN provide secure remote access?
ANSWER ✓ By creating an encrypted tunnel over a public network (like the internet) to
securely connect a remote user to a private network.
13. What is the primary function of a firewall?
ANSWER ✓ To monitor and control incoming and outgoing network traffic based on
predetermined security rules.
14. Differentiate between an IDS and an IPS.
ANSWER ✓ An Intrusion Detection System (IDS) monitors and alerts on suspicious
activity, while an Intrusion Prevention System (IPS) actively blocks and prevents the
detected threats.
15. What network protocol is considered insecure and should be replaced by its
encrypted counterpart, SSH?
ANSWER ✓ Telnet.
16. What is a DMZ (Demilitarized Zone) in network security?
ANSWER ✓ A physical or logical subnetwork that contains and exposes an
organization's external-facing services to a larger, untrusted network, typically the
internet.
