Information Security: CIA Triad, Threats, Vulnerabilities, and Risk Management, Exams of Technology

A comprehensive set of multiple-choice questions and answers covering key concepts in information security. topics include the cia triad (confidentiality, integrity, availability), threats, vulnerabilities, risk management, and related frameworks. the questions are designed to test understanding of fundamental principles and best practices in protecting information assets.

Typology: Exams

2024/2025

Available from 04/19/2025

nicky-jone
nicky-jone 🇮🇳

2.9

(44)

28K documents

1 / 47

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
EITCA IS EITCA INFORMATION TECHNOLOGIES SECURITY
PROGRAMME Exam
Q1: What is the primary goal of information security?
A. To enhance system speed
B. To protect the confidentiality, integrity, and availability of information
C. To reduce operational expenses
D. To improve network connectivity
Answer: B
Explanation: Information security ensures that data remains confidential, accurate, and available to
authorized users.
Q2: Which of the following is NOT a component of the CIA triad?
A. Confidentiality
B. Integrity
C. Availability
D. Accountability
Answer: D
Explanation: The CIA triad includes confidentiality, integrity, and availability; accountability is not part of
this model.
Q3: What does confidentiality in information security ensure?
A. That data remains accessible to everyone
B. That data is not altered or destroyed
C. That data is only accessible to authorized individuals
D. That data is backed up regularly
Answer: C
Explanation: Confidentiality restricts data access only to those with proper authorization.
Q4: Integrity in information security is best described as:
A. Preventing unauthorized data access
B. Ensuring data remains accurate and unaltered
C. Maintaining data availability during disruptions
D. Encrypting data during transmission
Answer: B
Explanation: Integrity means that data is accurate, complete, and unmodified during storage,
transmission, or processing.
Q5: What does availability mean in the context of information security?
A. Data is encrypted at all times
B. Data is accessible only by authorized users
C. Data is reliable and accessible when needed
D. Data is backed up in multiple locations
Answer: C
Explanation: Availability ensures that authorized users have reliable and timely access to information.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f

Partial preview of the text

Download Information Security: CIA Triad, Threats, Vulnerabilities, and Risk Management and more Exams Technology in PDF only on Docsity!

EITCA IS EITCA INFORMATION TECHNOLOGIES SECURITY

PROGRAMME Exam

Q1: What is the primary goal of information security? A. To enhance system speed B. To protect the confidentiality, integrity, and availability of information C. To reduce operational expenses D. To improve network connectivity Answer: B Explanation: Information security ensures that data remains confidential, accurate, and available to authorized users. Q2: Which of the following is NOT a component of the CIA triad? A. Confidentiality B. Integrity C. Availability D. Accountability Answer: D Explanation: The CIA triad includes confidentiality, integrity, and availability; accountability is not part of this model. Q3: What does confidentiality in information security ensure? A. That data remains accessible to everyone B. That data is not altered or destroyed C. That data is only accessible to authorized individuals D. That data is backed up regularly Answer: C Explanation: Confidentiality restricts data access only to those with proper authorization. Q4: Integrity in information security is best described as: A. Preventing unauthorized data access B. Ensuring data remains accurate and unaltered C. Maintaining data availability during disruptions D. Encrypting data during transmission Answer: B Explanation: Integrity means that data is accurate, complete, and unmodified during storage, transmission, or processing. Q5: What does availability mean in the context of information security? A. Data is encrypted at all times B. Data is accessible only by authorized users C. Data is reliable and accessible when needed D. Data is backed up in multiple locations Answer: C Explanation: Availability ensures that authorized users have reliable and timely access to information.

Q6: Which of the following best defines a threat in information security? A. A deliberate action by an attacker to compromise security B. An inherent flaw in a system C. A system safeguard D. An unintentional mistake by a user Answer: A Explanation: A threat is a potential danger from a deliberate attack that exploits system vulnerabilities. Q7: In information security, what is a vulnerability? A. A measure to protect data B. A potential weakness in a system that can be exploited C. A type of malware D. A regulatory compliance requirement Answer: B Explanation: Vulnerabilities are weaknesses that may be exploited by threats to compromise a system’s security. Q8: Which model is widely used to describe the key principles of information security? A. OSI Model B. CIA Triad C. Agile Model D. SDLC Answer: B Explanation: The CIA Triad (Confidentiality, Integrity, Availability) is fundamental in framing information security concepts. Q9: What is the purpose of security standards and models like the Parkerian Hexad? A. To improve system performance B. To define extended security principles beyond the CIA triad C. To streamline software development D. To optimize network traffic Answer: B Explanation: The Parkerian Hexad expands the basic CIA model by adding elements such as possession, authenticity, and utility. Q10: Which of the following is a common type of threat to IT systems? A. Hardware upgrades B. Phishing attacks C. Software licensing D. User training Answer: B Explanation: Phishing attacks deceive users into providing sensitive data and are a frequent cyber threat. Q11: Why is information security crucial for IT systems? A. It ensures maximum profitability B. It protects data and maintains trust in systems C. It simplifies network management

Q17: Which of the following best describes the term “cyber threat”? A. A natural disaster affecting data centers B. A deliberate attempt to compromise information systems using digital means C. A routine maintenance activity D. An upgrade to system hardware Answer: B Explanation: Cyber threats are intentional attacks conducted via digital channels to compromise systems. Q18: What is the primary purpose of risk management in information security? A. To eliminate all security threats B. To identify, assess, and mitigate potential risks C. To develop new software features D. To increase network speed Answer: B Explanation: Risk management aims to systematically identify and address potential risks to secure information assets. Q19: What does a risk assessment process typically involve? A. Only technical system evaluations B. Identifying assets, threats, and vulnerabilities C. Upgrading hardware regularly D. Increasing marketing efforts Answer: B Explanation: A risk assessment identifies critical assets, potential threats, and vulnerabilities to gauge risk levels. Q20: Which of the following is an example of a qualitative risk analysis? A. Calculating the exact monetary loss of a breach B. Describing risks using categories like high, medium, or low C. Using statistical models for risk prediction D. Conducting a forensic investigation Answer: B Explanation: Qualitative analysis assesses risk based on descriptive measures rather than precise numerical data. Q21: What is a key benefit of performing a Business Impact Analysis (BIA)? A. It reduces system performance B. It identifies critical business functions and the impact of disruptions C. It eliminates the need for security policies D. It improves software development speed Answer: B Explanation: BIA helps determine which business functions are vital and how disruptions could affect them. Q22: Which risk treatment option involves reducing the likelihood or impact of a risk? A. Risk acceptance

B. Risk transference C. Risk mitigation D. Risk avoidance Answer: C Explanation: Risk mitigation focuses on implementing measures that lessen either the chance of occurrence or the impact of a risk. Q23: What is risk transference? A. Ignoring a risk completely B. Shifting the risk to another party, such as through insurance C. Eliminating the risk entirely D. Increasing the risk intentionally Answer: B Explanation: Risk transference moves the burden of risk to a third party, often via insurance or outsourcing. Q24: Which framework is commonly used for risk management in information security? A. ITIL B. ISO/IEC 27005 C. Agile D. Waterfall Answer: B Explanation: ISO/IEC 27005 offers guidelines for effective risk management in information security. Q25: What is a primary step in the risk assessment process? A. Implementing encryption algorithms B. Identifying assets and potential threats C. Purchasing new hardware D. Hiring additional staff Answer: B Explanation: Recognizing assets, threats, and vulnerabilities is essential for assessing risk. Q26: What does the term “residual risk” refer to? A. The risk before any controls are applied B. The remaining risk after mitigation measures are implemented C. The risk of hardware failure only D. The risk transferred to third parties Answer: B Explanation: Residual risk is what remains after all mitigation efforts have been applied. Q27: Which approach is best for a comprehensive risk management strategy? A. Focusing solely on technical controls B. Integrating both technical and administrative measures C. Only investing in new technologies D. Ignoring less critical threats Answer: B

Q33: Why is ongoing risk monitoring important in an organization? A. It helps in scheduling software updates B. It ensures that risk mitigation strategies remain effective over time C. It reduces the need for regular training D. It eliminates the need for audits Answer: B Explanation: Continuous monitoring ensures that changes in threats or vulnerabilities are detected and addressed promptly. Q34: Which factor is most critical when performing a risk evaluation? A. The brand of hardware used B. The potential impact and likelihood of each risk C. The number of employees in the organization D. The color of the office walls Answer: B Explanation: Evaluating both the impact and likelihood of risks helps prioritize mitigation efforts effectively. Q35: What is the principle of defense in depth? A. Relying on a single security solution B. Implementing multiple layers of security controls C. Prioritizing speed over security D. Focusing solely on physical security Answer: B Explanation: Defense in depth uses several layers of protection to reduce the chance of a successful attack. Q36: Which of the following is an example of a cyberattack? A. Data backup B. Phishing C. System maintenance D. Software patching Answer: B Explanation: Phishing involves deceptive attempts to obtain sensitive information and is a common cyberattack. Q37: What is the purpose of a firewall in cybersecurity? A. To accelerate internet speed B. To monitor and filter incoming and outgoing network traffic C. To backup data automatically D. To replace antivirus software Answer: B Explanation: Firewalls control network traffic based on security rules, helping block unauthorized access. Q38: What does the term “least privilege” refer to? A. Allowing users access to all system resources B. Granting users the minimum access necessary to perform their tasks

C. Providing administrators with unrestricted access D. Denying all user access by default Answer: B Explanation: The principle of least privilege minimizes potential damage by limiting user access to only what is required. Q39: Which of the following best describes two-factor authentication (2FA)? A. Using two different passwords for the same account B. Combining something the user knows with something the user has C. Allowing users to bypass security protocols D. Using only biometric data for access control Answer: B Explanation: 2FA adds an extra layer of security by requiring two independent verification factors. Q40: What is the role of intrusion detection systems (IDS) in cybersecurity? A. To block all network traffic B. To detect and alert on suspicious activities C. To manage user accounts D. To schedule system updates Answer: B Explanation: IDS monitor network traffic to identify and alert administrators of potential security incidents. Q41: How does encryption enhance cybersecurity? A. By increasing processing speed B. By converting data into an unreadable format without the correct decryption key C. By simplifying user access D. By reducing data storage requirements Answer: B Explanation: Encryption secures data by making it unreadable to unauthorized users without the proper key. Q42: Which security control principle is directly associated with reducing the attack surface? A. Increasing user privileges B. Regularly updating software and systems C. Removing unnecessary services and applications D. Implementing a single layer of security Answer: C Explanation: Removing nonessential services reduces potential vulnerabilities that attackers can exploit. Q43: What is a common characteristic of malware? A. It improves system performance B. It is designed to damage, disrupt, or gain unauthorized access to systems C. It is a tool for data backup D. It enhances user interface design Answer: B Explanation: Malware is malicious software intended to harm or exploit computer systems.

Answer: B Explanation: Incident handling establishes clear steps to manage and mitigate the effects of security breaches. Q50: Which of the following is a preventive measure in cybersecurity? A. Logging events B. Installing anti-virus software C. Post-incident analysis D. Forensic investigation Answer: B Explanation: Anti-virus software is designed to prevent malware infections by detecting and blocking malicious code. Q51: What does the term “security patch” refer to? A. A new feature in software B. An update to fix security vulnerabilities C. A type of encryption method D. A user account setting Answer: B Explanation: Security patches are updates issued to correct vulnerabilities and enhance system security. Q52: What is the primary purpose of network security? A. To improve network speed B. To protect the integrity and usability of networks and data C. To facilitate social media access D. To support software development Answer: B Explanation: Network security safeguards the infrastructure and data from unauthorized access and cyber threats. Q53: Which device is commonly used to filter network traffic at a perimeter? A. Router B. Firewall C. Switch D. Hub Answer: B Explanation: Firewalls filter traffic based on security rules, blocking unauthorized access. Q54: What does DMZ stand for in network security? A. Direct Memory Zone B. Demilitarized Zone C. Data Management Zone D. Digital Monitoring Zone Answer: B Explanation: A DMZ is an isolated subnetwork that exposes external services while protecting the internal network.

Q55: How does a VPN enhance network security? A. By allowing open access to all users B. By encrypting data transmitted over insecure networks C. By reducing the need for firewalls D. By increasing network bandwidth Answer: B Explanation: VPNs create encrypted tunnels that secure data communications over public networks. Q56: Which of the following is a security protocol used to secure web communications? A. HTTP B. FTP C. SSL/TLS D. SMTP Answer: C Explanation: SSL/TLS protocols encrypt data between web servers and clients to secure communications. Q57: What is the function of an Intrusion Detection System (IDS) in a network? A. To detect and alert on potential malicious activities B. To manage user accounts C. To optimize network performance D. To store backup data Answer: A Explanation: IDS monitor network traffic and alert administrators about suspicious or anomalous behavior. Q58: Which of the following best describes wireless network security? A. Securing only wired connections B. Protecting data transmitted over wireless networks through encryption and authentication C. Allowing open access to all devices D. Prioritizing speed over security protocols Answer: B Explanation: Wireless security involves encrypting and authenticating data to prevent unauthorized access over Wi-Fi networks. Q59: What is the role of network segmentation in security? A. To combine all network resources into one large network B. To isolate different parts of a network to limit access and contain breaches C. To increase internet speed D. To eliminate the need for firewalls Answer: B Explanation: Segmentation divides a network into smaller, controlled zones, reducing the risk of widespread breaches. Q60: Which security protocol is commonly used for securing VPN connections? A. IPsec B. HTTP

Explanation: NAC enforces policies that permit only authorized devices and users to access network resources. Q66: What is the purpose of implementing firewalls in a network? A. To slow down traffic B. To block unauthorized access and monitor traffic C. To increase user count D. To reduce data storage Answer: B Explanation: Firewalls serve as a barrier that monitors and filters network traffic based on security policies. Q67: Which technique is used to detect anomalies in network traffic? A. Data compression B. Intrusion detection C. Hardware upgrading D. Software development Answer: B Explanation: Intrusion detection systems help identify unusual or suspicious network activity that could indicate a security threat. Q68: How does the concept of a DMZ enhance network security? A. By providing open access to all users B. By isolating public-facing services from the internal network C. By encrypting all data D. By increasing network speed Answer: B Explanation: A DMZ creates a buffer zone between external and internal networks, reducing the risk of direct attacks. Q69: What is the main goal of Identity and Access Management (IAM)? A. To increase network speed B. To manage and secure user access to resources C. To store large volumes of data D. To develop new software applications Answer: B Explanation: IAM ensures that only authorized users can access sensitive systems and data. Q70: Which access control model is based on assigning permissions to roles? A. Discretionary Access Control (DAC) B. Mandatory Access Control (MAC) C. Role-Based Access Control (RBAC) D. Attribute-Based Access Control (ABAC) Answer: C Explanation: RBAC assigns access rights based on a user’s role within the organization.

Q71: What does the term “authentication” mean in IAM? A. Granting access based on user roles B. Verifying the identity of a user C. Monitoring user activity D. Logging user actions Answer: B Explanation: Authentication is the process of confirming that a user is who they claim to be. Q72: What is an example of multi-factor authentication (MFA)? A. Using only a password B. Combining a password with a fingerprint scan C. Using a username without a password D. Logging in from a trusted device without extra steps Answer: B Explanation: MFA enhances security by requiring two or more independent credentials for verification. Q73: What is the function of Single Sign-On (SSO) in IAM? A. It requires users to log in multiple times for different systems B. It allows users to authenticate once and gain access to multiple systems C. It disables user account monitoring D. It increases the number of passwords required Answer: B Explanation: SSO streamlines access by enabling users to log in a single time for multiple applications. Q74: Which of the following best describes Access Control Lists (ACLs)? A. Lists that record employee attendance B. Rules that specify which users can access certain resources C. Tools for network performance optimization D. Guidelines for software development Answer: B Explanation: ACLs are sets of rules that define user permissions for accessing system resources. Q75: What does “privileged access management” (PAM) focus on? A. Limiting guest access to the internet B. Managing and securing accounts with elevated permissions C. Monitoring network traffic D. Encrypting all data transfers Answer: B Explanation: PAM concentrates on controlling access for users with high-level privileges to reduce security risks. Q76: Which access control model allows users to set permissions for their own files? A. Role-Based Access Control (RBAC) B. Discretionary Access Control (DAC) C. Mandatory Access Control (MAC) D. Rule-Based Access Control

Q82: What is the primary purpose of access reviews in IAM? A. To update software applications B. To verify and adjust user access rights periodically C. To create new network connections D. To enhance system performance Answer: B Explanation: Regular access reviews ensure that user privileges remain appropriate over time. Q83: How does Single Sign-On (SSO) improve user experience in organizations? A. By requiring multiple passwords B. By allowing users to access multiple systems with one login C. By reducing security D. By isolating user accounts Answer: B Explanation: SSO streamlines user access by reducing the number of logins required. Q84: What is the purpose of multi-factor authentication? A. To eliminate the need for passwords B. To add additional layers of security using multiple verification factors C. To simplify network traffic D. To speed up system processes Answer: B Explanation: MFA enhances security by combining different types of credentials, making unauthorized access more difficult. Q85: Which model of access control is considered most flexible for user-driven permissions? A. Mandatory Access Control B. Role-Based Access Control C. Discretionary Access Control D. Attribute-Based Access Control Answer: C Explanation: Discretionary Access Control allows users to set permissions on their own files, offering greater flexibility. Q86: What is the main purpose of cryptography in information security? A. To boost computer processing speed B. To secure data through encryption C. To manage user accounts D. To improve software design Answer: B Explanation: Cryptography converts data into an unreadable format to protect it from unauthorized access. Q87: What is the difference between symmetric and asymmetric encryption? A. Symmetric encryption uses one key, while asymmetric uses a pair of keys B. Symmetric encryption uses two keys, while asymmetric uses one key C. Both use the same number of keys

D. They are identical in function Answer: A Explanation: Symmetric encryption uses a single shared key; asymmetric encryption uses a public and private key pair. Q88: Which encryption algorithm is known for its high level of security in symmetric encryption? A. RSA B. AES C. ECC D. DES Answer: B Explanation: AES (Advanced Encryption Standard) is renowned for its strong security in symmetric encryption. Q89: What is the primary role of a key management system in cryptography? A. To monitor network traffic B. To securely generate, store, and distribute cryptographic keys C. To manage user passwords D. To perform system backups Answer: B Explanation: Key management ensures that encryption keys are handled securely throughout their lifecycle. Q90: What is the purpose of a hashing algorithm in data protection? A. To encrypt data for transmission B. To generate a fixed-size hash value from input data C. To increase data storage capacity D. To compress files Answer: B Explanation: Hashing creates a unique, fixed-length output that can be used to verify data integrity. Q91: Which of the following is a common hashing algorithm? A. AES B. SHA- 256 C. RSA D. IPsec Answer: B Explanation: SHA-256 is widely used to generate secure hash values for data integrity checks. Q92: What is a digital signature used for? A. To speed up file transfers B. To verify the authenticity and integrity of a digital message or document C. To compress digital files D. To store large amounts of data Answer: B Explanation: Digital signatures authenticate the source of a document and ensure it has not been altered.

Answer: B Explanation: Asymmetric encryption uses a pair of keys, enhancing security by separating encryption from decryption processes. Q99: Why is key management critical in cryptographic systems? A. It reduces data size B. It ensures that encryption keys are stored and distributed securely C. It speeds up processing D. It replaces encryption algorithms Answer: B Explanation: Secure key management prevents unauthorized access to cryptographic keys, maintaining the integrity of encryption. Q100: What is one of the primary uses of hashing in data integrity? A. To encrypt data B. To verify that data has not been altered C. To compress data D. To increase data transmission speed Answer: B Explanation: Hashing creates a unique fingerprint of data, enabling verification that it remains unchanged. Q101: How do digital certificates contribute to secure communications? A. By compressing data B. By authenticating the identity of entities C. By increasing network speed D. By storing data Answer: B Explanation: Digital certificates confirm the identity of servers and clients, facilitating trust and secure connections. Q102: What is one key challenge in implementing cryptographic systems? A. Managing encryption keys securely B. Reducing screen resolution C. Increasing hardware costs D. Simplifying user interfaces Answer: A Explanation: Securely managing keys is essential because compromised keys can undermine the entire cryptographic system. Q103: What is the main focus of Security Governance? A. Increasing system speed B. Establishing policies and procedures to manage information security C. Developing new software applications D. Enhancing hardware performance Answer: B Explanation: Security governance sets the strategic direction and rules for protecting information assets.

Q104: Which framework is commonly associated with Security Governance? A. ISO/IEC 27001 B. Agile methodology C. Waterfall model D. Scrum framework Answer: A Explanation: ISO/IEC 27001 provides internationally recognized guidelines for establishing a robust security management system. Q105: What is the purpose of a compliance audit in GRC? A. To speed up network performance B. To assess whether security controls meet regulatory and policy requirements C. To manage user accounts D. To develop new software features Answer: B Explanation: Compliance audits evaluate whether an organization adheres to established security standards and regulations. Q106: What does GRC stand for in information security? A. Governance, Risk, and Compliance B. General Risk Control C. Global Regulatory Compliance D. Governance and Resource Control Answer: A Explanation: GRC encompasses the practices and frameworks for managing governance, risk, and compliance in security. Q107: How do information security policies contribute to GRC? A. They improve system speed B. They define the rules and guidelines for managing security risks and ensuring compliance C. They eliminate the need for encryption D. They reduce software development time Answer: B Explanation: Security policies are vital for establishing a consistent approach to risk management and compliance. Q108: What is the purpose of an incident management plan in the context of GRC? A. To automate software updates B. To provide a structured approach to handling security incidents C. To reduce network traffic D. To increase system performance Answer: B Explanation: An incident management plan outlines procedures to detect, respond to, and recover from security incidents. Q109: Which regulation is specifically designed to protect personal data in the European Union? A. HIPAA