Exam – 100 Questions & Answers Plus
Rationales Latest 2026/27 Instant Pdf
Download
Domain 1.0: General Security Concepts (12%)
Question 1
A financial company discovers that employees regularly leave sensitive
documents on unattended desks. The security team implements locked
filing cabinets, creates a mandatory clean-desk policy with monthly
audits, and transitions to a paperless workflow. How should these three
controls be classified?
A. Preventive, detective, and corrective controls
B. Preventive, preventive, and corrective controls
C. Detective, preventive, and corrective controls
D. Corrective, detective, and preventive controls
Correct Answer: B – Locked filing cabinets prevent unauthorized access
(preventive). A clean-desk policy with audits enforces ongoing
compliance as part of the preventive machinery—audits here are not a
separate detection layer but rather ensure the preventive control is
followed. The paperless workflow is corrective because it removes the
root cause.
,Question 2
Which of the following best describes the CIA triad concept of non-
repudiation?
A. Ensuring data is accessible only to authorized users
B. Guaranteeing that a party cannot deny having performed a particular
action
C. Protecting data from unauthorized modification
D. Ensuring systems are available when needed
Correct Answer: B – Non-repudiation ensures that an individual or
entity cannot deny having performed a specific action, typically through
digital signatures or audit logs.
Question 3
A security administrator is implementing a zero-trust architecture. Which
of the following principles is most central to zero trust?
A. Trust all internal network traffic by default
B. Verify explicitly every access request regardless of source
C. Rely on perimeter firewalls for all security
D. Grant full network access once a user authenticates
Correct Answer: B – Zero trust operates on the principle of "never trust,
always verify." Every access request must be explicitly verified,
authenticated, and authorized, regardless of whether it originates from
inside or outside the network.
Question 4
Which type of security control is a fence around a data center?
A. Technical control
B. Administrative control
,C. Physical control
D. Detective control
Correct Answer: C – A fence is a physical control because it physically
prevents or deters unauthorized access to a facility.
Question 5
An organization deploys a SIEM (Security Information and Event
Management) system to collect and analyze logs from multiple sources.
This is an example of which type of control?
A. Preventive
B. Detective
C. Deterrent
D. Compensating
Correct Answer: B – A SIEM system detects security incidents by
analyzing logs and identifying anomalies or threats. Detective controls
identify and record security events after they occur.
Question 6
Which cryptographic concept ensures that data has not been altered
during transmission?
A. Confidentiality
B. Non-repudiation
C. Integrity
D. Availability
Correct Answer: C – Integrity ensures that data has not been modified
or tampered with. Hashing and digital signatures are common integrity
mechanisms.
, Question 7
A system administrator changes a user's password after the user reports
a suspected compromise. This action is an example of which type of
control?
A. Preventive
B. Detective
C. Corrective
D. Deterrent
Correct Answer: C – Corrective controls restore systems to a secure
state after a security incident. Changing a compromised password
corrects the vulnerability.
Question 8
Which of the following is an example of a technical control?
A. Security awareness training
B. An access control list (ACL) on a firewall
C. A security policy requiring annual password changes
D. Security guards at building entrances
Correct Answer: B – Technical controls (also called logical controls) are
implemented through technology. An ACL on a firewall is a technical
control that enforces network access rules.
Question 9
An organization implements a policy requiring employees to sign an
acceptable use policy (AUP). This is an example of which type of control?
A. Technical
B. Physical
C. Administrative
D. Detective