Cyber Security Final Exam – Latest 2025/2026
Exam Prep & Practice Questions
Vulnerability - correct answera weakness that could be exploited to cause harm
Threat - correct answera set of circumstances that could cause harm.
Asset - correct answerThings of value you want to protect. such as hardware, software,
and data
Control - correct answeran action, device, procedure, or technique that removes or
reduces a vulnerability
Countermeasure - correct answera means to counter threats by preventing, deterring,
deflecting, mitigating, detecting, or recovering.
another word for control.
CIA - correct answerconfidentiality, integrity, availability.
Interception - correct answersomeone intercepts your data. sees it. breach of
confidentiality
Modification - correct answersomeone or something modifies data. failure in integrity
fabrication - correct answersomeone or something fabricates data. Failure in integrity
interruption - correct answersomeone or something interrupts a flow of data or access to
a computer. Failure of availability
four acts of the nature of the harm caused to assets.
(4 types of harm) - correct answerInterception, Modification, fabrication, interruption
Targeted - correct answerdirected attack: attacker intends harm to specific computers,
perhaps at one organization (think of attacks against a political organization) or
belonging to a specific individual (think of trying to drain a specific person's bank
account, for example, by impersonation). Also against a certain product (regardless of
whether random people are using the product)
Random - correct answerattacker wants to harm any computer or user; such an attack
is analogous to accosting the next pedestrian who walks down the street. An example of
, a random attack is malicious code posted on a website that could be visited by
anybody.
malicious - correct answerhuman caused. person actually wants to cause harm, and so
we often use the term attack for a malicious computer security event.
non-malicious - correct answerhuman caused. unintentional, harm. can be big or small
APT (Advanced Persistent Threat) - correct answercome from organized, well financed,
patient assailants. Often affiliated with governments. Long term campaigns. carefully
select their targets, crafting attacks that appeal to specifically those targets. Silent
hidden attacks, not opportunistic by nature
Harm - correct answerThe negative consequence of an actualized threat. The results of
bad stuff.
Risk Management - correct answerchoosing which threats to control and what
resources to devote to protection. weighing the seriousness of a threat against our
ability to protect because resources are limited.
Method - correct answerthe how of the attack. the skills, knowledge, tools, and other
things with which to perpetrate the attack.
Opportunity - correct answerthe when. is the time and access to execute an attack. Like
a person using an unsecured wifi connection
Motive, Method, Opportunity - correct answerAll necessary for an attack to succeed.
Motive - correct answerthe why of an attack. the reason to want to attack
Defense in Depth (overlapping controls) - correct answermore than one control or more
than one class of control to achieve protection.
Physical Controls - correct answerstop or block an attack by using something tangible
too, such as walls and fences
Procedural (administrative) controls - correct answercontrols that use a command or
agreement that requires or advises people how to act such as laws or guidelines
Technical controls - correct answercounter threats with technology (hardware or
software), including passwords, encryption, etc.
Access control - correct answerlimiting who can access what in what ways, a
mechanical process
Exam Prep & Practice Questions
Vulnerability - correct answera weakness that could be exploited to cause harm
Threat - correct answera set of circumstances that could cause harm.
Asset - correct answerThings of value you want to protect. such as hardware, software,
and data
Control - correct answeran action, device, procedure, or technique that removes or
reduces a vulnerability
Countermeasure - correct answera means to counter threats by preventing, deterring,
deflecting, mitigating, detecting, or recovering.
another word for control.
CIA - correct answerconfidentiality, integrity, availability.
Interception - correct answersomeone intercepts your data. sees it. breach of
confidentiality
Modification - correct answersomeone or something modifies data. failure in integrity
fabrication - correct answersomeone or something fabricates data. Failure in integrity
interruption - correct answersomeone or something interrupts a flow of data or access to
a computer. Failure of availability
four acts of the nature of the harm caused to assets.
(4 types of harm) - correct answerInterception, Modification, fabrication, interruption
Targeted - correct answerdirected attack: attacker intends harm to specific computers,
perhaps at one organization (think of attacks against a political organization) or
belonging to a specific individual (think of trying to drain a specific person's bank
account, for example, by impersonation). Also against a certain product (regardless of
whether random people are using the product)
Random - correct answerattacker wants to harm any computer or user; such an attack
is analogous to accosting the next pedestrian who walks down the street. An example of
, a random attack is malicious code posted on a website that could be visited by
anybody.
malicious - correct answerhuman caused. person actually wants to cause harm, and so
we often use the term attack for a malicious computer security event.
non-malicious - correct answerhuman caused. unintentional, harm. can be big or small
APT (Advanced Persistent Threat) - correct answercome from organized, well financed,
patient assailants. Often affiliated with governments. Long term campaigns. carefully
select their targets, crafting attacks that appeal to specifically those targets. Silent
hidden attacks, not opportunistic by nature
Harm - correct answerThe negative consequence of an actualized threat. The results of
bad stuff.
Risk Management - correct answerchoosing which threats to control and what
resources to devote to protection. weighing the seriousness of a threat against our
ability to protect because resources are limited.
Method - correct answerthe how of the attack. the skills, knowledge, tools, and other
things with which to perpetrate the attack.
Opportunity - correct answerthe when. is the time and access to execute an attack. Like
a person using an unsecured wifi connection
Motive, Method, Opportunity - correct answerAll necessary for an attack to succeed.
Motive - correct answerthe why of an attack. the reason to want to attack
Defense in Depth (overlapping controls) - correct answermore than one control or more
than one class of control to achieve protection.
Physical Controls - correct answerstop or block an attack by using something tangible
too, such as walls and fences
Procedural (administrative) controls - correct answercontrols that use a command or
agreement that requires or advises people how to act such as laws or guidelines
Technical controls - correct answercounter threats with technology (hardware or
software), including passwords, encryption, etc.
Access control - correct answerlimiting who can access what in what ways, a
mechanical process
