Cyber Security Jobs Cheat Sheet 2026

The 30 highest-yield Cyber Security Jobs facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

  1. Which document records identified risks, their severity, and treatment decisions? Risk register
  2. What is the purpose of a Business Continuity Plan (BCP)? Keep critical operations running during a disruption
  3. What is a honeypot in network security? A decoy system designed to attract and detect attackers
  4. An incident response plan typically defines phases. Which sequence is correct? Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned
  5. What is the main goal of a zero-trust security model? Verify every access request regardless of location
  6. What is the main function of endpoint detection and response (EDR)? Monitor and respond to threats on devices
  7. What is the purpose of a risk assessment in a compliance program? Identify, analyze, and prioritize risks to determine appropriate security controls
  8. Why is security awareness training important for employees? Humans are often the weakest link in security
  9. What is a VPN primarily used for in a corporate environment? Encrypting remote connections to protect data in transit
  10. Which US government agency is a major employer of cyber security professionals and operates the National Cybersecurity and Communications Integration Center? CISA
  11. What does the acronym CISO stand for in a corporate security structure? Chief Information Security Officer
  12. An organization wants a single document that defines acceptable use, access rules, and consequences for employees. Which artifact is this? Security policy
  13. What is a man-in-the-middle (MITM) attack? An attacker secretly intercepts and relays communication between two parties
  14. Which certification is typically required for senior US government cyber security roles under DoD 8570/8140? CISSP
  15. Which tool monitors a network for suspicious activity and alerts staff? Intrusion detection system (IDS)
  16. Which of the following attacks involves the self-replication of a carrier file? Virus
  17. What is a security audit? A systematic evaluation of an organization's security posture against a defined standard
  18. Why should default vendor passwords be changed immediately? They are publicly known and easily exploited
  19. Which certification is widely regarded as the gold standard for penetration testers? OSCP (Offensive Security Certified Professional)
  20. What is a runbook in incident response? A documented step-by-step procedure for responding to specific incident types
  21. What is the primary purpose of an access control review (recertification)? Confirm users still need their current access rights
  22. A risk assessment determines that a threat is likely and impactful. The organization buys cyber insurance. This is an example of: Risk transfer
  23. Which framework is most commonly used in the US to organize cybersecurity risk management across functions like Identify, Protect, Detect, Respond, and Recover? NIST Cybersecurity Framework
  24. Which wireless security protocol replaced WEP due to its known vulnerabilities? WPA2
  25. What does VLAN stand for and what is its security benefit? Virtual Local Area Network; it separates traffic to isolate sensitive systems
  26. Which soft skill is repeatedly ranked as critical for cyber security leadership roles? Ability to communicate technical risks to non-technical executives
  27. What is the purpose of a post-incident review (PIR)? Document lessons learned to improve future incident response
  28. Why is a 'salt' added to a password before hashing it? To prevent rainbow table attacks
  29. Which log source is typically first analyzed when investigating a Windows compromise? Windows Event Logs
  30. What is the purpose of multi-factor authentication (MFA) in an organization? Require more than one proof of identity to reduce account compromise