Prep: Questions, Answers
and Explanations
General security concept questions
This section of the exam is designed to focus on foundational cyber security ideas and concepts.
It’s there to make sure you understand the core principles the rest of the exam builds on.
Question #1. Which of the following best describes the goal of the CIA triad in cybersecurity?
A) Compliance, Investigation, Authorization
B) Central Intelligence Access
C) Confidentiality, Integrity, Availability
D) Control, Identity, Authentication
Answer: C) Confidentiality, Integrity, Availability The CIA triad is one of the first things you’ll
learn in cybersecurity, and it outlines the three key goals of any secure system:
Confidentiality: keeping information private and protected from unauthorized access
Integrity: ensuring information remains accurate and unaltered
Availability: making sure information and systems are accessible when needed
,The reason this question matters is that every security control from encryption, access
restrictions, firewalls, backups, etc.is trying to protect one (or more) of these three pillars. So if
you can always tie a tool or process back to how it protects confidentiality, integrity, or
availability, you’ll be thinking the way CompTIA wants you to think.
Look for clues like:
“Prevent unauthorized access” → confidentiality
“Detect if data was changed” → integrity
“Ensure systems stay online” → availability
So any time the exam asks about the purpose of a security measure, ask yourself: which part of
the CIA triad is it protecting?
Question #2. An administrator wants to make sure employees can verify whether a file has been
altered. Which security principle does this support?
A) Confidentiality
B) Availability
C) Integrity
D) Non-repudiation
, Answer: C) Integrity
Integrity is about making sure data hasn’t been tampered with, either accidentally or by an
attacker.
So if a system or document has integrity, that means it’s still in its original, trusted state.
For example
If you download a file from a vendor and compare its hash to what they published, you can
confirm it hasn’t been modified along the way.
So anytime you see wording like:
“detect changes”
“verify a file’s authenticity”
“check if a message was modified”
…it’s pointing you toward integrity. Keep that principle locked in and you won’t get tripped up
by trickier wording.
Question #3. Which of the following is considered a ‘technical’ control?
A) Security awareness training
B) Firewall rules