CIA Triad MCQ 60 Practice Tests With Answers (2026)
PerfectNotes TeamUpdated: May 27, 2026~15 min practice 60 Questions Β· 3 Levels 60 Questions Β· 3 Levels
The CIA Triad β Confidentiality, Integrity, and Availability β is the most tested concept in every cybersecurity certification and university syllabus. These 60 carefully structured CIA Triad MCQs take you from recognising basic pillar violations through understanding complex cryptographic and compliance mechanisms that protect each pillar.
These questions are organized into three progressive difficulty levels of 20 questions each: Basics (covering direct pillar identification and core definitions), Concepts (covering intermediate DAD mapping, access controls, and architectural trade-offs), and Advanced (covering scenario-based cryptography, the Parkerian Hexagram, compliance mechanisms, and multi-pillar analysis). Each question includes a verified, in-depth explanation to reinforce learning.
Use Study Mode to build conceptual understanding as you go, or use Exam Mode to simulate CompTIA Security+, CISSP, or university exam conditions with timed testing and real-time scoring.
Contents
- 1.Basics (20 Questions)CIA definitions Β· direct pillar identification Β· encryption Β· hashing Β· backups
- 2.Concepts (20 Questions)DAD triad mapping Β· RBAC/MAC Β· RAID Β· steganography Β· trade-offs
- 3.Advanced (20 Questions)Parkerian Hexagram Β· PFS Β· bit-flipping Β· BGP ROV Β· WORM compliance
- 4.Conclusionsummary Β· next steps Β· study tips
- 5.Key Takeawaysquick-fire bullet recap of essential facts
- 6.Quick Review Summaryconcept Β· definition Β· key fact table
- 7.FAQcommon questions answered
CIA Triad β Basics
1What does the acronym "CIA" stand for in cybersecurity?
CorrectB: Confidentiality, Integrity, Availability
The CIA Triad is the foundational model of information security. C = Confidentiality (only authorised users can access data), I = Integrity (data remains accurate and unaltered), A = Availability (data is accessible when authorised users need it). Every security control maps to one or more of these three pillars.
IncorrectB: Confidentiality, Integrity, Availability
The CIA Triad is the foundational model of information security. C = Confidentiality (only authorised users can access data), I = Integrity (data remains accurate and unaltered), A = Availability (data is accessible when authorised users need it). Every security control maps to one or more of these three pillars.
2Which pillar of the CIA Triad ensures that sensitive data is kept secret from unauthorized users?
CorrectA: Confidentiality
Confidentiality ensures information is accessible only to those authorised to access it, protecting data from unauthorised disclosure. Controls include encryption, access control lists, data classification policies, and the need-to-know principle.
IncorrectA: Confidentiality
Confidentiality ensures information is accessible only to those authorised to access it, protecting data from unauthorised disclosure. Controls include encryption, access control lists, data classification policies, and the need-to-know principle.
3Which pillar of the CIA Triad ensures that data is accurate, complete, and untampered with?
CorrectB: Integrity
Integrity ensures data remains accurate, complete, and unmodified by unauthorised parties. It guarantees the trustworthiness of data throughout its entire lifecycle. Integrity violations occur when data is altered in transit, at rest, or during processing without authorisation.
IncorrectB: Integrity
Integrity ensures data remains accurate, complete, and unmodified by unauthorised parties. It guarantees the trustworthiness of data throughout its entire lifecycle. Integrity violations occur when data is altered in transit, at rest, or during processing without authorisation.
4Which pillar of the CIA Triad ensures that systems and data are accessible to authorized users when needed?
CorrectC: Availability
Availability ensures that systems, networks, and data remain accessible to authorised users when needed. It guarantees uptime and reliability. DDoS attacks, hardware failures, and ransomware are primary threats to availability.
IncorrectC: Availability
Availability ensures that systems, networks, and data remain accessible to authorised users when needed. It guarantees uptime and reliability. DDoS attacks, hardware failures, and ransomware are primary threats to availability.
5Encryption is a primary tool used to enforce which aspect of the CIA Triad?
CorrectA: Confidentiality
Encryption transforms plaintext into unreadable ciphertext, ensuring only authorised parties with the decryption key can read the data β directly enforcing Confidentiality. Without encryption, data in transit or at rest can be read by anyone who intercepts it.
IncorrectA: Confidentiality
Encryption transforms plaintext into unreadable ciphertext, ensuring only authorised parties with the decryption key can read the data β directly enforcing Confidentiality. Without encryption, data in transit or at rest can be read by anyone who intercepts it.
6Routine data backups are primarily performed to support which aspect of the CIA Triad?
CorrectC: Availability
Backups ensure data remains accessible even after hardware failure, ransomware, accidental deletion, or a disaster β directly supporting Availability. The 3-2-1 backup rule (3 copies, 2 different media types, 1 copy offsite) is the gold standard.
IncorrectC: Availability
Backups ensure data remains accessible even after hardware failure, ransomware, accidental deletion, or a disaster β directly supporting Availability. The 3-2-1 backup rule (3 copies, 2 different media types, 1 copy offsite) is the gold standard.
7Passwords, PINs, and biometric scans are primarily used to protect:
CorrectC: Confidentiality
Passwords, PINs, and biometrics are authentication mechanisms that verify who is requesting access. By ensuring only authorised users can access systems and data, they directly enforce Confidentiality β preventing unauthorised disclosure of sensitive information.
IncorrectC: Confidentiality
Passwords, PINs, and biometrics are authentication mechanisms that verify who is requesting access. By ensuring only authorised users can access systems and data, they directly enforce Confidentiality β preventing unauthorised disclosure of sensitive information.
8A hacker intercepts a bank transfer and changes the amount from $100 to $10,000. Which CIA pillar was violated?
CorrectB: Integrity
Changing the transfer amount from $100 to $10,000 alters the accuracy of financial data β a direct violation of Integrity. The data is no longer accurate or trustworthy. This is an "Alteration" attack in the DAD triad, which maps directly to the Integrity pillar.
IncorrectB: Integrity
Changing the transfer amount from $100 to $10,000 alters the accuracy of financial data β a direct violation of Integrity. The data is no longer accurate or trustworthy. This is an "Alteration" attack in the DAD triad, which maps directly to the Integrity pillar.
9A Distributed Denial of Service (DDoS) attack crashes a retail website on Black Friday. Which CIA pillar was violated?
CorrectC: Availability
A DDoS attack floods a server with traffic, rendering it inaccessible to legitimate users β a direct attack on Availability. The "Destruction" component of the DAD triad maps to Availability threats. The website data wasn't stolen or altered; it simply became unreachable.
IncorrectC: Availability
A DDoS attack floods a server with traffic, rendering it inaccessible to legitimate users β a direct attack on Availability. The "Destruction" component of the DAD triad maps to Availability threats. The website data wasn't stolen or altered; it simply became unreachable.
10An attacker steals a database of user passwords and publishes them online. Which CIA pillar was violated?
CorrectA: Confidentiality
Stealing and publishing private credentials is a Disclosure attack β unauthorised access to and exposure of sensitive data. This violates Confidentiality. The "Disclosure" component of the DAD triad maps directly to the Confidentiality pillar.
IncorrectA: Confidentiality
Stealing and publishing private credentials is a Disclosure attack β unauthorised access to and exposure of sensitive data. This violates Confidentiality. The "Disclosure" component of the DAD triad maps directly to the Confidentiality pillar.
11What is the opposing framework to the CIA Triad (representing the primary threats to it)?
CorrectB: DAD (Disclosure, Alteration, Destruction)
The DAD Triad (Disclosure, Alteration, Destruction) is the adversarial counterpart to CIA: Disclosure threatens Confidentiality, Alteration threatens Integrity, and Destruction threatens Availability. AAA and STRIDE are separate security frameworks.
IncorrectB: DAD (Disclosure, Alteration, Destruction)
The DAD Triad (Disclosure, Alteration, Destruction) is the adversarial counterpart to CIA: Disclosure threatens Confidentiality, Alteration threatens Integrity, and Destruction threatens Availability. AAA and STRIDE are separate security frameworks.
12A power outage takes down a company's main server. Which CIA principle is immediately affected?
CorrectC: Availability
A power outage prevents authorised users from accessing systems and data, directly violating Availability. Physical controls like UPS (Uninterruptible Power Supply), redundant power feeds, and generator backup mitigate this risk.
IncorrectC: Availability
A power outage prevents authorised users from accessing systems and data, directly violating Availability. Physical controls like UPS (Uninterruptible Power Supply), redundant power feeds, and generator backup mitigate this risk.
13Storing paper files in a locked, fireproof cabinet primarily protects:
CorrectC: Confidentiality and Availability
A locked cabinet protects Confidentiality (only authorised people with a key can access the files), and being fireproof protects Availability (files survive fire disasters and remain accessible). Both CIA pillars are addressed by this single physical control.
IncorrectC: Confidentiality and Availability
A locked cabinet protects Confidentiality (only authorised people with a key can access the files), and being fireproof protects Availability (files survive fire disasters and remain accessible). Both CIA pillars are addressed by this single physical control.
14Hashing is a cryptographic process primarily used to protect:
CorrectB: Integrity
Hashing produces a fixed-length fingerprint (digest) of data. Any alteration to the original data β even changing a single bit β produces a completely different hash, making hashing the primary tool for verifying data Integrity. Hashing is one-way and does not encrypt or hide data.
IncorrectB: Integrity
Hashing produces a fixed-length fingerprint (digest) of data. Any alteration to the original data β even changing a single bit β produces a completely different hash, making hashing the primary tool for verifying data Integrity. Hashing is one-way and does not encrypt or hide data.
15Giving a user "Read-Only" access to a document (preventing them from editing it) helps maintain:
CorrectB: Integrity
Read-Only access prevents unauthorised modifications to a document, ensuring the data remains accurate and unaltered β directly maintaining Integrity. Write permissions are required to compromise Integrity; removing them prevents unauthorised changes.
IncorrectB: Integrity
Read-Only access prevents unauthorised modifications to a document, ensuring the data remains accurate and unaltered β directly maintaining Integrity. Write permissions are required to compromise Integrity; removing them prevents unauthorised changes.
16Traditional ransomware, which encrypts a user's files so they cannot be opened, is primarily an attack on:
CorrectC: Availability
Ransomware encrypts a user's files, rendering them inaccessible until a ransom is paid β a direct attack on Availability. The user cannot access their own data. This is distinct from data theft (Confidentiality breach): in classic ransomware, the attacker doesn't necessarily read the data, they just make it unusable.
IncorrectC: Availability
Ransomware encrypts a user's files, rendering them inaccessible until a ransom is paid β a direct attack on Availability. The user cannot access their own data. This is distinct from data theft (Confidentiality breach): in classic ransomware, the attacker doesn't necessarily read the data, they just make it unusable.
17Two-Factor Authentication (2FA) is used to strengthen:
CorrectB: Confidentiality
2FA adds a second verification layer beyond just a password, significantly strengthening Confidentiality by making unauthorised access much harder. Even if an attacker obtains the password, they cannot authenticate without the second factor (OTP, hardware key, biometric).
IncorrectB: Confidentiality
2FA adds a second verification layer beyond just a password, significantly strengthening Confidentiality by making unauthorised access much harder. Even if an attacker obtains the password, they cannot authenticate without the second factor (OTP, hardware key, biometric).
18Eavesdropping on a phone call or network connection is a direct threat to:
CorrectA: Confidentiality
Eavesdropping intercepts communications without authorisation, exposing sensitive data β a direct attack on Confidentiality. Whether listening to phone calls, intercepting Wi-Fi, or packet-sniffing, the goal is unauthorised access to private information without the owner's knowledge.
IncorrectA: Confidentiality
Eavesdropping intercepts communications without authorisation, exposing sensitive data β a direct attack on Confidentiality. Whether listening to phone calls, intercepting Wi-Fi, or packet-sniffing, the goal is unauthorised access to private information without the owner's knowledge.
19Using an Uninterruptible Power Supply (UPS) helps guarantee:
CorrectC: Availability
A UPS provides backup power during outages, ensuring systems remain operational β directly supporting Availability. It bridges the gap until generators start or primary power is restored, preventing unplanned downtime that would otherwise make data and services inaccessible.
IncorrectC: Availability
A UPS provides backup power during outages, ensuring systems remain operational β directly supporting Availability. It bridges the gap until generators start or primary power is restored, preventing unplanned downtime that would otherwise make data and services inaccessible.
20A student accesses the school grading system and secretly changes their grade from a "C" to an "A". This compromises:
CorrectB: Integrity
Changing a grade from "C" to "A" alters academic records without authorisation β a direct violation of Integrity. The data (grade) is now inaccurate and untrustworthy. This is an "Alteration" attack on the Integrity pillar, even though it was performed by an authenticated user.
IncorrectB: Integrity
Changing a grade from "C" to "A" alters academic records without authorisation β a direct violation of Integrity. The data (grade) is now inaccurate and untrustworthy. This is an "Alteration" attack on the Integrity pillar, even though it was performed by an authenticated user.
CIA Triad β Concepts
1In the DAD triad, "Disclosure" maps directly as a threat to which CIA pillar?
CorrectA: Confidentiality
In the DAD (Disclosure, Alteration, Destruction) threat model, Disclosure means unauthorised access to or exposure of information β which directly threatens Confidentiality. DAD is the adversarial counterpart to CIA: each threat in DAD directly violates the corresponding CIA pillar.
IncorrectA: Confidentiality
In the DAD (Disclosure, Alteration, Destruction) threat model, Disclosure means unauthorised access to or exposure of information β which directly threatens Confidentiality. DAD is the adversarial counterpart to CIA: each threat in DAD directly violates the corresponding CIA pillar.
2In the DAD triad, "Alteration" maps directly as a threat to which CIA pillar?
CorrectB: Integrity
Alteration in the DAD triad means unauthorised modification of data, which directly threatens Integrity. Alteration attacks include data tampering in transit, SQL injection modifying database records, and Man-in-the-Middle attacks that change communications before forwarding them.
IncorrectB: Integrity
Alteration in the DAD triad means unauthorised modification of data, which directly threatens Integrity. Alteration attacks include data tampering in transit, SQL injection modifying database records, and Man-in-the-Middle attacks that change communications before forwarding them.
3In the DAD triad, "Destruction" maps directly as a threat to which CIA pillar?
CorrectC: Availability
Destruction in the DAD triad means making data or systems permanently unavailable β which directly threatens Availability. Destruction attacks include ransomware, database deletion by rogue insiders, physical hardware destruction, and DDoS attacks that render services unreachable.
IncorrectC: Availability
Destruction in the DAD triad means making data or systems permanently unavailable β which directly threatens Availability. Destruction attacks include ransomware, database deletion by rogue insiders, physical hardware destruction, and DDoS attacks that render services unreachable.
4Which of the following technologies does NOT provide confidentiality?
CorrectC: SHA-256 Hashing
SHA-256 is a cryptographic hash function that produces a unique fixed-length fingerprint of data β it verifies that data hasn't been tampered with, providing Integrity, NOT Confidentiality. Hashing is one-way and irreversible; it doesn't encrypt or conceal data. AES, RSA, and VPNs all actively encrypt data to provide Confidentiality.
IncorrectC: SHA-256 Hashing
SHA-256 is a cryptographic hash function that produces a unique fixed-length fingerprint of data β it verifies that data hasn't been tampered with, providing Integrity, NOT Confidentiality. Hashing is one-way and irreversible; it doesn't encrypt or conceal data. AES, RSA, and VPNs all actively encrypt data to provide Confidentiality.
5Implementing RAID (Redundant Array of Independent Disks) on a server primarily supports:
CorrectC: Availability
RAID mirrors or stripes data across multiple hard drives; if one drive fails, the system continues operating without data loss β directly supporting Availability. RAID does not encrypt data (no Confidentiality benefit) and does not verify data accuracy (no Integrity benefit).
IncorrectC: Availability
RAID mirrors or stripes data across multiple hard drives; if one drive fails, the system continues operating without data loss β directly supporting Availability. RAID does not encrypt data (no Confidentiality benefit) and does not verify data accuracy (no Integrity benefit).
6A Man-in-the-Middle (MitM) attack where the attacker reads AND modifies messages before forwarding them threatens:
CorrectC: Confidentiality and Integrity
A MitM attack where the attacker reads messages violates Confidentiality (private content is exposed to an unauthorised party), and modifying messages violates Integrity (the content is no longer accurate or unaltered). This represents a dual CIA failure β two pillars breached simultaneously.
IncorrectC: Confidentiality and Integrity
A MitM attack where the attacker reads messages violates Confidentiality (private content is exposed to an unauthorised party), and modifying messages violates Integrity (the content is no longer accurate or unaltered). This represents a dual CIA failure β two pillars breached simultaneously.
7Downloading software and verifying its MD5 checksum ensures which aspect of the CIA Triad?
CorrectB: Integrity
Verifying an MD5/SHA checksum confirms the downloaded file is bit-for-bit identical to the original β a direct Integrity verification. If even one bit was changed (e.g., malware was injected), the checksum produces a completely different value. Checksums do not encrypt data or ensure access.
IncorrectB: Integrity
Verifying an MD5/SHA checksum confirms the downloaded file is bit-for-bit identical to the original β a direct Integrity verification. If even one bit was changed (e.g., malware was injected), the checksum produces a completely different value. Checksums do not encrypt data or ensure access.
8Steganography (hiding a secret message within an ordinary image or document) is a technique used for:
CorrectA: Confidentiality
Steganography hides a secret message within an ordinary file (image, audio, document), ensuring only the intended recipient knows a hidden message exists β serving Confidentiality by concealing the very existence of the communication, not just its content. It is used in covert channels and advanced malware C2.
IncorrectA: Confidentiality
Steganography hides a secret message within an ordinary file (image, audio, document), ensuring only the intended recipient knows a hidden message exists β serving Confidentiality by concealing the very existence of the communication, not just its content. It is used in covert channels and advanced malware C2.
9Role-Based Access Control (RBAC) ensures users only see data necessary for their jobs. This enforces:
CorrectB: Confidentiality
RBAC assigns permissions based on job function, enforcing the need-to-know and least-privilege principles β ensuring users can only access data necessary for their role. This directly protects Confidentiality by preventing unauthorised disclosure of sensitive information to employees who don't need it.
IncorrectB: Confidentiality
RBAC assigns permissions based on job function, enforcing the need-to-know and least-privilege principles β ensuring users can only access data necessary for their role. This directly protects Confidentiality by preventing unauthorised disclosure of sensitive information to employees who don't need it.
10Which of the following is the best defense to maintain Availability during a hardware failure?
CorrectB: Fault tolerance and redundancy
Fault tolerance (redundant hardware, failover systems) and data redundancy (backup servers, replication) are the primary architectural defenses against hardware failures that threaten Availability. Strong passwords and encryption protect Confidentiality; hashing protects Integrity β none of these prevent hardware-related downtime.
IncorrectB: Fault tolerance and redundancy
Fault tolerance (redundant hardware, failover systems) and data redundancy (backup servers, replication) are the primary architectural defenses against hardware failures that threaten Availability. Strong passwords and encryption protect Confidentiality; hashing protects Integrity β none of these prevent hardware-related downtime.
11Data masking (e.g., showing a credit card as **** **** **** 1234) is a technique used to preserve:
CorrectA: Confidentiality
Data masking obscures sensitive information while retaining functional usability β directly protecting Confidentiality. By never exposing the full credit card number in the interface, even if the screen is observed or the UI is compromised, the actual sensitive data is never fully disclosed.
IncorrectA: Confidentiality
Data masking obscures sensitive information while retaining functional usability β directly protecting Confidentiality. By never exposing the full credit card number in the interface, even if the screen is observed or the UI is compromised, the actual sensitive data is never fully disclosed.
12Version control systems (like Git) help developers revert to previous code states if unauthorized changes are made, thereby protecting:
CorrectB: Integrity
Version control systems track every change to code with a complete audit trail and allow reverting to any previous state. If unauthorised changes are detected (e.g., malicious code injection), they can be identified and reversed β directly protecting Integrity by ensuring code accuracy and providing auditability.
IncorrectB: Integrity
Version control systems track every change to code with a complete audit trail and allow reverting to any previous state. If unauthorised changes are detected (e.g., malicious code injection), they can be identified and reversed β directly protecting Integrity by ensuring code accuracy and providing auditability.
13A website utilizes Load Balancers to distribute traffic across five servers. This architectural design primarily enhances:
CorrectC: Availability
Load balancers distribute incoming requests across multiple servers, ensuring no single server is overwhelmed. This architecture enables continuous service availability even during high traffic spikes or individual server failures β directly enhancing Availability. Load balancers have no inherent impact on Confidentiality or Integrity.
IncorrectC: Availability
Load balancers distribute incoming requests across multiple servers, ensuring no single server is overwhelmed. This architecture enables continuous service availability even during high traffic spikes or individual server failures β directly enhancing Availability. Load balancers have no inherent impact on Confidentiality or Integrity.
14Non-repudiation (ensuring a sender cannot deny sending a message) is most closely tied to which CIA concept?
CorrectB: Integrity
Non-repudiation ensures a party cannot deny having performed an action. Digital signatures and audit logs provide non-repudiation. It is most closely tied to Integrity because it verifies the authenticity, accuracy, and origin of communications β preventing falsification of who sent what and when.
IncorrectB: Integrity
Non-repudiation ensures a party cannot deny having performed an action. Digital signatures and audit logs provide non-repudiation. It is most closely tied to Integrity because it verifies the authenticity, accuracy, and origin of communications β preventing falsification of who sent what and when.
15Salting passwords in a database prevents rainbow table attacks, thereby protecting user:
CorrectA: Confidentiality
Salting adds a unique random value to each password before hashing, defeating rainbow table attacks that rely on precomputed hash databases. This protects the Confidentiality of user passwords β an attacker cannot reverse-engineer original passwords even if they obtain the hash values.
IncorrectA: Confidentiality
Salting adds a unique random value to each password before hashing, defeating rainbow table attacks that rely on precomputed hash databases. This protects the Confidentiality of user passwords β an attacker cannot reverse-engineer original passwords even if they obtain the hash values.
16A hospital enforces strict policies that patient records cannot be deleted for 7 years. This policy primarily addresses:
CorrectC: Availability
A 7-year retention policy ensures patient records remain accessible for audits, legal proceedings, and regulatory compliance (HIPAA) over time β this is an Availability control on stored records. Records management policies directly address whether required data can be accessed when and for as long as needed.
IncorrectC: Availability
A 7-year retention policy ensures patient records remain accessible for audits, legal proceedings, and regulatory compliance (HIPAA) over time β this is an Availability control on stored records. Records management policies directly address whether required data can be accessed when and for as long as needed.
17If an organization focuses too heavily on Confidentiality (e.g., complex multi-step logins, heavily restricted networks), which pillar is most likely to suffer as a trade-off?
CorrectC: Availability
Excessive Confidentiality controls β overly complex authentication flows, heavily restricted network access, granular permission walls β can inadvertently reduce Availability by making data and systems harder to access even for authorised users. Security architects must consciously balance all three CIA pillars.
IncorrectC: Availability
Excessive Confidentiality controls β overly complex authentication flows, heavily restricted network access, granular permission walls β can inadvertently reduce Availability by making data and systems harder to access even for authorised users. Security architects must consciously balance all three CIA pillars.
18Digital Signatures utilize public key cryptography to assure the recipient that the message was not altered in transit. This provides:
CorrectB: Integrity
Digital signatures use asymmetric cryptography: the sender signs the message hash with their private key; the recipient verifies it with the sender's public key. This proves the message wasn't altered in transit and authenticates the sender β providing Integrity and non-repudiation. Note: signatures alone do not encrypt the message content.
IncorrectB: Integrity
Digital signatures use asymmetric cryptography: the sender signs the message hash with their private key; the recipient verifies it with the sender's public key. This proves the message wasn't altered in transit and authenticates the sender β providing Integrity and non-repudiation. Note: signatures alone do not encrypt the message content.
19Implementing MAC (Mandatory Access Control) labels on top-secret military files primarily upholds:
CorrectA: Confidentiality
MAC assigns security labels (Top Secret, Secret, Confidential) to both users and resources. Users can only access resources at or below their clearance level β rigidly enforcing Confidentiality. It is used in military and government systems where information cannot be disclosed based on user discretion alone.
IncorrectA: Confidentiality
MAC assigns security labels (Top Secret, Secret, Confidential) to both users and resources. Users can only access resources at or below their clearance level β rigidly enforcing Confidentiality. It is used in military and government systems where information cannot be disclosed based on user discretion alone.
CIA Triad β Advanced
1A rogue employee deletes the main customer database. This is a direct attack on:
CorrectC: Availability
Deleting the customer database makes all customer data permanently inaccessible β a direct attack on Availability. The "Destruction" component of the DAD triad maps to this scenario. Mitigation requires regular, tested backups and strict database access controls (least privilege, approved change management).
IncorrectC: Availability
Deleting the customer database makes all customer data permanently inaccessible β a direct attack on Availability. The "Destruction" component of the DAD triad maps to this scenario. Mitigation requires regular, tested backups and strict database access controls (least privilege, approved change management).
2In the Parkerian Hexagram (an extension of the CIA Triad), what three elements are added?
CorrectB: Possession, Authenticity, Utility
The Parkerian Hexagram (developed by Donn Parker) extends CIA by adding three dimensions: Possession/Control (physical control of the medium β e.g., preventing USB theft even without reading it), Authenticity (verifying claimed identity/origin), and Utility (data must be in a usable format). These address gaps that CIA alone doesn't cover.
IncorrectB: Possession, Authenticity, Utility
The Parkerian Hexagram (developed by Donn Parker) extends CIA by adding three dimensions: Possession/Control (physical control of the medium β e.g., preventing USB theft even without reading it), Authenticity (verifying claimed identity/origin), and Utility (data must be in a usable format). These address gaps that CIA alone doesn't cover.
3Which compliance mechanism is specifically designed to ensure the Integrity of financial reporting systems?
CorrectB: Segregation of Duties (SoD)
Segregation of Duties (SoD) requires that critical financial tasks are split between multiple people β no single individual can complete a high-risk transaction alone (e.g., one person requests a payment; a different person approves it). This prevents fraud and accidental errors, directly ensuring the Integrity of financial data. It is a key COSO and SOX compliance requirement.
IncorrectB: Segregation of Duties (SoD)
Segregation of Duties (SoD) requires that critical financial tasks are split between multiple people β no single individual can complete a high-risk transaction alone (e.g., one person requests a payment; a different person approves it). This prevents fraud and accidental errors, directly ensuring the Integrity of financial data. It is a key COSO and SOX compliance requirement.
4A DNS Cache Poisoning attack redirects a user from a legitimate banking site to a fake clone. Which CIA principle is technically compromised at the DNS level?
CorrectB: Integrity
DNS Cache Poisoning injects fraudulent DNS records so domain names resolve to attacker-controlled IP addresses. The Integrity of the DNS routing table is compromised β DNS records no longer accurately map domain names to correct servers. DNSSEC (DNS Security Extensions) mitigates this by cryptographically signing DNS records.
IncorrectB: Integrity
DNS Cache Poisoning injects fraudulent DNS records so domain names resolve to attacker-controlled IP addresses. The Integrity of the DNS routing table is compromised β DNS records no longer accurately map domain names to correct servers. DNSSEC (DNS Security Extensions) mitigates this by cryptographically signing DNS records.
5"Crypto-shredding" involves deliberately deleting the decryption keys for a dataset so the data can never be read again. This sacrifices Availability to guarantee:
CorrectB: Confidentiality
Crypto-shredding deliberately deletes encryption keys, making the encrypted data permanently unreadable β guaranteeing Confidentiality even when storage media cannot be physically destroyed (e.g., cloud storage, SSDs with wear-levelling). This is used for GDPR/CCPA "right to erasure" compliance. Availability is sacrificed: the data can never be accessed again.
IncorrectB: Confidentiality
Crypto-shredding deliberately deletes encryption keys, making the encrypted data permanently unreadable β guaranteeing Confidentiality even when storage media cannot be physically destroyed (e.g., cloud storage, SSDs with wear-levelling). This is used for GDPR/CCPA "right to erasure" compliance. Availability is sacrificed: the data can never be accessed again.
6Which physical security control best ensures the Availability of a Tier-4 data center?
CorrectB: Dual, independent power feeds and cooling systems
A Tier-4 data center requires 99.995% uptime (β€26 minutes of annual downtime). Dual, independent power feeds and cooling systems (fully redundant N+N architecture) are the most critical physical controls ensuring Availability. Biometric scanners and mantraps protect Confidentiality and physical access; only power/cooling redundancy directly maintains continuous Availability.
IncorrectB: Dual, independent power feeds and cooling systems
A Tier-4 data center requires 99.995% uptime (β€26 minutes of annual downtime). Dual, independent power feeds and cooling systems (fully redundant N+N architecture) are the most critical physical controls ensuring Availability. Biometric scanners and mantraps protect Confidentiality and physical access; only power/cooling redundancy directly maintains continuous Availability.
7A "Logic Bomb" is planted in a system to wipe the hard drive if a specific employee is terminated. This malware specifically targets:
CorrectC: Availability
A Logic Bomb waits until a specific trigger condition is met (employee termination) then executes a destructive payload (wipe drive). By destroying data and making systems inoperable, it specifically attacks Availability. If the goal were to steal data, it would target Confidentiality; if modifying records, it would target Integrity.
IncorrectC: Availability
A Logic Bomb waits until a specific trigger condition is met (employee termination) then executes a destructive payload (wipe drive). By destroying data and making systems inoperable, it specifically attacks Availability. If the goal were to steal data, it would target Confidentiality; if modifying records, it would target Integrity.
8Perfect Forward Secrecy (PFS) ensures that if a long-term private key is compromised in the future, past session keys cannot be decrypted. This hardens:
CorrectA: Confidentiality
PFS generates ephemeral (temporary) Diffie-Hellman session keys for each connection, discarded after use. Even if an attacker records all encrypted traffic now and later compromises the server's long-term private key, they cannot decrypt past sessions β hardening long-term Confidentiality of historical communications. TLS 1.3 mandates PFS.
IncorrectA: Confidentiality
PFS generates ephemeral (temporary) Diffie-Hellman session keys for each connection, discarded after use. Even if an attacker records all encrypted traffic now and later compromises the server's long-term private key, they cannot decrypt past sessions β hardening long-term Confidentiality of historical communications. TLS 1.3 mandates PFS.
9Bit-flipping attacks target the ciphertext of a message to predictably alter the plaintext without knowing the key. Which CIA element does this attack target?
CorrectB: Integrity
Bit-flipping exploits certain cipher modes (like CBC without authentication) by flipping bits in the ciphertext to produce predictable, controlled changes in decrypted plaintext β all without knowing the encryption key. The attacker modifies data content without reading it, which is a direct Integrity attack. Authenticated encryption (AES-GCM) prevents this.
IncorrectB: Integrity
Bit-flipping exploits certain cipher modes (like CBC without authentication) by flipping bits in the ciphertext to produce predictable, controlled changes in decrypted plaintext β all without knowing the encryption key. The attacker modifies data content without reading it, which is a direct Integrity attack. Authenticated encryption (AES-GCM) prevents this.
10Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP) are the ultimate administrative safeguards for:
CorrectC: Availability
DRP defines how to restore IT systems after a disaster (RTO/RPO targets). BCP defines how to maintain critical business operations during and after a disaster. Both are the highest-level administrative safeguards for Availability β ensuring that even in catastrophic scenarios, operations continue and systems recover within acceptable time frames.
IncorrectC: Availability
DRP defines how to restore IT systems after a disaster (RTO/RPO targets). BCP defines how to maintain critical business operations during and after a disaster. Both are the highest-level administrative safeguards for Availability β ensuring that even in catastrophic scenarios, operations continue and systems recover within acceptable time frames.
11An attacker uses a protocol downgrade attack (forcing a server to use an old, weak encryption protocol) to decrypt network traffic. This targets:
CorrectA: Confidentiality
Protocol downgrade attacks (like POODLE, BEAST, FREAK) force a server to negotiate a weaker, older encryption protocol (e.g., SSLv3 instead of TLS 1.3). Once using weak encryption, an attacker can decrypt the traffic β directly targeting Confidentiality of data in transit. HSTS (HTTP Strict Transport Security) and disabling legacy protocols prevent downgrade attacks.
IncorrectA: Confidentiality
Protocol downgrade attacks (like POODLE, BEAST, FREAK) force a server to negotiate a weaker, older encryption protocol (e.g., SSLv3 instead of TLS 1.3). Once using weak encryption, an attacker can decrypt the traffic β directly targeting Confidentiality of data in transit. HSTS (HTTP Strict Transport Security) and disabling legacy protocols prevent downgrade attacks.
12Which cryptographic concept provides Confidentiality, Integrity, and Authenticity for data in transit?
CorrectB: IPsec / TLS
IPsec (at Layer 3) and TLS (at Layer 4/7) both provide: encryption (Confidentiality), data integrity verification via MACs/HMAC (Integrity), and mutual authentication of communicating parties (Authenticity). They address all three CIA pillars for data in transit. MD5 only provides Integrity; Base64 is encoding (not security); RAID 5 only provides Availability.
IncorrectB: IPsec / TLS
IPsec (at Layer 3) and TLS (at Layer 4/7) both provide: encryption (Confidentiality), data integrity verification via MACs/HMAC (Integrity), and mutual authentication of communicating parties (Authenticity). They address all three CIA pillars for data in transit. MD5 only provides Integrity; Base64 is encoding (not security); RAID 5 only provides Availability.
13A Message Authentication Code (MAC) uses a shared secret key to generate a tag for a message. What does the MAC guarantee?
CorrectB: Integrity and Authenticity
A MAC/HMAC appended to a message allows the recipient to verify the message wasn't altered (Integrity) and that it came from a party who holds the shared secret key (Authenticity). Critically, MAC does NOT provide Confidentiality β the message body itself is not encrypted and remains readable to anyone who intercepts it.
IncorrectB: Integrity and Authenticity
A MAC/HMAC appended to a message allows the recipient to verify the message wasn't altered (Integrity) and that it came from a party who holds the shared secret key (Authenticity). Critically, MAC does NOT provide Confidentiality β the message body itself is not encrypted and remains readable to anyone who intercepts it.
14A cloud provider experiences a "hypervisor breakout" where a malicious tenant reads the memory space of another tenant's Virtual Machine. This is a massive failure of:
CorrectA: Confidentiality
A hypervisor breakout (VM escape) allows a malicious VM tenant to escape its isolated environment and access the memory space of other VMs on the same physical host. This is a catastrophic breach of Confidentiality β one tenant can read another's sensitive data, cryptographic keys, and credentials despite full hardware virtualisation isolation.
IncorrectA: Confidentiality
A hypervisor breakout (VM escape) allows a malicious VM tenant to escape its isolated environment and access the memory space of other VMs on the same physical host. This is a catastrophic breach of Confidentiality β one tenant can read another's sensitive data, cryptographic keys, and credentials despite full hardware virtualisation isolation.
15What is the impact of a "hash collision" on the CIA triad?
CorrectB: It compromises Integrity
A hash collision occurs when two different inputs produce the same hash output. This breaks the trust that a specific hash uniquely identifies a file β an attacker could substitute a legitimate file with malicious content while preserving the same hash value. Integrity verification via checksums can no longer be trusted, directly compromising Integrity.
IncorrectB: It compromises Integrity
A hash collision occurs when two different inputs produce the same hash output. This breaks the trust that a specific hash uniquely identifies a file β an attacker could substitute a legitimate file with malicious content while preserving the same hash value. Integrity verification via checksums can no longer be trusted, directly compromising Integrity.
16Implementing a Web Application Firewall (WAF) to drop malicious inputs (like XSS or SQLi payloads) primarily protects the database's:
CorrectB: Integrity and Confidentiality
A WAF drops SQL injection payloads (which would modify/exfiltrate database records) and XSS payloads (which would execute scripts to steal session cookies). By blocking SQLi, it preserves Integrity (prevents unauthorised data modification) and Confidentiality (prevents unauthorised data exfiltration). It operates at OSI Layer 7 (Application layer).
IncorrectB: Integrity and Confidentiality
A WAF drops SQL injection payloads (which would modify/exfiltrate database records) and XSS payloads (which would execute scripts to steal session cookies). By blocking SQLi, it preserves Integrity (prevents unauthorised data modification) and Confidentiality (prevents unauthorised data exfiltration). It operates at OSI Layer 7 (Application layer).
17In a Zero Trust model, "micro-segmentation" restricts east-west network traffic, preventing lateral movement if a breach occurs. This primarily enhances:
CorrectA: Confidentiality
Micro-segmentation divides a network into isolated zones with granular security policies controlling inter-zone traffic. Even if an attacker breaches one segment, they cannot read data from other segments. By preventing lateral movement and limiting blast radius, it primarily enhances Confidentiality: sensitive data in other segments remains inaccessible to the attacker.
IncorrectA: Confidentiality
Micro-segmentation divides a network into isolated zones with granular security policies controlling inter-zone traffic. Even if an attacker breaches one segment, they cannot read data from other segments. By preventing lateral movement and limiting blast radius, it primarily enhances Confidentiality: sensitive data in other segments remains inaccessible to the attacker.
18If a system requires symmetric encryption for a database, but the encryption key is accidentally published on GitHub, which pillars are at risk?
CorrectC: Confidentiality and Integrity (if the attacker alters and re-encrypts data)
An exposed symmetric key creates two risks: (1) Confidentiality β anyone can decrypt and read all data encrypted with that key; (2) Integrity β an attacker can decrypt data, silently alter it, and re-encrypt it, with the modifications appearing legitimate since they hold the key. Both CIA pillars are compromised when an encryption key is publicly exposed.
IncorrectC: Confidentiality and Integrity (if the attacker alters and re-encrypts data)
An exposed symmetric key creates two risks: (1) Confidentiality β anyone can decrypt and read all data encrypted with that key; (2) Integrity β an attacker can decrypt data, silently alter it, and re-encrypt it, with the modifications appearing legitimate since they hold the key. Both CIA pillars are compromised when an encryption key is publicly exposed.
19A network engineer implements BGP Route Origin Validation (ROV) to prevent BGP hijacking. This protects the network's:
CorrectB: Integrity (of the routing tables) and Availability (of the destination)
BGP hijacking allows attackers to maliciously reroute internet traffic by announcing false IP prefix ownership. BGP ROV with RPKI cryptographically verifies route announcements, protecting: Integrity (routing tables accurately reflect legitimate ownership) and Availability (traffic reaches its correct destination rather than a black hole or attacker's server).
IncorrectB: Integrity (of the routing tables) and Availability (of the destination)
BGP hijacking allows attackers to maliciously reroute internet traffic by announcing false IP prefix ownership. BGP ROV with RPKI cryptographically verifies route announcements, protecting: Integrity (routing tables accurately reflect legitimate ownership) and Availability (traffic reaches its correct destination rather than a black hole or attacker's server).
20In the context of the CIA triad, what does "Fail-Safe" system design primarily attempt to preserve during a catastrophic error?
CorrectA: Confidentiality and Integrity (by shutting down rather than leaking data)
Fail-Safe design dictates that if a system encounters an unrecoverable error, it defaults to a secure, closed state β denying access rather than granting it. By shutting down on failure, it prevents data leakage (Confidentiality) and prevents unauthorised modifications during an unstable state (Integrity). Staying online with weakened security would sacrifice both in exchange for Availability.
IncorrectA: Confidentiality and Integrity (by shutting down rather than leaking data)
Fail-Safe design dictates that if a system encounters an unrecoverable error, it defaults to a secure, closed state β denying access rather than granting it. By shutting down on failure, it prevents data leakage (Confidentiality) and prevents unauthorised modifications during an unstable state (Integrity). Staying online with weakened security would sacrifice both in exchange for Availability.
21The use of "Write-Once-Read-Many" (WORM) storage drives for legal archiving directly enforces:
CorrectB: Integrity
WORM storage permanently prevents modification or deletion of written data β once written, records cannot be altered, overwritten, or deleted even by administrators. This directly enforces Integrity for compliance: legal records, audit logs, and financial data remain tamper-proof. WORM is mandated by SEC 17a-4, HIPAA, and other regulations for immutable archiving.
IncorrectB: Integrity
WORM storage permanently prevents modification or deletion of written data β once written, records cannot be altered, overwritten, or deleted even by administrators. This directly enforces Integrity for compliance: legal records, audit logs, and financial data remain tamper-proof. WORM is mandated by SEC 17a-4, HIPAA, and other regulations for immutable archiving.
Conclusion: Mastering the CIA Triad
These 60 MCQs cover the full spectrum of CIA Triad knowledge β from recognising which pillar a DDoS attack violates, to understanding why Perfect Forward Secrecy hardens Confidentiality, to knowing why WORM storage enforces Integrity for legal compliance.
The key to mastering CIA Triad questions is building a mental model: Confidentiality = who can see it, Integrity = is it accurate, Availability = can it be accessed. Once this framework is internalised, identifying violated pillars in complex scenarios becomes systematic rather than guesswork.
After completing this MCQ set, deepen your knowledge with the full CIA Triad theory notes and practice with Introduction to Cybersecurity MCQs to see these concepts applied in broader security contexts.
Key Takeaways β CIA Triad
- C β Confidentiality: Only authorised users can read the data. Enforced by: encryption, access controls, data masking, steganography.
- I β Integrity: Data is accurate and unaltered. Enforced by: hashing, digital signatures, checksums, version control, RBAC read-only.
- A β Availability: Data is accessible when needed. Enforced by: backups, RAID, redundancy, UPS, load balancers, DRP/BCP.
- DAD mapping: Disclosure β Confidentiality, Alteration β Integrity, Destruction β Availability.
- Hashing provides Integrity β it does NOT provide Confidentiality (it does not encrypt data).
- Ransomware primarily attacks Availability β it makes data inaccessible, not necessarily disclosed.
- DDoS attacks Availability; eavesdropping attacks Confidentiality; data tampering attacks Integrity.
- Over-securing Confidentiality can degrade Availability β CIA pillars require conscious balancing.
- The Parkerian Hexagram adds Possession, Authenticity, and Utility to CIA.
- WORM storage and Segregation of Duties are compliance-grade Integrity enforcement mechanisms.
Quick Review & Summary
Use this table to consolidate CIA Triad mappings before or after attempting the questions above.
| Scenario / Control | CIA Pillar Affected | DAD Counterpart |
|---|---|---|
| Encryption (AES, RSA, TLS) | Confidentiality β | Prevents Disclosure |
| Hashing (SHA-256, MD5 checksum) | Integrity β | Detects Alteration |
| Backups & RAID | Availability β | Recovers from Destruction |
| DDoS Attack | Availability β | Destruction |
| Eavesdropping / Packet Sniffing | Confidentiality β | Disclosure |
| Data Tampering / MitM (modify) | Integrity β | Alteration |
| Ransomware (encrypt + ransom) | Availability β | Destruction |
| Digital Signatures | Integrity β | Prevents Alteration |
| 2FA / MFA | Confidentiality β | Prevents Disclosure |
| Load Balancers | Availability β | Prevents Destruction |
Frequently Asked Questions
Q. How many CIA Triad MCQs are available on this page?
Q. What topics do these CIA Triad MCQs cover?
Q. Are these MCQs suitable for CompTIA Security+ exam preparation?
Q. What is the DAD Triad and how does it relate to CIA?
Q. What is the difference between Study Mode and Exam Mode?
Q. Can I use these MCQs to prepare for university cybersecurity exams?
Q. What is the Parkerian Hexagram and why does it extend the CIA Triad?
Struggling with some questions? Re-read the full Theory Guide: CIA Triad