❖ Comprehensive Study Guide for C836 – Fundamentals of
Information Security: Essential Resource Covering Key Concepts in
Cybersecurity, Risk Management Principles, Information Assurance
Techniques, Network Security Fundamentals, Threat Analysis,
Security Policies, and Best Practices to Equip Students for Success
in Information Security Assessments
Question 1: What is the primary goal of information security?
• A) Ensure data availability
• B) Protect confidentiality, integrity, and availability (CIA)
• C) Facilitate data sharing
• D) Reduce IT costs
Correct Option: B
Rationale: The primary goal of information security is to protect the confidentiality,
integrity, and availability of information, often referred to as the CIA triad.
Confidentiality ensures that information is only accessible to authorized users, integrity
ensures that information is accurate and unaltered, and availability ensures that
information is accessible when needed.
Question 2: Which of the following is a type of malware that encrypts a victim's
files and demands a ransom for the decryption key?
• A) Virus
• B) Ransomware
• C) Worm
• D) Trojans
Correct Option: B
Rationale: Ransomware is a type of malware that attacks a user’s files by encrypting
them and demands payment for the decryption key. This method not only disrupts
access to critical data but also poses significant risks for individuals and organizations,
making it a prevalent threat in information security.
Question 3: Which security principle focuses on the practice of limiting access to
sensitive information to only those who need it?
• A) Integrity
, • B) Least Privilege
• C) Accountability
• D) Non-repudiation
Correct Option: B
Rationale: The principle of Least Privilege dictates that users should be granted only
those permissions necessary to perform their job functions. This minimizes the risk of
unauthorized access or data breaches by restricting the exposure of sensitive
information to only those individuals who truly need it.
Question 4: What is the primary purpose of a firewall in network security?
• A) To control incoming and outgoing network traffic
• B) To provide a secure VPN connection
• C) To authenticate users
• D) To encrypt data
Correct Option: A
Rationale: Firewalls act as a barrier between a trusted internal network and untrusted
external networks, primarily focusing on controlling incoming and outgoing traffic based
on predetermined security rules. This function is crucial for preventing unauthorized
access and protecting sensitive information.
Question 5: What is multi-factor authentication (MFA)?
• A) A method requiring multiple passwords
• B) A security mechanism that requires two or more verification methods
• C) A technique that involves using biometric scanning only
• D) A process of backing up data
Correct Option: B
Rationale: Multi-factor authentication (MFA) is a security approach that requires
individuals to provide two or more verification factors to gain access to a resource, such
as a system or application. By combining different types of factors (something you
know, something you have, and something you are), MFA significantly enhances
security by making unauthorized access much more difficult.
Question 6: Which type of attack involves intercepting communication between
two parties?
, • A) Denial of Service (DoS)
• B) Phishing
• C) Man-in-the-Middle (MitM)
• D) SQL Injection
Correct Option: C
Rationale: A Man-in-the-Middle (MitM) attack occurs when an attacker secretly relays
and possibly alters the communication between two parties who believe they are
directly communicating with each other. This type of attack can lead to unauthorized
access and data breaches.
Question 7: What does encryption primarily aim to achieve?
• A) Protect data confidentiality
• B) Improve data integrity
• C) Enhance data availability
• D) Simplify data management
Correct Option: A
Rationale: Encryption is the process of converting data into a coded format to prevent
unauthorized access. Its primary aim is to protect the confidentiality of data, ensuring
that only authorized users can access and decipher the information.
Question 8: Which of the following best describes social engineering?
• A) A technique for software development
• B) A data analysis method
• C) Manipulating individuals into divulging confidential information
• D) An encryption protocol
Correct Option: C
Rationale: Social engineering involves psychological manipulation to trick individuals
into providing confidential information, often by masquerading as a trustworthy source.
This approach exploits human psychology rather than relying on technical
vulnerabilities.
Question 9: What is the main purpose of a digital signature?
, • A) To log user activities
• B) To verify the authenticity and integrity of a message
• C) To encrypt data
• D) To provide access control
Correct Option: B
Rationale: A digital signature is a mathematical scheme for verifying the authenticity
and integrity of a message or document. It ensures that the message comes from a
verified sender and has not been altered during transmission.
Question 10: Which of the following is an example of a passive attack?
• A) Data modification
• B) Denial of Service
• C) Eavesdropping on network communication
• D) Unauthorized access
Correct Option: C
Rationale: A passive attack involves monitoring or intercepting data without altering it.
Eavesdropping on network communication is a common method of passive attacks,
where an attacker listens in to gather information without the sender or receiver's
knowledge.
Question 11: In risk management, what is 'threat'?
• A) A potential cause of an incident that may result in harm to a system
• B) A vulnerability in a system
• C) The impact of an incident
• D) A security measure
Correct Option: A
Rationale: In risk management, a threat is defined as any potential danger that could
exploit a vulnerability and cause harm to a system. Understanding threats is crucial for
developing effective security strategies.
Question 12: Which of the following is a common method of securing passwords?
• A) Using basic passwords
Information Security: Essential Resource Covering Key Concepts in
Cybersecurity, Risk Management Principles, Information Assurance
Techniques, Network Security Fundamentals, Threat Analysis,
Security Policies, and Best Practices to Equip Students for Success
in Information Security Assessments
Question 1: What is the primary goal of information security?
• A) Ensure data availability
• B) Protect confidentiality, integrity, and availability (CIA)
• C) Facilitate data sharing
• D) Reduce IT costs
Correct Option: B
Rationale: The primary goal of information security is to protect the confidentiality,
integrity, and availability of information, often referred to as the CIA triad.
Confidentiality ensures that information is only accessible to authorized users, integrity
ensures that information is accurate and unaltered, and availability ensures that
information is accessible when needed.
Question 2: Which of the following is a type of malware that encrypts a victim's
files and demands a ransom for the decryption key?
• A) Virus
• B) Ransomware
• C) Worm
• D) Trojans
Correct Option: B
Rationale: Ransomware is a type of malware that attacks a user’s files by encrypting
them and demands payment for the decryption key. This method not only disrupts
access to critical data but also poses significant risks for individuals and organizations,
making it a prevalent threat in information security.
Question 3: Which security principle focuses on the practice of limiting access to
sensitive information to only those who need it?
• A) Integrity
, • B) Least Privilege
• C) Accountability
• D) Non-repudiation
Correct Option: B
Rationale: The principle of Least Privilege dictates that users should be granted only
those permissions necessary to perform their job functions. This minimizes the risk of
unauthorized access or data breaches by restricting the exposure of sensitive
information to only those individuals who truly need it.
Question 4: What is the primary purpose of a firewall in network security?
• A) To control incoming and outgoing network traffic
• B) To provide a secure VPN connection
• C) To authenticate users
• D) To encrypt data
Correct Option: A
Rationale: Firewalls act as a barrier between a trusted internal network and untrusted
external networks, primarily focusing on controlling incoming and outgoing traffic based
on predetermined security rules. This function is crucial for preventing unauthorized
access and protecting sensitive information.
Question 5: What is multi-factor authentication (MFA)?
• A) A method requiring multiple passwords
• B) A security mechanism that requires two or more verification methods
• C) A technique that involves using biometric scanning only
• D) A process of backing up data
Correct Option: B
Rationale: Multi-factor authentication (MFA) is a security approach that requires
individuals to provide two or more verification factors to gain access to a resource, such
as a system or application. By combining different types of factors (something you
know, something you have, and something you are), MFA significantly enhances
security by making unauthorized access much more difficult.
Question 6: Which type of attack involves intercepting communication between
two parties?
, • A) Denial of Service (DoS)
• B) Phishing
• C) Man-in-the-Middle (MitM)
• D) SQL Injection
Correct Option: C
Rationale: A Man-in-the-Middle (MitM) attack occurs when an attacker secretly relays
and possibly alters the communication between two parties who believe they are
directly communicating with each other. This type of attack can lead to unauthorized
access and data breaches.
Question 7: What does encryption primarily aim to achieve?
• A) Protect data confidentiality
• B) Improve data integrity
• C) Enhance data availability
• D) Simplify data management
Correct Option: A
Rationale: Encryption is the process of converting data into a coded format to prevent
unauthorized access. Its primary aim is to protect the confidentiality of data, ensuring
that only authorized users can access and decipher the information.
Question 8: Which of the following best describes social engineering?
• A) A technique for software development
• B) A data analysis method
• C) Manipulating individuals into divulging confidential information
• D) An encryption protocol
Correct Option: C
Rationale: Social engineering involves psychological manipulation to trick individuals
into providing confidential information, often by masquerading as a trustworthy source.
This approach exploits human psychology rather than relying on technical
vulnerabilities.
Question 9: What is the main purpose of a digital signature?
, • A) To log user activities
• B) To verify the authenticity and integrity of a message
• C) To encrypt data
• D) To provide access control
Correct Option: B
Rationale: A digital signature is a mathematical scheme for verifying the authenticity
and integrity of a message or document. It ensures that the message comes from a
verified sender and has not been altered during transmission.
Question 10: Which of the following is an example of a passive attack?
• A) Data modification
• B) Denial of Service
• C) Eavesdropping on network communication
• D) Unauthorized access
Correct Option: C
Rationale: A passive attack involves monitoring or intercepting data without altering it.
Eavesdropping on network communication is a common method of passive attacks,
where an attacker listens in to gather information without the sender or receiver's
knowledge.
Question 11: In risk management, what is 'threat'?
• A) A potential cause of an incident that may result in harm to a system
• B) A vulnerability in a system
• C) The impact of an incident
• D) A security measure
Correct Option: A
Rationale: In risk management, a threat is defined as any potential danger that could
exploit a vulnerability and cause harm to a system. Understanding threats is crucial for
developing effective security strategies.
Question 12: Which of the following is a common method of securing passwords?
• A) Using basic passwords
