top of page
  • DTP Success Team

DSST Fundamentals of Cybersecurity Study Guide

Updated: Aug 18

Welcome to our DSST Fundamentals of Cybersecurity study guide!

Our guide will help you prepare for your final DSST Cybersecurity exam.

We will give you a preview of the possible topics covered in your exam.

Study smart, and good luck!

Table of Contents

  1. Application & Systems Security

  2. Authentication, Authorization, & Access Controls

  3. Compliance & Governance

  4. Operational Security

  5. Conclusion

  6. Student Resources

  7. References

1. Application & Systems Security

DSST Fundamentals of Cybersecurity Exam Outline. Application & Systems Security – 15%.
Application & Systems Security – 15%

Application and systems security

Information security is paramount in today's world.

Application and systems security are two critical components of a comprehensive security strategy.

Application security protects software from attack, while system security safeguards the underlying hardware and operating system.

These two disciplines ensure that businesses maintain their data's confidentiality, integrity, and availability.

The Triad

The Triad is a framework for thinking about information security.

It maintains three objectives of security: confidentiality, integrity, and availability.

Businesses must implement controls to protect against administrative, physical, and technical threats.

Accountability and non-repudiation

Accountability and non-repudiation are two crucial concepts in information security.

Accountability means that users can be held responsible for their actions.

Non-repudiation means that users cannot deny having taken action.

These concepts help ensure that businesses can trust their data.


Cryptography is the science of secret writing.

It is used to protect information from unauthorized access and to ensure its confidentiality.

Cryptography is a critical security component, as it can protect data in transit and at rest.

The security development life cycle (SDLC)

The security development life cycle (SDLC) is a process for developing secure software.

It includes identifying security requirements, designing security controls, and testing vulnerabilities.

Implementing an SDLC can help businesses ensure that their software is developed with security.

Best practices for migration from development to production environments help to ensure that data is adequately protected as it moves from one stage of the software development process to the next.

These practices include verifying security controls, encrypting data in transit, and ensuring that only authorized users can access production systems.

Anti-virus protection

Anti-virus protection and malware detection are two essential tools for keeping data safe.

Anti-virus software helps to protect against the execution of malicious code, while malware detection can help to identify and remove malicious software from systems.

Software development (Dev) and IT operations (Ops)

Software development (Dev) and IT operations (Ops) are critical organizational functions.

SecOps is a term used to describe the intersection of these two disciplines, focusing on security.

DevOps is a similar concept but emphasizes the collaboration between developers and operations staff.

Implementing a DevOps or SecOps approach can help businesses improve their software development process and reduce the risk of security vulnerabilities.

DSST Fundamentals of Cybersecurity Trivia Question #133

2. Authentication, Authorization, & Access Controls

DSST Fundamentals of Cybersecurity Exam Outline. Authentication, Authorization, & Access Controls – 12%.
Authentication, Authorization, & Access Controls – 12%


Authentication verifies a user's identity, while authorization determines what resources that user can access.

Authentication is typically accomplished through passwords, although other methods, such as two-factor authentication (2FA), are becoming more common.

Role-Based Access Control (RBAC)

Authorization usually relies on role-based access control (RBAC), which assigns users to specific roles with defined permissions.

Intrusion Detection Systems (IDS).

Access Controls

Access controls, such as firewalls and intrusion detection systems (IDS), help to protect resources from unauthorized access.

Identity and access management (IAM) is a comprehensive approach to managing users and their permissions.

IAM solutions often include features such as Single Sign-On (SSO), which allows users to access multiple applications with a single set of credentials.

Organizations must carefully balance security with usability when implementing authentication, authorization, and access control measures.

Too much security can make it difficult for legitimate users to access the resources they need, while too little security can leave an organization vulnerable to attack.

Finding the right balance requires a deep understanding of the threats faced by an organization and the importance of the resources that need to be protected.

3. Compliance & Governance

DSST Fundamentals of Cybersecurity Exam Outline. Compliance & Governance – 12%.
Compliance & Governance – 12%


A company's compliance and governance procedures are vital to its operations.

A company is vulnerable to data breaches and other cybersecurity threats without a well-defined security architecture.

Audits and Risk

Audits and risk assessments help to identify weaknesses in a company's security systems, while outsourcing can provide access to specialized expertise.

Ethics and legal considerations

Ethics and legal considerations are also important when developing compliance and governance policies.

A company must balance its need for security with the rights of its employees and customers.

By taking a holistic approach to compliance and governance, a company can protect itself from risks while respecting individuals' rights.

DSST Fundamentals of Cybersecurity Trivia Question #313

4. Operational Security

DSST Fundamentals of Cybersecurity Exam Outline. Operational Security – 10%.
Operational Security – 10%

Policies, Standards, and Procedures

A secure and well-monitored production environment is critical to the success of any organization.

Policies, standards, and procedures must be in place to ensure that all data and systems are protected from unauthorized access or modifications.

In addition, regular monitoring of the production environment is necessary to identify any potential security breaches.

By taking these measures, organizations can help to safeguard their data and systems and ensure the continued success of their operations.

5. Conclusion: DSST Fundamentals of Cybersecurity

We hope that you found our Cybersecurity study guide helpful.

Take your studies to the next level, and try a free practice exam or take our Cybersecurity preparation course.

With realistic practice questions, you'll be ready for your exam.

Happy testing, and good luck!

DSST Fundamentals of Cybersecurity Trivia Question #758

6. Student Resources

7. References

DSST Fundamentals of Cybersecurity Fact Sheet

DSST Fundamentals of Cybersecurity Fact Sheet
Download PDF • 210KB

bottom of page