SE Study Guide 2026
Everything you need to pass the SE exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.
📚 SE Topics to Study (22)
✍️ Sample SE Questions & Answers
1. Which of the following best describes the primary goal of risk management?
The primary goal of risk management in cybersecurity is to identify and mitigate risks based on their potential impact and likelihood. It's often impractical to eliminate all risks, so the focus is on systematically assessing and prioritizing them. By understanding the potential consequences of various threats, security engineers can implement appropriate controls to reduce risks to an acceptable level, balancing security with business objectives.
2. What is the difference between a hash function and encryption?
Hash functions produce a fixed-length digest that cannot be reversed, while encryption transforms data that can be decrypted with the correct key.
3. What is a security baseline and how is it used?
A security baseline defines the minimum required configuration and controls for a class of systems, ensuring consistent protection across the environment.
4. What is the purpose of a Common Vulnerabilities and Exposures (CVE) identifier?
CVE IDs provide a standardized naming scheme so vendors, tools, and researchers refer to the same vulnerability consistently.
5. Which vulnerability occurs when an application passes user-controlled input to a system command interpreter without proper sanitization?
Command injection allows attackers to execute arbitrary OS commands by embedding them in user input that the application passes to a system shell.
6. What is the difference between business continuity planning (BCP) and disaster recovery planning (DRP)?
BCP is the broader plan to keep critical business functions running during any disruption, while DRP is the technical subset focused on recovering IT infrastructure.