Cyber Security Fundamentals Exam 2 (2025–
2027 Updated) | Practice Questions &
Verified Answers | Complete Study Guide
PDF
• Document Features: This 300-question Cyber Security Fundamentals practice
exam covers all core exam domains — cryptography, network security, threats,
access control, cloud, forensics, compliance, and more — with verified answers and
detailed EXPERT RATIONALE for every question to reinforce deep understanding.
• How to Study: Attempt each question independently before reading the
answer, use the EXPERT RATIONALE to understand the "why" behind every correct
option, revisit weak-area questions repeatedly, and simulate timed exam conditions
for best results.
CYBER SECURITY FUNDAMENTALS — EXAM 2 (2025–2027)
300 Practice Questions with Verified Answers & EXPERT RATIONALE
Q1. What does the CIA Triad in cybersecurity stand for?
A) Confidentiality, Integrity, Availability
B) Control, Inspection, Authentication
C) Cryptography, Identification, Authorization
D) Confidentiality, Identification, Access
E) Compliance, Integrity, Accountability
Correct Answer: A) Confidentiality, Integrity, Availability
EXPERT RATIONALE: The CIA Triad is the foundational model of information security.
Confidentiality ensures data is only accessible to authorized users, Integrity ensures data
is not altered without authorization, and Availability ensures systems and data are
accessible when needed.
,Q2. Which principle ensures that data is not modified or tampered with by
unauthorized parties?
A) Availability
B) Non-repudiation
C) Confidentiality
D) Integrity
E) Authentication
Correct Answer: D) Integrity
EXPERT RATIONALE: Integrity ensures that data remains accurate and unaltered
during storage or transmission. It is one of the three core pillars of the CIA Triad.
Q3. A hospital's patient records system goes offline due to a ransomware
attack. Which CIA Triad principle is most directly violated?
A) Confidentiality
B) Accountability
C) Integrity
D) Non-repudiation
E) Availability
Correct Answer: E) Availability
EXPERT RATIONALE: Availability ensures that systems and data are accessible to
authorized users when needed. A ransomware attack that takes systems offline directly
violates this principle.
Q4. Which of the following best describes non-repudiation?
A) Preventing unauthorized access to data
,B) Ensuring data is available at all times
C) Guaranteeing a party cannot deny performing an action
D) Encrypting data during transmission
E) Monitoring network traffic for anomalies
Correct Answer: C) Guaranteeing a party cannot deny performing an
action
EXPERT RATIONALE: Non-repudiation provides proof of the origin and integrity of
data, making it impossible for the sender or receiver to deny their involvement in a
transaction or communication.
Q5. In information security, what does "least privilege" mean?
A) Granting users maximum access to improve productivity
B) Allowing users only the access rights needed to perform their job
C) Giving administrators unrestricted system access
D) Restricting all users from accessing any system
E) Applying the same access levels to all employees
Correct Answer: B) Allowing users only the access rights needed to
perform their job
EXPERT RATIONALE: The principle of least privilege limits user access rights to only
what is necessary to perform their specific job functions, reducing the risk of accidental
or intentional misuse.
Q6. Which type of attack involves an attacker intercepting communication
between two parties without their knowledge?
A) SQL Injection
B) Phishing
, C) Man-in-the-Middle (MitM)
D) Denial of Service
E) Brute Force
Correct Answer: C) Man-in-the-Middle (MitM)
EXPERT RATIONALE: A Man-in-the-Middle attack occurs when an attacker secretly
intercepts and potentially alters communication between two parties who believe they
are communicating directly with each other.
Q7. What is a firewall primarily used for?
A) Encrypting data at rest
B) Scanning files for viruses
C) Controlling incoming and outgoing network traffic based on rules
D) Backing up system data
E) Authenticating user credentials
Correct Answer: C) Controlling incoming and outgoing network traffic
based on rules
EXPERT RATIONALE: A firewall monitors and controls network traffic based on
predetermined security rules. It acts as a barrier between trusted internal networks and
untrusted external networks.
Q8. Which protocol is used to securely transfer files over a network?
A) FTP
B) HTTP
C) SFTP
D) SMTP
2027 Updated) | Practice Questions &
Verified Answers | Complete Study Guide
• Document Features: This 300-question Cyber Security Fundamentals practice
exam covers all core exam domains — cryptography, network security, threats,
access control, cloud, forensics, compliance, and more — with verified answers and
detailed EXPERT RATIONALE for every question to reinforce deep understanding.
• How to Study: Attempt each question independently before reading the
answer, use the EXPERT RATIONALE to understand the "why" behind every correct
option, revisit weak-area questions repeatedly, and simulate timed exam conditions
for best results.
CYBER SECURITY FUNDAMENTALS — EXAM 2 (2025–2027)
300 Practice Questions with Verified Answers & EXPERT RATIONALE
Q1. What does the CIA Triad in cybersecurity stand for?
A) Confidentiality, Integrity, Availability
B) Control, Inspection, Authentication
C) Cryptography, Identification, Authorization
D) Confidentiality, Identification, Access
E) Compliance, Integrity, Accountability
Correct Answer: A) Confidentiality, Integrity, Availability
EXPERT RATIONALE: The CIA Triad is the foundational model of information security.
Confidentiality ensures data is only accessible to authorized users, Integrity ensures data
is not altered without authorization, and Availability ensures systems and data are
accessible when needed.
,Q2. Which principle ensures that data is not modified or tampered with by
unauthorized parties?
A) Availability
B) Non-repudiation
C) Confidentiality
D) Integrity
E) Authentication
Correct Answer: D) Integrity
EXPERT RATIONALE: Integrity ensures that data remains accurate and unaltered
during storage or transmission. It is one of the three core pillars of the CIA Triad.
Q3. A hospital's patient records system goes offline due to a ransomware
attack. Which CIA Triad principle is most directly violated?
A) Confidentiality
B) Accountability
C) Integrity
D) Non-repudiation
E) Availability
Correct Answer: E) Availability
EXPERT RATIONALE: Availability ensures that systems and data are accessible to
authorized users when needed. A ransomware attack that takes systems offline directly
violates this principle.
Q4. Which of the following best describes non-repudiation?
A) Preventing unauthorized access to data
,B) Ensuring data is available at all times
C) Guaranteeing a party cannot deny performing an action
D) Encrypting data during transmission
E) Monitoring network traffic for anomalies
Correct Answer: C) Guaranteeing a party cannot deny performing an
action
EXPERT RATIONALE: Non-repudiation provides proof of the origin and integrity of
data, making it impossible for the sender or receiver to deny their involvement in a
transaction or communication.
Q5. In information security, what does "least privilege" mean?
A) Granting users maximum access to improve productivity
B) Allowing users only the access rights needed to perform their job
C) Giving administrators unrestricted system access
D) Restricting all users from accessing any system
E) Applying the same access levels to all employees
Correct Answer: B) Allowing users only the access rights needed to
perform their job
EXPERT RATIONALE: The principle of least privilege limits user access rights to only
what is necessary to perform their specific job functions, reducing the risk of accidental
or intentional misuse.
Q6. Which type of attack involves an attacker intercepting communication
between two parties without their knowledge?
A) SQL Injection
B) Phishing
, C) Man-in-the-Middle (MitM)
D) Denial of Service
E) Brute Force
Correct Answer: C) Man-in-the-Middle (MitM)
EXPERT RATIONALE: A Man-in-the-Middle attack occurs when an attacker secretly
intercepts and potentially alters communication between two parties who believe they
are communicating directly with each other.
Q7. What is a firewall primarily used for?
A) Encrypting data at rest
B) Scanning files for viruses
C) Controlling incoming and outgoing network traffic based on rules
D) Backing up system data
E) Authenticating user credentials
Correct Answer: C) Controlling incoming and outgoing network traffic
based on rules
EXPERT RATIONALE: A firewall monitors and controls network traffic based on
predetermined security rules. It acts as a barrier between trusted internal networks and
untrusted external networks.
Q8. Which protocol is used to securely transfer files over a network?
A) FTP
B) HTTP
C) SFTP
D) SMTP
