SE Cheat Sheet 2026
The 30 highest-yield SE facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
- Which firewall type inspects traffic at the application layer and understands specific protocols like HTTP and FTP? → Application-layer (proxy) firewall
- A client wants to test only their web application login portal without testing the underlying infrastructure. What type of engagement is this? → Targeted / focused penetration test
- Which of the following best describes a 'cryptographic failure' as defined by OWASP? → Failing to encrypt sensitive data or using weak/broken cryptographic algorithms
- What is privilege creep, and why is it a security concern? → The gradual accumulation of excessive access rights over time, beyond what a role requires
- What is the recommended approach for secure session management after a user successfully authenticates? → Generate a new session ID and set appropriate expiration after login
- Which HTTP security header instructs browsers to only access the site over HTTPS and prevents protocol downgrade attacks? → Strict-Transport-Security (HSTS)
- What is the purpose of salting a password before hashing? → Prevent precomputed (rainbow table) attacks by making each hash unique
- What is the purpose of continuous security monitoring? → To detect, investigate, and respond to security threats in real-time
- Which of the following techniques are commonly used in threat identification? → Vulnerability Scanning
- Which OAuth 2.0 grant type is recommended for server-to-server API authentication without user interaction? → Client Credentials
- What is the main advantage of using out-of-band management networks for network devices? → Management access remains available even if the production network is compromised or down
- Which type of encryption uses the same key for both encryption and decryption? → Symmetric encryption
- What is a false positive in the context of vulnerability scanning? → A reported vulnerability that does not actually exist in the target
- In a PKI hierarchy, what is the role of an Intermediate CA? → It issues end-entity certificates, insulating the Root CA from direct exposure
- Why is insecure deserialization considered a critical application security risk? → Deserializing untrusted data can lead to remote code execution or privilege escalation
- Which technique splits outbound traffic so that only traffic destined for the VPN tunnel is encrypted, while other traffic goes directly to the internet? → Split tunneling
- What security principle requires each application component to operate with only the minimum permissions necessary to perform its function? → Principle of Least Privilege
- An attacker sends thousands of SYN packets to a server without completing the TCP handshake. What type of attack is this? → SYN flood (DoS)
- A security engineer wants to prevent email spoofing for a domain. Which combination of DNS records is most effective? → SPF + DKIM + DMARC
- Which architecture pattern places all security enforcement at a single point through which all access must pass? → Choke point / complete mediation
- During a secure code review of a web application, which area is MOST critical to examine for high-severity vulnerabilities? → Input handling, output encoding, and authentication and authorization logic
- A tester has no prior knowledge of the target environment. Which type of penetration test is this? → Black-box test
- Which federation protocol is most commonly used for SSO between web applications using XML-based assertions? → SAML 2.0
- Which authentication factor category does a hardware security key (e.g., YubiKey) belong to? → Something you have
- Which attack exploits a weakness in the ARP protocol to intercept traffic between two hosts on the same network? → ARP spoofing (poisoning)
- What is the purpose of a Privileged Access Workstation (PAW)? → Provide a hardened, dedicated workstation for performing privileged administrative tasks
- What is a security baseline and how is it used? → A documented minimum set of security controls all systems must implement
- What does certificate pinning accomplish in a mobile application? → Restricts the app to accept only specific certificates, preventing MITM via rogue CAs
- Which STRIDE category describes an attacker gaining capabilities or permissions beyond what was intended? → Elevation of privilege
- Which of the following is a qualitative method used in risk assessment? → Risk Scoring Matrix
Turn these facts into recall: