















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
ALBERTA INFORMATION SECURITY ANALYST EXAM QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALE 2026 Q&A|INSTANT DOWNLOAD PDF
Typology: Exams
1 / 23
This page cannot be seen from the preview
Don't miss anything!
















1. What is the primary role of an Information Security Analyst? A. Develop software applications B. Monitor, detect, and respond to security threats C. Manage hardware inventory D. Design user interfaces Answer: B Rationale: Security analysts focus on identifying and responding to threats within systems and networks. 2. What is the CIA triad in cybersecurity? A. Control, Integrity, Authentication B. Confidentiality, Integrity, Availability C. Compliance, Inspection, Audit D. Cybersecurity, Identity, Access Answer: B Rationale: The CIA triad defines the core principles of information security. 3. What does confidentiality ensure? A. Data is always available B. Data is accessible only to authorized users C. Data is always encrypted D. Data is always backed up Answer: B Rationale: Confidentiality prevents unauthorized access to sensitive information.
4. What does integrity ensure? A. Data is deleted regularly B. Data remains accurate and unaltered C. Data is encrypted D. Data is compressed Answer: B Rationale: Integrity ensures data has not been tampered with. 5. What does availability ensure? A. Data is hidden B. Systems and data are accessible when needed C. Data is encrypted D. Data is archived Answer: B Rationale: Availability ensures authorized users can access systems when required. 6. What is multi-factor authentication (MFA)? A. One password login B. Multiple independent authentication methods C. No authentication required D. Hardware encryption only Answer: B Rationale: MFA strengthens security by requiring multiple verification factors. 7. What is phishing? A. System optimization technique B. Fraudulent attempt to steal sensitive information C. Database backup method D. Network configuration tool Answer: B Rationale: Phishing uses deceptive communication to steal credentials.
12. What is intrusion detection system (IDS)? A. Prevents attacks automatically B. Detects suspicious activity C. Encrypts data D. Stores backups Answer: B Rationale: IDS monitors systems for malicious activity. 13. What is intrusion prevention system (IPS)? A. Only detects threats B. Detects and blocks threats C. Encrypts traffic D. Logs events only Answer: B Rationale: IPS actively prevents detected attacks. 14. What is a vulnerability? A. A firewall rule B. A weakness in a system C. A backup system D. A password policy Answer: B Rationale: Vulnerabilities can be exploited by attackers. 15. What is patch management? A. Removing users B. Applying updates to fix vulnerabilities C. Encrypting files D. Blocking traffic Answer: B Rationale: Patching fixes security weaknesses in software.
16. What is encryption? A. Data deletion B. Converting data into unreadable format C. Data duplication D. System shutdown Answer: B Rationale: Encryption protects data confidentiality. 17. What is hashing? A. Encrypting files B. Producing fixed-length output for data integrity C. Compressing files D. Routing traffic Answer: B Rationale: Hashing ensures data has not been altered. 18. What is SSL/TLS used for? A. File storage B. Secure communication over networks C. Antivirus scanning D. Database management Answer: B Rationale: TLS encrypts data in transit. 19. What is a brute force attack? A. Network shutdown B. Trying all password combinations C. Encryption method D. Backup strategy Answer: B Rationale: Attackers attempt all possible credentials.
24. What is a zero-day vulnerability? A. Already patched flaw B. Unknown vulnerability with no fix C. Backup system D. Firewall rule Answer: B Rationale: Unknown and unpatched security flaw. 25. What is access control? A. Data compression B. Restricting access to resources C. Network routing D. File deletion Answer: B Rationale: Ensures only authorized users access systems. 26. What is least privilege? A. Full access for all users B. Minimum required permissions C. No authentication D. Open access Answer: B Rationale: Reduces risk by limiting permissions. 27. What is a DDoS attack? A. Data encryption B. Overloading a system with traffic C. Password reset D. Backup process Answer: B Rationale: Disrupts system availability.
28. What is network segmentation? A. Combining all networks B. Dividing networks into secure zones C. Removing firewalls D. Increasing bandwidth Answer: B Rationale: Limits spread of attacks. 29. What is a honeypot? A. Backup system B. Decoy system to trap attackers C. Firewall rule D. Encryption key Answer: B Rationale: Used to study attacker behavior. 30. What is incident response? A. Software development B. Handling and mitigating security incidents C. Network design D. File compression Answer: B Rationale: Structured response to cyber incidents. **31 – 80 CONTINUE (FULL EXAM SET)
Answer: B Rationale: Secures cloud environments.
36. What is API security? A. File compression B. Protecting application interfaces C. Database deletion D. DNS routing Answer: B Rationale: Prevents unauthorized API access. 37. What is credential stuffing? A. Password creation B. Using leaked credentials on multiple systems C. Encryption method D. Firewall rule Answer: B Rationale: Reuses stolen credentials. 38. What is session hijacking? A. Creating sessions B. Stealing active session tokens C. Encrypting sessions D. Deleting cookies Answer: B Rationale: Allows attackers to impersonate users. 39. What is data exfiltration? A. Data backup B. Unauthorized data transfer out of systems C. Encryption D. Compression
Answer: B Rationale: Stealing sensitive information.
40. What is secure coding? A. Writing insecure code B. Writing code resistant to attacks C. Deleting code D. Logging users Answer: B Rationale: Prevents vulnerabilities. 41. What is API rate limiting? A. Encrypting APIs B. Limiting number of API requests C. Blocking users D. Logging traffic Answer: B Rationale: Prevents abuse. 42. What is encryption key management? A. Sharing keys B. Secure storage and handling of keys C. Deleting keys D. Ignoring keys Answer: B Rationale: Ensures cryptographic security. 43. What is SIEM alerting used for? A. File storage B. Detecting suspicious activity C. Network routing D. DNS resolution
Answer: B Rationale: Adds extra security layers.
48. What is a botnet? A. Secure network B. Network of infected devices C. Firewall system D. Backup system Answer: B Rationale: Used in large-scale attacks. 49. What is secure configuration? A. Default insecure settings B. Hardened system settings C. Open access D. No authentication Answer: B Rationale: Reduces vulnerabilities. 50. What is threat modeling? A. Malware creation B. Identifying potential attack paths C. File encryption D. Backup design Answer: B Rationale: Predicts security risks. **51 – 80 (CONTINUED FULL FINAL BLOCK)
A. Deleting logs B. Recording cloud events C. Encrypting logs D. Compressing logs Answer: B Rationale: Tracks system activity.
52. What is privilege abuse? A. Proper access use B. Misuse of granted permissions C. Encryption method D. Backup system Answer: B Rationale: Insider misuse of access rights. 53. What is malware analysis? A. Data deletion B. Studying malicious software behavior C. Network routing D. File compression Answer: B Rationale: Helps understand threats. 54. What is ransomware defense? A. Ignoring backups B. Regular backups and segmentation C. Removing encryption D. Disabling antivirus Answer: B Rationale: Reduces impact of attacks. 55. What is secure backup?
A. System failure B. Following laws and standards C. Malware creation D. Network attack Answer: B Rationale: Ensures legal adherence.
60. What is cyber kill chain? A. Backup strategy B. Attack lifecycle model C. Encryption method D. Firewall rule Answer: B Rationale: Describes stages of cyberattacks. **61 – 80 FINAL BLOCK COMPLETE
63. What is insider threat? A. External hacker B. Trusted user misusing access C. Malware only D. Firewall rule Answer: B Rationale: Internal risk factor. 64. What is phishing protection? A. Ignoring emails B. User awareness and filtering tools C. Disabling internet D. Removing passwords Answer: B Rationale: Prevents social engineering attacks. 65. What is secure architecture? A. Random system design B. Security-focused system design C. Open access design D. No encryption Answer: B Rationale: Built to resist attacks. 66. What is secure system architecture? A. Random system design B. Designing systems with integrated security controls C. Disabling firewalls D. Allowing open access Answer: B Rationale: Secure architecture embeds security principles (defense-in-depth, least privilege) into system design.
71. What is business continuity planning (BCP)? A. System shutdown B. Ensuring business operations continue during disruptions C. Data deletion D. Network routing Answer: B Rationale: BCP ensures critical operations continue despite incidents. 72. What is disaster recovery (DR)? A. Preventing attacks B. Restoring systems after disruption C. Encrypting data D. Monitoring logs Answer: B Rationale: DR focuses on recovery after failures or attacks. 73. What is a security policy? A. Random guideline B. Formal rules governing security practices C. Backup system D. Firewall rule Answer: B Rationale: Policies define organizational security expectations. 74. What is acceptable use policy (AUP)? A. Data encryption rule B. Guidelines for proper system usage C. Backup policy D. Network configuration Answer: B Rationale: AUP defines how users should responsibly use systems.
75. What is data classification policy? A. Data deletion method B. Categorizing data based on sensitivity C. Encryption algorithm D. Firewall setting Answer: B Rationale: Helps apply appropriate protection levels. 76. What is security awareness training? A. Technical patching B. Educating users about security risks C. Network configuration D. Data compression Answer: B Rationale: Reduces human-related vulnerabilities like phishing. 77. What is incident escalation? A. Ignoring incidents B. Reporting incidents to higher authority levels C. Deleting logs D. Encrypting data Answer: B Rationale: Ensures serious incidents are handled appropriately. 78. What is a playbook in incident response? A. Game strategy B. Predefined steps for handling incidents C. Backup file D. Firewall rule Answer: B Rationale: Playbooks standardize response procedures.