CYBER SECURITY FUNDAMENTALS EXAM
2 2025/2026 WITH 100% ACCURATE
ANSWERS
1. Risk is the likelihood that unplanned events will occur and impact the
achievement of strategy and business objectives. Residual risk is defined as:
Risks that can be demonstrated quantitatively using mathematics and
actual historical data or predictive data modeling.
The risk level or exposure that exists before any actions (e.g.,
implementing controls) are taken, or might be taken, to mitigate the
risk.
Risks that can be described qualitatively in terms of magnitudes in
relation to other similar events or states.
The remaining, potential risk after all mitigation and control
measures are applied.
2. Which of the following is the BEST definition of an alert?
An alert is a communication received by operational tools regarding
possible incidents.
An alert is an electronic notification of a change, incident or
problem that requires identification and logging
An alert is a notification regarding an incident that has occurred.
An alert is a notification that a threshold has been reached,
something has changed or a failure has occurred.
3. What is the primary purpose of the Metasploit Framework in penetration
,testing?
To provide a user interface for network monitoring
, To manage firewall configurations
To encrypt sensitive data during transmission
To automate the custom exploitation of vulnerable systems
4. What term is often used to refer to best business practices in information
security?
Security protocols
Operational guidelines
Compliance standards
Recommended practices
5. In a scenario where a security policy has not been reviewed for five years,
what action should be taken according to best practices?
Implement a sunset clause to review or terminate the policy.
Create a new policy without reviewing the old one.
Ignore the policy since it has been in place for a long time.
Continue using the policy as is without changes.
6. What is residual risk about?
It is the risk that remains after the implementation of
countermeasures and safeguards.
It is the risk associated to residual parts of the system.
It is the highest risk that an asset can take.
It is something that managers should not be concerned about.
, 7. Discuss why the statement 'best practices change very little over time' is
considered false in the context of information security.
Best practices remain static because they are based on historical
data.
Best practices are universally applicable without modification.
Best practices are only relevant for a short period.
Best practices in information security evolve rapidly due to
emerging threats and technologies.
8. Barb just witnessed a mugging and is brought to the police station to
identify the suspect. If Barb is shown one person at time and asked after
viewing each person if that person is the suspect, this is called a _______
lineup.
false positive
simultaneous
traditional
sequential
9. A network that uses public networks and their protocols to send sensitive
data to partners, customers, suppliers and employees
Virtual Private network
Public network extranet
Private network Extranet
2 2025/2026 WITH 100% ACCURATE
ANSWERS
1. Risk is the likelihood that unplanned events will occur and impact the
achievement of strategy and business objectives. Residual risk is defined as:
Risks that can be demonstrated quantitatively using mathematics and
actual historical data or predictive data modeling.
The risk level or exposure that exists before any actions (e.g.,
implementing controls) are taken, or might be taken, to mitigate the
risk.
Risks that can be described qualitatively in terms of magnitudes in
relation to other similar events or states.
The remaining, potential risk after all mitigation and control
measures are applied.
2. Which of the following is the BEST definition of an alert?
An alert is a communication received by operational tools regarding
possible incidents.
An alert is an electronic notification of a change, incident or
problem that requires identification and logging
An alert is a notification regarding an incident that has occurred.
An alert is a notification that a threshold has been reached,
something has changed or a failure has occurred.
3. What is the primary purpose of the Metasploit Framework in penetration
,testing?
To provide a user interface for network monitoring
, To manage firewall configurations
To encrypt sensitive data during transmission
To automate the custom exploitation of vulnerable systems
4. What term is often used to refer to best business practices in information
security?
Security protocols
Operational guidelines
Compliance standards
Recommended practices
5. In a scenario where a security policy has not been reviewed for five years,
what action should be taken according to best practices?
Implement a sunset clause to review or terminate the policy.
Create a new policy without reviewing the old one.
Ignore the policy since it has been in place for a long time.
Continue using the policy as is without changes.
6. What is residual risk about?
It is the risk that remains after the implementation of
countermeasures and safeguards.
It is the risk associated to residual parts of the system.
It is the highest risk that an asset can take.
It is something that managers should not be concerned about.
, 7. Discuss why the statement 'best practices change very little over time' is
considered false in the context of information security.
Best practices remain static because they are based on historical
data.
Best practices are universally applicable without modification.
Best practices are only relevant for a short period.
Best practices in information security evolve rapidly due to
emerging threats and technologies.
8. Barb just witnessed a mugging and is brought to the police station to
identify the suspect. If Barb is shown one person at time and asked after
viewing each person if that person is the suspect, this is called a _______
lineup.
false positive
simultaneous
traditional
sequential
9. A network that uses public networks and their protocols to send sensitive
data to partners, customers, suppliers and employees
Virtual Private network
Public network extranet
Private network Extranet
