CCC1 EXAM 2 LATEST 2025 PACKAGE DEAL| 2 LATEST
VERSIONS WITH COMPLETE ACTUAL EXAM
QUESTIONS AND CORRECT VERIFIED ANSWERS/
ALREADY GRADED A+ (MOST RECENT!!)
1. Which of the following best describes the primary purpose of
the CIA triad?
A) To ensure all data is encrypted at rest
B) To provide a framework for balancing security goals
C) To eliminate all cybersecurity risks
D) To prioritize availability over confidentiality
Answer: B
Rationale: The CIA triad (Confidentiality, Integrity, Availability)
is a model to guide security decisions, balancing these three core
goals. A is too narrow (encryption only addresses confidentiality).
C is impossible (risk cannot be eliminated). D is incorrect because
no single element is always prioritized.
1
,2. Which action best supports non-repudiation?
A) Encrypting a file with a symmetric key
B) Hashing a password before storage
C) Digitally signing an email with a private key
D) Backing up logs daily
Answer: C
Rationale: Non-repudiation ensures a user cannot deny an
action. Digital signatures using asymmetric cryptography (private
key signing) provide proof of origin. A provides confidentiality
only. B is for password protection. D supports availability, not
proof of action.
3. A company allows employees to work from home but requires
that all laptops have full-disk encryption. Which principle does
this primarily enforce?
2
,A) Integrity
B) Availability
C) Confidentiality
D) Non-repudiation
Answer: C
Rationale: Full-disk encryption ensures that if a laptop is lost or
stolen, data cannot be read by unauthorized parties. This
protects confidentiality. Integrity (data unaltered) is not the
primary goal here.
4. Which of the following is an example of a preventive
control?
A) Security guard checking IDs at a door
B) Firewall blocking malicious traffic
C) Log review after a breach
D) Surveillance camera footage
3
, Answer: B
Rationale: Preventive controls stop an incident before it occurs. A
firewall blocking traffic is preventive. A is detective (checks but
doesn't stop). C and D are detective/after-the-fact.
5. A security policy states: "All users must change passwords
every 60 days." This is an example of:
A) A standard
B) A guideline
C) A procedure
D) A baseline
Answer: A
Rationale: A standard is a mandatory requirement. Changing
passwords every 60 days is a specific, enforceable rule.
Guidelines are advisory. Procedures are step-by-step. Baselines
are minimum security levels.
4
VERSIONS WITH COMPLETE ACTUAL EXAM
QUESTIONS AND CORRECT VERIFIED ANSWERS/
ALREADY GRADED A+ (MOST RECENT!!)
1. Which of the following best describes the primary purpose of
the CIA triad?
A) To ensure all data is encrypted at rest
B) To provide a framework for balancing security goals
C) To eliminate all cybersecurity risks
D) To prioritize availability over confidentiality
Answer: B
Rationale: The CIA triad (Confidentiality, Integrity, Availability)
is a model to guide security decisions, balancing these three core
goals. A is too narrow (encryption only addresses confidentiality).
C is impossible (risk cannot be eliminated). D is incorrect because
no single element is always prioritized.
1
,2. Which action best supports non-repudiation?
A) Encrypting a file with a symmetric key
B) Hashing a password before storage
C) Digitally signing an email with a private key
D) Backing up logs daily
Answer: C
Rationale: Non-repudiation ensures a user cannot deny an
action. Digital signatures using asymmetric cryptography (private
key signing) provide proof of origin. A provides confidentiality
only. B is for password protection. D supports availability, not
proof of action.
3. A company allows employees to work from home but requires
that all laptops have full-disk encryption. Which principle does
this primarily enforce?
2
,A) Integrity
B) Availability
C) Confidentiality
D) Non-repudiation
Answer: C
Rationale: Full-disk encryption ensures that if a laptop is lost or
stolen, data cannot be read by unauthorized parties. This
protects confidentiality. Integrity (data unaltered) is not the
primary goal here.
4. Which of the following is an example of a preventive
control?
A) Security guard checking IDs at a door
B) Firewall blocking malicious traffic
C) Log review after a breach
D) Surveillance camera footage
3
, Answer: B
Rationale: Preventive controls stop an incident before it occurs. A
firewall blocking traffic is preventive. A is detective (checks but
doesn't stop). C and D are detective/after-the-fact.
5. A security policy states: "All users must change passwords
every 60 days." This is an example of:
A) A standard
B) A guideline
C) A procedure
D) A baseline
Answer: A
Rationale: A standard is a mandatory requirement. Changing
passwords every 60 days is a specific, enforceable rule.
Guidelines are advisory. Procedures are step-by-step. Baselines
are minimum security levels.
4
