You should prepare questions around: • CIA triad (confidentiality, integrity, availability) • Authentication vs authorization vs accounting • Non-repudiation and hashing • Risk management concepts • Threat actors (APT, insider, hacktivist, script kiddie, state-sponsored) • Zero trust architecture • Physical security controls (guards, bollards, mantraps, Faraday cage) • Security control types (administrative, technical, physical) • Qualitative vs quantitative risk analysis Type of exam questions • Identify the security principle being violated. • Choose the best control to implement for a given scenario.