SE Cheat Sheet 2026

The 30 highest-yield SE facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

  1. Which firewall type inspects traffic at the application layer and understands specific protocols like HTTP and FTP? Application-layer (proxy) firewall
  2. A client wants to test only their web application login portal without testing the underlying infrastructure. What type of engagement is this? Targeted / focused penetration test
  3. Which of the following best describes a 'cryptographic failure' as defined by OWASP? Failing to encrypt sensitive data or using weak/broken cryptographic algorithms
  4. What is privilege creep, and why is it a security concern? The gradual accumulation of excessive access rights over time, beyond what a role requires
  5. What is the recommended approach for secure session management after a user successfully authenticates? Generate a new session ID and set appropriate expiration after login
  6. Which HTTP security header instructs browsers to only access the site over HTTPS and prevents protocol downgrade attacks? Strict-Transport-Security (HSTS)
  7. What is the purpose of salting a password before hashing? Prevent precomputed (rainbow table) attacks by making each hash unique
  8. What is the purpose of continuous security monitoring? To detect, investigate, and respond to security threats in real-time
  9. Which of the following techniques are commonly used in threat identification? Vulnerability Scanning
  10. Which OAuth 2.0 grant type is recommended for server-to-server API authentication without user interaction? Client Credentials
  11. What is the main advantage of using out-of-band management networks for network devices? Management access remains available even if the production network is compromised or down
  12. Which type of encryption uses the same key for both encryption and decryption? Symmetric encryption
  13. What is a false positive in the context of vulnerability scanning? A reported vulnerability that does not actually exist in the target
  14. In a PKI hierarchy, what is the role of an Intermediate CA? It issues end-entity certificates, insulating the Root CA from direct exposure
  15. Why is insecure deserialization considered a critical application security risk? Deserializing untrusted data can lead to remote code execution or privilege escalation
  16. Which technique splits outbound traffic so that only traffic destined for the VPN tunnel is encrypted, while other traffic goes directly to the internet? Split tunneling
  17. What security principle requires each application component to operate with only the minimum permissions necessary to perform its function? Principle of Least Privilege
  18. An attacker sends thousands of SYN packets to a server without completing the TCP handshake. What type of attack is this? SYN flood (DoS)
  19. A security engineer wants to prevent email spoofing for a domain. Which combination of DNS records is most effective? SPF + DKIM + DMARC
  20. Which architecture pattern places all security enforcement at a single point through which all access must pass? Choke point / complete mediation
  21. During a secure code review of a web application, which area is MOST critical to examine for high-severity vulnerabilities? Input handling, output encoding, and authentication and authorization logic
  22. A tester has no prior knowledge of the target environment. Which type of penetration test is this? Black-box test
  23. Which federation protocol is most commonly used for SSO between web applications using XML-based assertions? SAML 2.0
  24. Which authentication factor category does a hardware security key (e.g., YubiKey) belong to? Something you have
  25. Which attack exploits a weakness in the ARP protocol to intercept traffic between two hosts on the same network? ARP spoofing (poisoning)
  26. What is the purpose of a Privileged Access Workstation (PAW)? Provide a hardened, dedicated workstation for performing privileged administrative tasks
  27. What is a security baseline and how is it used? A documented minimum set of security controls all systems must implement
  28. What does certificate pinning accomplish in a mobile application? Restricts the app to accept only specific certificates, preventing MITM via rogue CAs
  29. Which STRIDE category describes an attacker gaining capabilities or permissions beyond what was intended? Elevation of privilege
  30. Which of the following is a qualitative method used in risk assessment? Risk Scoring Matrix
Turn these facts into recall: