1|Page
# CYBERSECURITY QUESTION BANK
## COMPREHENSIVE PRACTICE EXAMINATION
RESOURCE
200+ ORIGINAL MULTIPLE-CHOICE QUESTIONS
WITH DETAILED RATIONALES**
# DOMAIN 1: SECURITY PRINCIPLES & THE CIA TRIAD
**Q1. A company's e-commerce website becomes inaccessible to customers due to
a massive influx of malicious traffic. Which principle of the CIA Triad has been
primarily violated?**
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
**Correct Answer: C) Availability**
**Rationale:** Availability ensures that systems and data are accessible to
authorized users when needed. A Distributed Denial of Service (DDoS) attack
floods the system with traffic, making it unavailable to legitimate customers.
Confidentiality concerns unauthorized access, while integrity concerns
unauthorized modification. Non-repudiation ensures actions cannot be denied.
,2|Page
---
**Q2. An attacker intercepts network traffic and silently reads sensitive data
packets without altering them. Which CIA principle is being violated?**
A) Availability
B) Integrity
C) Non-repudiation
D) Confidentiality
**Correct Answer: D) Confidentiality**
**Rationale:** Confidentiality ensures that information is only accessible to
authorized individuals. When an attacker reads data without authorization—even
without modifying it—confidentiality is breached. This type of passive attack is
often associated with network sniffing or man-in-the-middle eavesdropping.
---
**Q3. A database administrator discovers that a disgruntled employee has altered
customer credit card numbers in the company database. Which security principle
has been compromised?**
A) Availability
B) Integrity
,3|Page
C) Confidentiality
D) Authentication
**Correct Answer: B) Integrity**
**Rationale:** Integrity ensures that data remains accurate and has not been
tampered with by unauthorized parties. The unauthorized modification of customer
credit card numbers directly violates data integrity. Methods to protect integrity
include hashing, checksums, digital signatures, and audit logs.
---
**Q4. Which of the following best describes the relationship between a threat, a
vulnerability, and a risk?**
A) A threat exploits a vulnerability, creating a risk
B) A vulnerability exploits a threat, creating a risk
C) Risk is the likelihood of a threat exploiting a vulnerability
D) Threats and vulnerabilities are the same thing
**Correct Answer: C) Risk is the likelihood of a threat exploiting a vulnerability**
**Rationale:** Risk is formally defined as the combination of the probability of an
event and its consequences. A threat is anything capable of acting against an asset
in a harmful manner, while a vulnerability is a weakness that could be exploited.
Risk materializes when a threat successfully exploits a vulnerability.
, 4|Page
**Q5. A hospital implements encryption for all patient records stored on its
servers. Which security objective is this primarily addressing?**
A) Availability
B) Integrity
C) Confidentiality
D) Non-repudiation
**Correct Answer: C) Confidentiality**
**Rationale:** Encryption converts readable data into unreadable ciphertext,
ensuring that only authorized users with the correct decryption key can access the
information. This directly supports confidentiality by preventing unauthorized
access to sensitive patient data. While encryption can also support integrity in
some contexts, its primary purpose in this scenario is confidentiality.
---
**Q6. Which statement accurately describes the difference between authentication
and authorization?**
A) Authentication determines permissions; authorization verifies identity
B) Authentication verifies identity; authorization determines permissions
C) Authentication and authorization are the same process
D) Authorization happens before authentication
# CYBERSECURITY QUESTION BANK
## COMPREHENSIVE PRACTICE EXAMINATION
RESOURCE
200+ ORIGINAL MULTIPLE-CHOICE QUESTIONS
WITH DETAILED RATIONALES**
# DOMAIN 1: SECURITY PRINCIPLES & THE CIA TRIAD
**Q1. A company's e-commerce website becomes inaccessible to customers due to
a massive influx of malicious traffic. Which principle of the CIA Triad has been
primarily violated?**
A) Confidentiality
B) Integrity
C) Availability
D) Non-repudiation
**Correct Answer: C) Availability**
**Rationale:** Availability ensures that systems and data are accessible to
authorized users when needed. A Distributed Denial of Service (DDoS) attack
floods the system with traffic, making it unavailable to legitimate customers.
Confidentiality concerns unauthorized access, while integrity concerns
unauthorized modification. Non-repudiation ensures actions cannot be denied.
,2|Page
---
**Q2. An attacker intercepts network traffic and silently reads sensitive data
packets without altering them. Which CIA principle is being violated?**
A) Availability
B) Integrity
C) Non-repudiation
D) Confidentiality
**Correct Answer: D) Confidentiality**
**Rationale:** Confidentiality ensures that information is only accessible to
authorized individuals. When an attacker reads data without authorization—even
without modifying it—confidentiality is breached. This type of passive attack is
often associated with network sniffing or man-in-the-middle eavesdropping.
---
**Q3. A database administrator discovers that a disgruntled employee has altered
customer credit card numbers in the company database. Which security principle
has been compromised?**
A) Availability
B) Integrity
,3|Page
C) Confidentiality
D) Authentication
**Correct Answer: B) Integrity**
**Rationale:** Integrity ensures that data remains accurate and has not been
tampered with by unauthorized parties. The unauthorized modification of customer
credit card numbers directly violates data integrity. Methods to protect integrity
include hashing, checksums, digital signatures, and audit logs.
---
**Q4. Which of the following best describes the relationship between a threat, a
vulnerability, and a risk?**
A) A threat exploits a vulnerability, creating a risk
B) A vulnerability exploits a threat, creating a risk
C) Risk is the likelihood of a threat exploiting a vulnerability
D) Threats and vulnerabilities are the same thing
**Correct Answer: C) Risk is the likelihood of a threat exploiting a vulnerability**
**Rationale:** Risk is formally defined as the combination of the probability of an
event and its consequences. A threat is anything capable of acting against an asset
in a harmful manner, while a vulnerability is a weakness that could be exploited.
Risk materializes when a threat successfully exploits a vulnerability.
, 4|Page
**Q5. A hospital implements encryption for all patient records stored on its
servers. Which security objective is this primarily addressing?**
A) Availability
B) Integrity
C) Confidentiality
D) Non-repudiation
**Correct Answer: C) Confidentiality**
**Rationale:** Encryption converts readable data into unreadable ciphertext,
ensuring that only authorized users with the correct decryption key can access the
information. This directly supports confidentiality by preventing unauthorized
access to sensitive patient data. While encryption can also support integrity in
some contexts, its primary purpose in this scenario is confidentiality.
---
**Q6. Which statement accurately describes the difference between authentication
and authorization?**
A) Authentication determines permissions; authorization verifies identity
B) Authentication verifies identity; authorization determines permissions
C) Authentication and authorization are the same process
D) Authorization happens before authentication
