CSIA FINAL EXAM VERSION 1 - COMPLETE
PRACTICE QUESTION WITH COMPLTE
ANSWERS AND RATIONELS
Section 1: Information Security Fundamentals (Questions
1-20)
Question 1:
What is the primary goal of the CIA triad in information
security?
A) Confidentiality, Integrity, Authentication
B) Confidentiality, Integrity, Availability
C) Confidentiality, Identity, Access
D) Control, Integrity, Availability
Correct Answer: B) Confidentiality, Integrity, Availability
Rationale: The CIA triad forms the foundation of information
security. Confidentiality ensures data is accessible only to
authorized users, Integrity ensures data accuracy and
trustworthiness, and Availability ensures systems and data
are accessible when needed. Authentication (option A) is a
,separate security concept, while options C and D incorrectly
substitute other terms.
Question 2:
Which type of attack involves intercepting and altering
communication between two parties without their knowledge?
A) Denial of Service
B) Man-in-the-Middle
C) Phishing
D) SQL Injection
Correct Answer: B) Man-in-the-Middle
Rationale: A Man-in-the-Middle (MITM) attack occurs when
an attacker secretly intercepts and potentially alters
communications between two parties. Denial of Service (A)
overwhelms systems, Phishing (C) is a social engineering
attack, and SQL Injection (D) targets databases.
Question 3:
What is the primary purpose of encryption?
A) To ensure data availability
B) To protect data confidentiality
,C) To verify user identity
D) To prevent physical theft
Correct Answer: B) To protect data confidentiality
Rationale: Encryption transforms readable data (plaintext)
into an unreadable format (ciphertext) to protect
confidentiality. While encryption can support other security
goals, its primary purpose is ensuring that unauthorized
parties cannot read sensitive information.
Question 4:
Which of the following is an example of a physical security
control?
A) Firewall
B) Biometric scanner
C) Intrusion Detection System
D) Antivirus software
Correct Answer: B) Biometric scanner
Rationale: Physical security controls are tangible measures
that protect physical assets. Biometric scanners (fingerprint
readers, retinal scanners) are physical devices that control
access to facilities or systems. Firewalls, IDS, and antivirus
are all logical/technical controls.
, Question 5:
What is the difference between a vulnerability and a threat?
A) A vulnerability is a potential danger, while a threat is a
weakness
B) A vulnerability is a weakness, while a threat is a potential
danger
C) They are the same thing
D) A vulnerability is always exploited
Correct Answer: B) A vulnerability is a weakness, while a
threat is a potential danger
Rationale: A vulnerability is a flaw or weakness in a system
that could be exploited, while a threat is a potential danger
that could exploit that vulnerability. For example, an
unpatched server (vulnerability) faces the threat of malware
infection.
Question 6:
Which security principle states that users should only have
the minimum privileges necessary to perform their job
functions?
PRACTICE QUESTION WITH COMPLTE
ANSWERS AND RATIONELS
Section 1: Information Security Fundamentals (Questions
1-20)
Question 1:
What is the primary goal of the CIA triad in information
security?
A) Confidentiality, Integrity, Authentication
B) Confidentiality, Integrity, Availability
C) Confidentiality, Identity, Access
D) Control, Integrity, Availability
Correct Answer: B) Confidentiality, Integrity, Availability
Rationale: The CIA triad forms the foundation of information
security. Confidentiality ensures data is accessible only to
authorized users, Integrity ensures data accuracy and
trustworthiness, and Availability ensures systems and data
are accessible when needed. Authentication (option A) is a
,separate security concept, while options C and D incorrectly
substitute other terms.
Question 2:
Which type of attack involves intercepting and altering
communication between two parties without their knowledge?
A) Denial of Service
B) Man-in-the-Middle
C) Phishing
D) SQL Injection
Correct Answer: B) Man-in-the-Middle
Rationale: A Man-in-the-Middle (MITM) attack occurs when
an attacker secretly intercepts and potentially alters
communications between two parties. Denial of Service (A)
overwhelms systems, Phishing (C) is a social engineering
attack, and SQL Injection (D) targets databases.
Question 3:
What is the primary purpose of encryption?
A) To ensure data availability
B) To protect data confidentiality
,C) To verify user identity
D) To prevent physical theft
Correct Answer: B) To protect data confidentiality
Rationale: Encryption transforms readable data (plaintext)
into an unreadable format (ciphertext) to protect
confidentiality. While encryption can support other security
goals, its primary purpose is ensuring that unauthorized
parties cannot read sensitive information.
Question 4:
Which of the following is an example of a physical security
control?
A) Firewall
B) Biometric scanner
C) Intrusion Detection System
D) Antivirus software
Correct Answer: B) Biometric scanner
Rationale: Physical security controls are tangible measures
that protect physical assets. Biometric scanners (fingerprint
readers, retinal scanners) are physical devices that control
access to facilities or systems. Firewalls, IDS, and antivirus
are all logical/technical controls.
, Question 5:
What is the difference between a vulnerability and a threat?
A) A vulnerability is a potential danger, while a threat is a
weakness
B) A vulnerability is a weakness, while a threat is a potential
danger
C) They are the same thing
D) A vulnerability is always exploited
Correct Answer: B) A vulnerability is a weakness, while a
threat is a potential danger
Rationale: A vulnerability is a flaw or weakness in a system
that could be exploited, while a threat is a potential danger
that could exploit that vulnerability. For example, an
unpatched server (vulnerability) faces the threat of malware
infection.
Question 6:
Which security principle states that users should only have
the minimum privileges necessary to perform their job
functions?