CSX Fundamentals Certificate Practice Quiz

The Cybersecurity Fundamentals Certificate is an ideal way to earn a certificate that showcases your knowledge and skills in this increasingly in-demand field. It tests your knowledge in five key areas: (1) Cybersecurity Concepts, (2) Cybersecurity Architecture Principles, (3) Security of Network, System, Application & Data, (4) Incident Response, and (5) Security of Evolving Technology.

ISACA has prepared the Cybersecurity Fundamentals practice quiz to help you gauge your knowledge in these key areas, and show you where you may have strengths and weaknesses. The practice quiz includes 25 sample questions. These questions have not/will not appear on the Cybersecurity Fundamentals Certificate exam, but serve as a representation of the types of questions you might expect to see on the exam. Please note, the results of the practice quiz do not guarantee or indicate success on the actual exam.

There are a number of additional tools available to help you prepare for the Cybersecurity Fundamentals Certificate exam. Make sure you consider the Cybersecurity Fundamentals Study Guide, and take a look at the resources available to you covering the Certificate and as part of our Cybersecurity Nexus program.

Tips for taking the Cybersecurity Fundamentals practice quiz:
  • If you do not know the answer to a question, do not guess; instead, skip the question so as not to bias your results. Unanswered questions will be counted as missed to give you a better indication for your areas of weakness.
  • After you complete the test, select "Check My Score" to receive your quiz results. Your results will consist of the percent correct in each exam content area.
  • You can retake the practice quiz as many times as you wish. However, before retaking the test, it is recommended that you review your prior results to study and learn more about the areas in which you were weakest. This process will help with obtaining a truer picture of your competency in the different subject areas.
Enter your name below so it displays on the quiz results page:


1. To which of the following layers of the Open Systems Interconnect (OSI) model would one map Ethernet?

2. Which of the following interpret requirements and apply them to specific situations?

3. Business continuity plans (BCPs) associated with organizational information systems should be developed primarily on the basis of:

4. A segmented network:

5. Which cybersecurity principle is most important when attempting to trace the source of malicious activity?

6. Which of the following offers the strongest protection for wireless network traffic?

7. Outsourcing poses the greatest risk to an organization when it involves:

8. Risk assessments should be performed:

9. Maintaining a high degree of confidence regarding the integrity of evidence requires a(n):

10. A firewall that tracks open connection-oriented protocol sessions is said to be:

11. During which phase of the system development lifecycle (SDLC) should security first be considered?

12. A cybersecurity architecture designed around the concept of a perimeter is said to be:

13. A passive network hub operates at which layer of the OSI model?

14. Updates in cloud-computing environments can be rolled out quickly because the environment is:

15. During which phase of the six-phase incident response model is the root cause determined?

16. The attack mechanism directed against a system is commonly called a(n):

17. Where should an organization’s network terminate virtual private network (VPN) tunnels?

18. In practical applications:

19. Which two factors are used to calculate the likelihood of an event?

20. What is one advantage of a firewall implemented in software over a firewall appliance?

21. A business continuity plan (BCP) is not complete unless it includes:

22. Under the US-CERT model for incident categorization, a CAT-3 incident refers to which of the following?

23. An interoperability error is what type of vulnerability?

24. Securing Supervisory Control and Data Acquisition (SCADA) systems can be challenging because they:

25. Virtual systems should be managed using a dedicated virtual local area network (VLAN) because: