Cyber Security Jobs Cheat Sheet 2026
The 30 highest-yield Cyber Security Jobs facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
- Which document records identified risks, their severity, and treatment decisions? → Risk register
- What is the purpose of a Business Continuity Plan (BCP)? → Keep critical operations running during a disruption
- What is a honeypot in network security? → A decoy system designed to attract and detect attackers
- An incident response plan typically defines phases. Which sequence is correct? → Preparation, Detection, Containment, Eradication, Recovery, Lessons Learned
- What is the main goal of a zero-trust security model? → Verify every access request regardless of location
- What is the main function of endpoint detection and response (EDR)? → Monitor and respond to threats on devices
- What is the purpose of a risk assessment in a compliance program? → Identify, analyze, and prioritize risks to determine appropriate security controls
- Why is security awareness training important for employees? → Humans are often the weakest link in security
- What is a VPN primarily used for in a corporate environment? → Encrypting remote connections to protect data in transit
- Which US government agency is a major employer of cyber security professionals and operates the National Cybersecurity and Communications Integration Center? → CISA
- What does the acronym CISO stand for in a corporate security structure? → Chief Information Security Officer
- An organization wants a single document that defines acceptable use, access rules, and consequences for employees. Which artifact is this? → Security policy
- What is a man-in-the-middle (MITM) attack? → An attacker secretly intercepts and relays communication between two parties
- Which certification is typically required for senior US government cyber security roles under DoD 8570/8140? → CISSP
- Which tool monitors a network for suspicious activity and alerts staff? → Intrusion detection system (IDS)
- Which of the following attacks involves the self-replication of a carrier file? → Virus
- What is a security audit? → A systematic evaluation of an organization's security posture against a defined standard
- Why should default vendor passwords be changed immediately? → They are publicly known and easily exploited
- Which certification is widely regarded as the gold standard for penetration testers? → OSCP (Offensive Security Certified Professional)
- What is a runbook in incident response? → A documented step-by-step procedure for responding to specific incident types
- What is the primary purpose of an access control review (recertification)? → Confirm users still need their current access rights
- A risk assessment determines that a threat is likely and impactful. The organization buys cyber insurance. This is an example of: → Risk transfer
- Which framework is most commonly used in the US to organize cybersecurity risk management across functions like Identify, Protect, Detect, Respond, and Recover? → NIST Cybersecurity Framework
- Which wireless security protocol replaced WEP due to its known vulnerabilities? → WPA2
- What does VLAN stand for and what is its security benefit? → Virtual Local Area Network; it separates traffic to isolate sensitive systems
- Which soft skill is repeatedly ranked as critical for cyber security leadership roles? → Ability to communicate technical risks to non-technical executives
- What is the purpose of a post-incident review (PIR)? → Document lessons learned to improve future incident response
- Why is a 'salt' added to a password before hashing it? → To prevent rainbow table attacks
- Which log source is typically first analyzed when investigating a Windows compromise? → Windows Event Logs
- What is the purpose of multi-factor authentication (MFA) in an organization? → Require more than one proof of identity to reduce account compromise
Turn these facts into recall: