iSACA Cybersecurity Fundamentals
Certification Exam. Latest 2025-2026.
Questions & Correct Verified Answers.
Graded A
Agile Development - ANSA software development methodology that
delivers functionality in rapid iterations, measured in weeks, requiring
frequent communication, development, testing, and delivery. It works
opportunities for reevaluation of the project within the project plan, allowing
for the schedule to be flexible and adaptable
Anti-forensics - ANSAn approach to manipulate, erase, or obfuscate digital
data or to make its examination difficult, time-consuming, or virtually
impossible
Application firewall systems - ANSDef: Allow information to flow between
systems but do not allow the direct exchange of packets. Provide greater
protection than packet filtering. Work at the application level of OSI model
Types:
1) Application level gateways - proxy for each service; impacts network
performance
2) Circuit level gateways - one proxy for all services; more efficient
1
,Advantages:
- Provide security for commonly used protocols
- generally hide network from outside untrusted networks
- ability to protect the entire network by limiting break-ins to the firewall
itself
- ability to examine and secure program code
Disadvantages:
- reduced performance and scalability as internet usage grows
Approaches to Cybersecurity Risk - ANSDependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Asset - ANSsomething of either tangible or intangible value that is worth
protecting
Asymmetric key - ANSpairs of unidirectional, complementary keys that only
encrypt or decrypt; one of these is secret and the other is publically known;
ideal for short messages (i.e. digital signatures, distribute symmetric keys)
2
, Advantages:
1) Easier distributing keys to untrusted, unknown users
2) Provides authentication/nonrepudiation - sender only knows the private
key
Disadvantages:
1) computationally intensive and slow
Attack Attributes - ANS1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
Attack vector - ANSThe path or route used to gain access to the target
(asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
Attack-signature-detection tools - ANSThese look for an attack signature,
which is a specific sequence of events indicative of an unauthorized access
attempt. A simple example would be repeated failed logon attempts.
Attrition - ANSAn attack that employs brute force methods to compromise,
degrade, or destroy systems, networks or services
3
Certification Exam. Latest 2025-2026.
Questions & Correct Verified Answers.
Graded A
Agile Development - ANSA software development methodology that
delivers functionality in rapid iterations, measured in weeks, requiring
frequent communication, development, testing, and delivery. It works
opportunities for reevaluation of the project within the project plan, allowing
for the schedule to be flexible and adaptable
Anti-forensics - ANSAn approach to manipulate, erase, or obfuscate digital
data or to make its examination difficult, time-consuming, or virtually
impossible
Application firewall systems - ANSDef: Allow information to flow between
systems but do not allow the direct exchange of packets. Provide greater
protection than packet filtering. Work at the application level of OSI model
Types:
1) Application level gateways - proxy for each service; impacts network
performance
2) Circuit level gateways - one proxy for all services; more efficient
1
,Advantages:
- Provide security for commonly used protocols
- generally hide network from outside untrusted networks
- ability to protect the entire network by limiting break-ins to the firewall
itself
- ability to examine and secure program code
Disadvantages:
- reduced performance and scalability as internet usage grows
Approaches to Cybersecurity Risk - ANSDependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Asset - ANSsomething of either tangible or intangible value that is worth
protecting
Asymmetric key - ANSpairs of unidirectional, complementary keys that only
encrypt or decrypt; one of these is secret and the other is publically known;
ideal for short messages (i.e. digital signatures, distribute symmetric keys)
2
, Advantages:
1) Easier distributing keys to untrusted, unknown users
2) Provides authentication/nonrepudiation - sender only knows the private
key
Disadvantages:
1) computationally intensive and slow
Attack Attributes - ANS1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
Attack vector - ANSThe path or route used to gain access to the target
(asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
Attack-signature-detection tools - ANSThese look for an attack signature,
which is a specific sequence of events indicative of an unauthorized access
attempt. A simple example would be repeated failed logon attempts.
Attrition - ANSAn attack that employs brute force methods to compromise,
degrade, or destroy systems, networks or services
3
