Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›CC›Objectives›Security Principles
Objective 1.0

Security Principles

CC Practice Questions

Use this page to practise Security Principles questions for this certification. Focus on how the exam tests security principles in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Full Practice Test →All Objectives

What this objective tests

CC Security Principles — Key Topics

Security Principles questions on this certification test your ability to deploy and manage security principles concepts in scenario-based situations.

  • Core Security Principles concepts and how they apply in real-world cloud scenarios.
  • How to deploy security principles correctly and verify the outcome.
  • Troubleshooting security principles issues by interpreting error output and system state.
  • Cloud best practices and Security Principles design trade-offs tested by this certification.

Common exam traps

Where candidates lose marks on Security Principles

  • ⚠Selecting the most expensive service when a simpler managed option meets the requirement.
  • ⚠Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • ⚠Choosing a global service fix when the issue is region-specific.
  • ⚠Overlooking cost implications of cross-region data transfer in architecture questions.

CC Security Principles — Practice Questions

30 questions from this objective

Question 2easymultiple choice
Full question →

A security analyst discovers that an employee's workstation has been infected with ransomware. Which security principle has been directly violated?

Question 3mediummultiple choice
Full question →

A company is designing a new authentication system for remote employees. They want to ensure that if one authentication factor is compromised, the system remains secure. Which security principle should they apply?

Question 4hardmultiple choice
Full question →

During a security audit, it is found that a database administrator can access payroll data. The company policy states that administrators should not have access to sensitive HR data. Which security principle is being violated?

Question 5easymultiple choice
Full question →

A company has implemented a policy where all employees must use a smart card and PIN to access the data center. Which security principle does this practice support?

Question 6mediummultiple choice
Full question →

A security engineer is configuring a firewall to allow web traffic but block all other inbound connections. The firewall is set to deny all traffic by default and only allow specific ports. Which security principle is being applied?

Question 7hardmultiple choice
Full question →

An organization is implementing a new system that processes financial transactions. To reduce the risk of fraud, they ensure that no single individual can both initiate and approve a transaction. Which security principle is this?

Question 8easymultiple choice
Full question →

A company's security policy states that employees should only have access to the data necessary to perform their job functions. This is an example of which principle?

Question 9mediummultiple choice
Full question →

After a security breach, it was discovered that an attacker used a stolen certificate to sign malicious code. Which security principle was compromised?

Question 10hardmultiple choice
Full question →

A security analyst is reviewing logs and finds that a user accessed files outside of their department. The user claims it was necessary for a project. Which principle should the analyst use to assess whether this was appropriate?

Question 11mediummultiple choice
Full question →

A company wants to ensure that if a server fails, it does not cause a security breach. Which principle should guide the design?

Question 12easymultiple choice
Full question →

A security team implements a policy that requires all access to sensitive data to be logged and audited. Which principle is being enforced?

Question 13mediummulti select
Full question →

Which TWO of the following are fundamental security principles? (Select TWO.)

Question 14hardmulti select
Full question →

Which THREE of the following are examples of implementing defense in depth? (Select THREE.)

Question 15easymulti select
Full question →

Which TWO of the following are principles of the CIA triad? (Select TWO.)

Question 16mediummulti select
Full question →

Which THREE of the following are examples of the principle of least privilege? (Select THREE.)

Question 17mediummultiple choice
Full question →

An analyst reviews the exhibit. Which security principle is being violated by allowing root login via SSH?

Exhibit

Refer to the exhibit.

```
Oct 15 10:23:45 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:46 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:47 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:48 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:49 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
```
Question 18hardmultiple choice
Full question →

An analyst reviews the exhibit. What security principle is best demonstrated by this policy?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::bucket1/*",
      "Condition": {
        "IpAddress": {"aws:SourceIp": "10.0.0.0/24"}
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::bucket2/*"
    }
  ]
}
```
Question 19easymultiple choice
Full question →

An administrator reviews the exhibit. Which security principle is being violated?

Exhibit

Refer to the exhibit.

```
User: jdoe
Groups: Domain Users, VPN Users, HR-Read
Effective Permissions on \\server\HRDocs:
  - Read
  - Write (inherited from HR-Read group)
  - Deny Delete
```
Question 20mediummultiple choice
Full question →

A mid-sized company has a network with 200 employees. The security team has implemented a policy that requires all employees to use complex passwords and change them every 60 days. However, the company has experienced multiple phishing attacks where employees have willingly provided their credentials to fake websites. The CEO wants to implement a more robust authentication method. The company uses Microsoft Active Directory and has a budget for new security tools. They also have a remote workforce. Which of the following is the BEST course of action to address the phishing risk?

Question 21hardmultiple choice
Full question →

A financial services firm has a data center that houses customer financial records. They have implemented a defense-in-depth strategy including firewalls, IDS/IPS, and encryption. Recently, an internal audit revealed that a junior administrator has been logging into the database server with a shared admin account and has made unauthorized changes to customer records. The company wants to prevent such incidents in the future while maintaining operational efficiency. The current environment uses Linux servers with PostgreSQL databases. There is no centralized authentication system. What is the BEST action to take?

Question 22easymultiple choice
Full question →

A security administrator notices that a user with standard privileges was able to modify a system file. Which security principle has been violated?

Question 23mediummultiple choice
Full question →

A company deploys a web application firewall (WAF), performs regular vulnerability scans, and implements strict access controls. Which security principle is being applied?

Question 24hardmultiple choice
Full question →

An organization requires that two separate administrators approve and implement changes to firewall rules. This practice enforces which security principle?

Question 25mediummulti select
Full question →

Which TWO of the following are core principles of information security?

Question 26mediummultiple choice
Full question →

Refer to the exhibit. What action did the firewall take on the traffic from 10.0.1.15 to 10.0.2.10?

Exhibit

Refer to the exhibit.

syslog: 2025-03-15T10:23:45Z FW01 %SEC-6-IPACCESSLOGP: list 101 denied tcp 10.0.1.15(54321) -> 10.0.2.10(23), 1 packet
Question 27hardmultiple choice
Full question →

A small e-commerce company hosts its web application on a single server with a public IP address. The server runs a Linux OS with Apache, MySQL, and PHP. The company recently experienced a data breach where an attacker gained access to the customer database. The investigation reveals that the attacker exploited a vulnerability in the PHP application to execute arbitrary commands. The server logs show that the attacker used an unauthenticated HTTP POST request to a legacy script that should have been removed. Additionally, the server had default firewall rules allowing all inbound traffic on ports 80 and 443. The company wants to prevent future breaches without redesigning the entire application. Which course of action is the most effective?

Question 28mediummultiple choice
Full question →

A company's security policy requires that all data at rest be encrypted. Which of the following is the BEST approach to ensure compliance while maintaining performance?

Question 29easymultiple choice
Full question →

A security administrator notices that an employee is able to access files in a project folder they should not have access to. Which security principle is being violated?

Question 30hardmultiple choice
Full question →

A company is designing a new application that processes credit card payments. They want to ensure that no single administrator can bypass security controls to approve a fraudulent transaction. Which principle should be implemented?

Question 31easymultiple choice
Full question →

An organization wants to ensure that data remains unaltered during transmission over the internet. Which security goal is being addressed?

More Security Principles questions available in the full practice test.

Continue Practising →

Next objective

Network Security

→

All CC Objectives

  • 1.Security Principles
  • 4.Network Security
  • 5.Security Operations