Question 1mediummultiple choice
Full question →mediummultiple choiceObjective-mapped
Which statement best describes confidentiality in the CIA triad?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
Preventing unauthorized disclosure of information
This is correct because confidentiality focuses on keeping information from unauthorized viewing.
B
Distractor review
Ensuring systems are online at all times
This is wrong because that is an availability-oriented idea.
C
Distractor review
Recording every command entered on a router
This is wrong because that is more related to accounting.
D
Distractor review
Automatically correcting every changed file
This is wrong because confidentiality is not the same as automatic correction.
Common exam trap
Common exam trap: answer the scenario, not the keyword
A frequent exam trap is mistaking confidentiality for availability or integrity. Candidates often select options related to system uptime or data correction, which actually describe availability and integrity respectively. For instance, ensuring systems are online (availability) or automatically correcting changed files (integrity) do not address confidentiality’s core goal of preventing unauthorized data disclosure. This confusion arises because all three concepts are part of the CIA triad but serve distinct purposes. Recognizing that confidentiality specifically protects data privacy helps avoid this common pitfall.
Technical deep dive
How to think about this question
Confidentiality in the CIA triad refers to the protection of information from unauthorized access or disclosure. It ensures that sensitive data is only accessible to those with the proper permissions, preventing exposure to unauthorized users. In Cisco networking contexts, confidentiality is often maintained through technologies like Access Control Lists (ACLs), encryption protocols such as IPsec, and secure management access methods like SSH. The decision process for maintaining confidentiality involves implementing controls that restrict data access and transmission to authorized entities only. This includes configuring ACLs to filter traffic, using encryption to protect data in transit, and enforcing authentication mechanisms to verify user identities. Confidentiality differs from integrity, which focuses on preventing unauthorized data modification, and availability, which ensures network resources remain accessible. A common exam trap is confusing confidentiality with availability or integrity. For example, availability ensures systems are operational, not that data is hidden, while integrity ensures data is accurate and unaltered. In practical Cisco network environments, failing to enforce confidentiality can lead to data breaches, while overemphasizing availability without confidentiality can expose sensitive information. Understanding these distinctions is critical for correctly answering CCNA questions on security fundamentals.
KKey Concepts to Remember
- Confidentiality prevents unauthorized users from accessing or viewing sensitive information in a Cisco network environment.
- Access Control Lists (ACLs) enforce confidentiality by filtering traffic and restricting data access to authorized devices or users.
- Encryption protocols like IPsec protect confidentiality by securing data transmitted across untrusted networks.
- Confidentiality differs from integrity, which ensures data is not altered without authorization, and availability, which ensures network resources remain accessible.
- Authentication mechanisms such as SSH support confidentiality by verifying user identities before granting access to network devices.
- Misunderstanding confidentiality as availability or integrity leads to incorrect exam answers related to uptime or data correction.
- Cisco security best practices require implementing confidentiality controls to protect management traffic and sensitive data from unauthorized disclosure.
- Confidentiality is a foundational security principle tested in CCNA exams to assess understanding of protecting data privacy in networking.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?
Question 2
A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?
Question 3
What is the OSPF metric called?
Question 4
A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?
Question 5
A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?
Question 6
A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?
FAQ
Questions learners often ask
What does this 200-301 question test?
Confidentiality prevents unauthorized users from accessing or viewing sensitive information in a Cisco network environment.
What is the correct answer to this question?
The correct answer is: Preventing unauthorized disclosure of information — Confidentiality is about preventing unauthorized disclosure of information. In plain language, it means making sure the wrong people cannot see data they are not supposed to access. This is different from integrity, which focuses on preventing unauthorized changes, and availability, which focuses on keeping systems usable. That is why confidentiality is the best answer here.
What should I do if I get this 200-301 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.