(ISC)2 Certified in Cybersecurity Exam Questions with Correct Answers Latest Update 2025-
2026
Adequate Security - Answers Security commensurate with the risk and the magnitude of harm
resulting from the loss, misuse or unauthorized access to or modification of information.
Administrative Controls - Answers Controls implemented through policy and procedures. Often
enforced in conjunction with physical and/or technical controls, such as an access-granting
policy for new users that requires login and approval by the hiring manager.
Adverse Events - Answers Events with a negative consequence. (Ex. System crashes, network
packet floods, unauthorized use of system privileges, defacement of a web page or execution of
malicious code that destroys data.)
Application Programming Interface (API) - Answers A set of routines, standards, protocols, and
tools for building software applications to access a web-based software application or web tool.
Application Server - Answers A computer responsible for hosting applications to user
workstations.
Artificial Intelligence (Ai) - Answers The ability of computers and robots to simulate human
intelligence and behavior.
Asset - Answers Anything of value that is owned by an organization. Assets include both
tangible items such as information systems and physical property and intangible assets such
as intellectual property.
Asymmetric Encryption - Answers An algorithm that uses one key to encrypt and a different key
to decrypt the input plaintext.
Audit - Answers Independent review and examination of records and activities to assess the
adequacy of system controls, to ensure compliance with established policies and operational
procedures.
Authentication - Answers The act of identifying or verifying the eligibility of a station, originator,
or individual to access specific categories of information. Typically, a measure designed to
protect against fraudulent transmissions by establishing the validity of a transmission, message,
station or originator.
Authorization - Answers The right or permission that is granted to a system entity to access a
system resource.
Availability - Answers Ensuring timely and reliable access to and use of information by
authorized users. Also means that systems and data are accessible at the time users need
them.
, Baseline - Answers A documented, lowest level of security configuration allowed by a standard
or organization.
Biometric - Answers Biological characteristics of an individual, such as a fingerprint, hand
geometry, voice, or iris patterns.
Bit - Answers The most essential representation of data (zero or one) at Layer 1 of the Open
Systems Interconnection (OSI) model.
Bot - Answers Malicious code that acts like a remotely controlled "robot" for an attacker, with
other Trojan and worm capabilities.
Breach - Answers The loss of control, compromise, unauthorized disclosure, unauthorized
acquisition or any similar occurrence where: a person other than an authorized user accesses or
potentially accesses personally identifiable information; or an authorized user accesses
personally identifiable information for other than an authorized purpose.
Broadcast - Answers Broadcast transmission is a one-to-many (one-to-everyone) form of
sending internet traffic.
Business Continuity (BC) - Answers Actions, processes and tools for ensuring an organization
can continue critical operations during a contingency.
Business Continuity Plan (BCP) - Answers The documentation of a predetermined set of
instructions or procedures that describe how an organization's mission/business processes will
be sustained during and after a significant disruption.
Business Impact Analysis (BIA) - Answers An analysis of an information system's requirements,
functions, and interdependencies used to characterize system contingency requirements and
priorities in the event of a significant disruption.
Byte - Answers The byte is a unit of digital information that most commonly consists of eight
bits.
Checksum - Answers A digit representing the sum of the correct digits in a piece of stored or
transmitted digital data, against which later comparisons can be made to detect errors in the
data.
Ciphertext - Answers The altered form of a plaintext message so it is unreadable for anyone
except the intended recipients. In other words, it has been turned into a secret.
Classification - Answers Classification identifies the degree of harm to the organization, its
stakeholders or others that might result if an information asset is divulged to an unauthorized
person, process or organization. In short, classification is focused first and foremost on
maintaining the confidentiality of the data, based on the data sensitivity.
2026
Adequate Security - Answers Security commensurate with the risk and the magnitude of harm
resulting from the loss, misuse or unauthorized access to or modification of information.
Administrative Controls - Answers Controls implemented through policy and procedures. Often
enforced in conjunction with physical and/or technical controls, such as an access-granting
policy for new users that requires login and approval by the hiring manager.
Adverse Events - Answers Events with a negative consequence. (Ex. System crashes, network
packet floods, unauthorized use of system privileges, defacement of a web page or execution of
malicious code that destroys data.)
Application Programming Interface (API) - Answers A set of routines, standards, protocols, and
tools for building software applications to access a web-based software application or web tool.
Application Server - Answers A computer responsible for hosting applications to user
workstations.
Artificial Intelligence (Ai) - Answers The ability of computers and robots to simulate human
intelligence and behavior.
Asset - Answers Anything of value that is owned by an organization. Assets include both
tangible items such as information systems and physical property and intangible assets such
as intellectual property.
Asymmetric Encryption - Answers An algorithm that uses one key to encrypt and a different key
to decrypt the input plaintext.
Audit - Answers Independent review and examination of records and activities to assess the
adequacy of system controls, to ensure compliance with established policies and operational
procedures.
Authentication - Answers The act of identifying or verifying the eligibility of a station, originator,
or individual to access specific categories of information. Typically, a measure designed to
protect against fraudulent transmissions by establishing the validity of a transmission, message,
station or originator.
Authorization - Answers The right or permission that is granted to a system entity to access a
system resource.
Availability - Answers Ensuring timely and reliable access to and use of information by
authorized users. Also means that systems and data are accessible at the time users need
them.
, Baseline - Answers A documented, lowest level of security configuration allowed by a standard
or organization.
Biometric - Answers Biological characteristics of an individual, such as a fingerprint, hand
geometry, voice, or iris patterns.
Bit - Answers The most essential representation of data (zero or one) at Layer 1 of the Open
Systems Interconnection (OSI) model.
Bot - Answers Malicious code that acts like a remotely controlled "robot" for an attacker, with
other Trojan and worm capabilities.
Breach - Answers The loss of control, compromise, unauthorized disclosure, unauthorized
acquisition or any similar occurrence where: a person other than an authorized user accesses or
potentially accesses personally identifiable information; or an authorized user accesses
personally identifiable information for other than an authorized purpose.
Broadcast - Answers Broadcast transmission is a one-to-many (one-to-everyone) form of
sending internet traffic.
Business Continuity (BC) - Answers Actions, processes and tools for ensuring an organization
can continue critical operations during a contingency.
Business Continuity Plan (BCP) - Answers The documentation of a predetermined set of
instructions or procedures that describe how an organization's mission/business processes will
be sustained during and after a significant disruption.
Business Impact Analysis (BIA) - Answers An analysis of an information system's requirements,
functions, and interdependencies used to characterize system contingency requirements and
priorities in the event of a significant disruption.
Byte - Answers The byte is a unit of digital information that most commonly consists of eight
bits.
Checksum - Answers A digit representing the sum of the correct digits in a piece of stored or
transmitted digital data, against which later comparisons can be made to detect errors in the
data.
Ciphertext - Answers The altered form of a plaintext message so it is unreadable for anyone
except the intended recipients. In other words, it has been turned into a secret.
Classification - Answers Classification identifies the degree of harm to the organization, its
stakeholders or others that might result if an information asset is divulged to an unauthorized
person, process or organization. In short, classification is focused first and foremost on
maintaining the confidentiality of the data, based on the data sensitivity.
