ISACA Studying CyberSecurity
Fundamentals Test Bank. Latest 2025-
2026. Questions & Correct Verified
Answers. Graded A
____ are solutions to software programming and coding errors - ANS
Patches
_____ is a class of malware that hides the existence of other malware by
modifying the underlying operating system - ANSRootkit
______ communicates required and prohibited activities and behaviors -
ANSPolicies
______ contain step-by-step instructions to carry out procedures -
ANSGuidelines
_______ includes many components such as directory services,
authentication and authorization services, and user management
capabilities such as provisioning and deprovisioning - ANSIdentity
Management
_______ provides details on how to comply with policies and standards. -
ANSProcedures
1
,________ also called malicious code, is software designed to gain access
to targeted computer systems. steal info or disrupt computer operations. -
ANSMalware
_________ are used to interpret policies in specific situations -
ANSStandards
____________________ is defined as "a model for enabling convenient,
on-demand network access to a shared pool of configurable resources
(e.g., networks, servers, storage, applications and services) that can be
rapidly provisioned and released with minimal management or service
provider interaction."
a. Software as a Service (SaaS)
b. Cloud computing
c. Big data
d. Platform as a Service (PaaS) - ANSB. Cloud Computing
A _______ is something of value worth protecting. - ANSAsset
A ________ is anything capable of acting against an asset in a manner that
can cause harm. - ANSThreat
A _________ is a weakness in the design, implementation, operation or
internal controls in a process that could be exploited to violate the system
security - ANSvulnerability
A router is at what layer of the OSI model - ANSNetwork
2
, A security architecture which emphasizes the protection of data regardless
of its location - ANSData Centric
A violation or immanent threat of violation of a computer security policies or
standard security practices.
A) Threat
B) Event
C) Incident - ANSC) Incident
Access control policy - ANSprovides proper access to internal and external
stakeholders to accomplish business goals. examples:
-number of access violations that exceed the amount allowed
- amount of work disruption due to insufficient access rights
- number of segregation of duties incidents or audit findings
adversarial vs non adversarial threats - ANSadversarial= human mande
threat
non adversarial = error, malfunction or mishap
Any change, error or interruption within an IT infrastructure such as a
system crash, disk error or a user forgetting their password.
A) Occurrence
B) Incident
C)Event - ANSC) Event
3
Fundamentals Test Bank. Latest 2025-
2026. Questions & Correct Verified
Answers. Graded A
____ are solutions to software programming and coding errors - ANS
Patches
_____ is a class of malware that hides the existence of other malware by
modifying the underlying operating system - ANSRootkit
______ communicates required and prohibited activities and behaviors -
ANSPolicies
______ contain step-by-step instructions to carry out procedures -
ANSGuidelines
_______ includes many components such as directory services,
authentication and authorization services, and user management
capabilities such as provisioning and deprovisioning - ANSIdentity
Management
_______ provides details on how to comply with policies and standards. -
ANSProcedures
1
,________ also called malicious code, is software designed to gain access
to targeted computer systems. steal info or disrupt computer operations. -
ANSMalware
_________ are used to interpret policies in specific situations -
ANSStandards
____________________ is defined as "a model for enabling convenient,
on-demand network access to a shared pool of configurable resources
(e.g., networks, servers, storage, applications and services) that can be
rapidly provisioned and released with minimal management or service
provider interaction."
a. Software as a Service (SaaS)
b. Cloud computing
c. Big data
d. Platform as a Service (PaaS) - ANSB. Cloud Computing
A _______ is something of value worth protecting. - ANSAsset
A ________ is anything capable of acting against an asset in a manner that
can cause harm. - ANSThreat
A _________ is a weakness in the design, implementation, operation or
internal controls in a process that could be exploited to violate the system
security - ANSvulnerability
A router is at what layer of the OSI model - ANSNetwork
2
, A security architecture which emphasizes the protection of data regardless
of its location - ANSData Centric
A violation or immanent threat of violation of a computer security policies or
standard security practices.
A) Threat
B) Event
C) Incident - ANSC) Incident
Access control policy - ANSprovides proper access to internal and external
stakeholders to accomplish business goals. examples:
-number of access violations that exceed the amount allowed
- amount of work disruption due to insufficient access rights
- number of segregation of duties incidents or audit findings
adversarial vs non adversarial threats - ANSadversarial= human mande
threat
non adversarial = error, malfunction or mishap
Any change, error or interruption within an IT infrastructure such as a
system crash, disk error or a user forgetting their password.
A) Occurrence
B) Incident
C)Event - ANSC) Event
3
