MIST 356 ACTUAL 2026 TEST PAPER QUESTIONS AND
ANSWERS GRADED A+
✔✔Importance of asset valuation in security planning - ✔✔It helps prioritize protection
based on asset criticality and potential loss.
✔✔Role of user authentication in security - ✔✔Verifies a user's identity before granting
access.
✔✔Difference between authorization and authentication - ✔✔Authentication confirms
identity and authorization determines what access is allowed.
✔✔Importance of evaluating the impact of risks - ✔✔Ensures resources are directed to
mitigate the most serious threats.
✔✔Role of firewalls in network security - ✔✔Block unauthorized traffic and enforce
network access rules.
✔✔Difference between internal and external audits - ✔✔Internal audits are done by
staff and external audits by independent third parties.
✔✔Purpose of security policies - ✔✔They define expected behavior and technical
requirements for protection.
✔✔Role of encryption in data protection - ✔✔Protects data confidentiality during
storage and transmission.
✔✔Importance of patch management - ✔✔Keeps software updated to remove
vulnerabilities.
✔✔Scenario where least privilege prevents a security breach - ✔✔Applying least
privilege prevents a marketing intern from deleting production databases.
✔✔Using SELinux to secure a database - ✔✔To restrict the MariaDB process to only its
database files and ports.
✔✔Third-party risk assessment steps - ✔✔Identify vendors, review policies, evaluate
controls, and document findings.
✔✔Response to detected intrusion - ✔✔Isolate systems, notify teams, collect evidence,
eradicate threats, and recover.
✔✔Network security policy components - ✔✔Acceptable use, access control,
monitoring, and response procedures.
, ✔✔ACL configuration for shared directory - ✔✔setfacl -m u:username:rwx /shared/dir
✔✔Vendor fails security audit - ✔✔Require remediation or suspend the partnership.
✔✔Continuous monitoring in small business - ✔✔Using lightweight tools and regular log
reviews.
✔✔Chaos model for incident response - ✔✔Simulated outages, fake breaches, and
system stress tests.
✔✔setfacl and getfacl in Linux - ✔✔Use setfacl to assign permissions and getfacl to
review them.
✔✔chmod command - ✔✔Changes basic file permissions.
✔✔Difference between setfacl and getfacl - ✔✔setfacl modifies ACLs and getfacl
displays them.
✔✔ls -l in Linux - ✔✔Shows file permissions, ownership, and modification times.
✔✔mysqldump purpose - ✔✔Creates logical backups of MariaDB databases.
✔✔mysql_secure_installation configuration - ✔✔Removes insecure defaults and
enforces stronger settings.
✔✔NIST SP 800-53 - ✔✔Provides security control guidelines for federal systems.
✔✔COBIT 5 - ✔✔A governance framework aligning IT with business goals.
✔✔PCI DSS - ✔✔Secures credit card data and transactions.
✔✔ISO/IEC 27001 - ✔✔Defines requirements for an information security management
system (ISMS).
✔✔NIST Cybersecurity Framework - ✔✔Outlines five functions: Identify, Protect,
Detect, Respond, Recover.
✔✔Security awareness training - ✔✔All employees and contractors.
✔✔IT role in enforcing security policies - ✔✔IT enforces policies through system
configuration, access control, and monitoring.
ANSWERS GRADED A+
✔✔Importance of asset valuation in security planning - ✔✔It helps prioritize protection
based on asset criticality and potential loss.
✔✔Role of user authentication in security - ✔✔Verifies a user's identity before granting
access.
✔✔Difference between authorization and authentication - ✔✔Authentication confirms
identity and authorization determines what access is allowed.
✔✔Importance of evaluating the impact of risks - ✔✔Ensures resources are directed to
mitigate the most serious threats.
✔✔Role of firewalls in network security - ✔✔Block unauthorized traffic and enforce
network access rules.
✔✔Difference between internal and external audits - ✔✔Internal audits are done by
staff and external audits by independent third parties.
✔✔Purpose of security policies - ✔✔They define expected behavior and technical
requirements for protection.
✔✔Role of encryption in data protection - ✔✔Protects data confidentiality during
storage and transmission.
✔✔Importance of patch management - ✔✔Keeps software updated to remove
vulnerabilities.
✔✔Scenario where least privilege prevents a security breach - ✔✔Applying least
privilege prevents a marketing intern from deleting production databases.
✔✔Using SELinux to secure a database - ✔✔To restrict the MariaDB process to only its
database files and ports.
✔✔Third-party risk assessment steps - ✔✔Identify vendors, review policies, evaluate
controls, and document findings.
✔✔Response to detected intrusion - ✔✔Isolate systems, notify teams, collect evidence,
eradicate threats, and recover.
✔✔Network security policy components - ✔✔Acceptable use, access control,
monitoring, and response procedures.
, ✔✔ACL configuration for shared directory - ✔✔setfacl -m u:username:rwx /shared/dir
✔✔Vendor fails security audit - ✔✔Require remediation or suspend the partnership.
✔✔Continuous monitoring in small business - ✔✔Using lightweight tools and regular log
reviews.
✔✔Chaos model for incident response - ✔✔Simulated outages, fake breaches, and
system stress tests.
✔✔setfacl and getfacl in Linux - ✔✔Use setfacl to assign permissions and getfacl to
review them.
✔✔chmod command - ✔✔Changes basic file permissions.
✔✔Difference between setfacl and getfacl - ✔✔setfacl modifies ACLs and getfacl
displays them.
✔✔ls -l in Linux - ✔✔Shows file permissions, ownership, and modification times.
✔✔mysqldump purpose - ✔✔Creates logical backups of MariaDB databases.
✔✔mysql_secure_installation configuration - ✔✔Removes insecure defaults and
enforces stronger settings.
✔✔NIST SP 800-53 - ✔✔Provides security control guidelines for federal systems.
✔✔COBIT 5 - ✔✔A governance framework aligning IT with business goals.
✔✔PCI DSS - ✔✔Secures credit card data and transactions.
✔✔ISO/IEC 27001 - ✔✔Defines requirements for an information security management
system (ISMS).
✔✔NIST Cybersecurity Framework - ✔✔Outlines five functions: Identify, Protect,
Detect, Respond, Recover.
✔✔Security awareness training - ✔✔All employees and contractors.
✔✔IT role in enforcing security policies - ✔✔IT enforces policies through system
configuration, access control, and monitoring.
