CCNA Security Principles Questions

75 of 159 questions · Page 2/3 · Security Principles · Answers revealed

76
MCQhard

An organization is designing a security architecture for a cloud-based application. They implement firewalls, intrusion detection systems, and encryption, and also conduct regular security awareness training. This approach demonstrates which security principle?

A.Defense in depth
B.Security through obscurity
C.Least privilege
D.Separation of duties
AnswerA

Defense in depth uses multiple layers of security controls, both technical and administrative.

Why this answer

Defense in depth uses multiple layered controls. The combination of technical and administrative controls is key.

77
MCQmedium

An organization deploys firewalls at the network perimeter, antivirus on endpoints, and encryption for data at rest. This approach best exemplifies which security principle?

A.Separation of duties
B.Diversity of defense
C.Least privilege
D.Defense in depth
AnswerD

Defense in depth uses multiple, overlapping controls.

Why this answer

Correct: A - Defense in depth. Defense in depth uses multiple, overlapping security controls. Option B is wrong because least privilege limits access.

Option C is wrong because separation of duties divides responsibilities. Option D is wrong because diversity of defense is not a standard principle.

78
MCQhard

A company is designing a new application that processes credit card payments. They want to ensure that no single administrator can bypass security controls to approve a fraudulent transaction. Which principle should be implemented?

A.Separation of duties
B.Defense in depth
C.Least privilege
D.Need to know
AnswerA

Separation of duties ensures that no single individual has control over all parts of a critical transaction, reducing fraud risk.

Why this answer

Separation of duties ensures that no single administrator has the authority to both initiate and approve a credit card transaction. By dividing critical functions among multiple individuals, the company prevents a single compromised account from authorizing fraudulent payments. This principle directly addresses the risk of insider threats or credential misuse in payment processing systems.

Exam trap

ISC2 often tests separation of duties by presenting a scenario about preventing fraud or abuse, and the trap is that candidates confuse it with least privilege, thinking limiting permissions alone solves the problem, when in fact the core issue is splitting conflicting tasks across different people.

How to eliminate wrong answers

Option B (Defense in depth) is wrong because it refers to multiple layers of security controls (e.g., firewalls, IDS, encryption) rather than dividing administrative responsibilities. Option C (Least privilege) is wrong because it limits access rights to the minimum necessary for a role, but does not prevent a single administrator from having both the ability to create and approve a transaction. Option D (Need to know) is wrong because it restricts access to information based on job function, not the separation of conflicting duties in a transaction workflow.

79
MCQhard

A financial institution requires that no single employee can both initiate and approve a wire transfer. This policy enforces which security principle?

A.Separation of duties
B.Defense in depth
C.Least privilege
D.Need to know
AnswerA

Separation of duties ensures no single person has control over all parts of a transaction.

Why this answer

Separation of duties prevents fraud by dividing critical tasks. Least privilege limits access, but here it's about task division.

80
Multi-Selecteasy

Which TWO of the following are fundamental principles of information security that form the CIA triad?

Select 2 answers
A.Confidentiality
B.Integrity
C.Privacy
D.Non-repudiation
E.Accountability
AnswersA, B

Confidentiality ensures data is accessible only to authorized parties.

Why this answer

Correct: Confidentiality and Integrity are part of the CIA triad. Option B (Non-repudiation) is not part of CIA; Option D (Accountability) is not; Option E (Privacy) is related but not a core CIA principle.

81
MCQhard

A security professional is evaluating a system that uses a trust model where every component authenticates to each other before communicating. Which security principle does this model exemplify?

A.Least privilege
B.Separation of duties
C.Non-repudiation
D.Defense in depth
AnswerD

Mutual authentication adds a layer of security, exemplifying defense in depth.

Why this answer

Correct: A - Defense in depth. While zero trust is a model, defense in depth is the principle of multiple layers; mutual authentication is one layer. Option B is wrong because least privilege is about access rights.

Option C is wrong because separation of duties divides roles. Option D is wrong because non-repudiation prevents denial.

82
MCQeasy

A security team configures a system to record all user activities for audit purposes. Which principle is being applied?

A.Accountability
B.Integrity
C.Authentication
D.Confidentiality
AnswerA

Accountability ensures actions can be traced via logs.

Why this answer

Correct: A - Accountability. Accountability ensures actions can be traced to an individual through logging. Option B is wrong because authentication verifies identity.

Option C is wrong because confidentiality prevents unauthorized disclosure. Option D is wrong because integrity ensures data accuracy.

83
MCQmedium

An organization wants to implement defense in depth for its web application. Which combination of controls best illustrates this principle?

A.A strict perimeter firewall without internal controls.
B.Encryption at rest only.
C.A firewall, intrusion detection system, and regular security awareness training.
D.A single strong password policy.
AnswerC

This combines technical, physical, and administrative controls at multiple layers, which is defense in depth.

84
MCQhard

A security incident report indicates that an employee used their access to view confidential records unrelated to their job. Which security principle was most likely violated?

A.Separation of duties
B.Availability
C.Least privilege
D.Non-repudiation
AnswerC

Least privilege requires limiting access to only what is necessary for job functions; the employee had excessive access.

85
Multi-Selectmedium

Which TWO of the following are core principles of information security?

Select 2 answers
A.Authentication
B.Integrity
C.Confidentiality
D.Non-repudiation
E.Availability
AnswersB, C

Integrity ensures data is accurate and not modified improperly.

Why this answer

The core principles of information security are the CIA triad: Confidentiality, Integrity, and Availability. Integrity (B) ensures data has not been altered or tampered with, typically verified through hashing algorithms like SHA-256 or HMAC. Confidentiality (C) protects data from unauthorized access, often enforced via encryption (e.g., AES-256).

These three form the foundational security model, while other options are supporting mechanisms.

Exam trap

ISC2 often tests whether candidates can distinguish between core principles (CIA triad) and supporting security services (authentication, non-repudiation), leading many to incorrectly select authentication or non-repudiation as core principles instead of availability.

86
MCQeasy

A small business wants to protect its customer data by ensuring that only employees who need access to perform their jobs can view it. Which security principle is being applied?

A.Separation of duties
B.Defense in depth
C.Least privilege
D.Need-to-know
AnswerC

Least privilege ensures users have only necessary permissions.

Why this answer

Least privilege grants users only the permissions necessary to perform their job functions. Option A (Separation of duties) divides critical tasks among multiple people. Option C (Defense in depth) uses multiple layers of security.

Option D (Need-to-know) restricts access to specific data required for a role, but least privilege is the overarching principle.

87
MCQmedium

A healthcare organization uses a legacy application that stores patient records in plain text. The IT team is planning to upgrade the system but needs to ensure compliance with HIPAA. The new system will be hosted on-premises and accessed by doctors and nurses via a web portal. The security team proposes implementing a VPN for remote access, but the CEO wants to allow access from any device without VPN for convenience. Which principle should guide the decision?

A.Defense in depth
B.Least privilege
C.Security is an enabler
D.Risk acceptance
AnswerA

Defense in depth emphasizes multiple layers; a VPN alone is insufficient.

Why this answer

Defense in depth emphasizes multiple layers of security; a VPN alone is insufficient to protect sensitive health records. The CEO's request sacrifices security for convenience, and risk acceptance is not the best approach when stronger controls are feasible.

88
MCQmedium

Refer to the exhibit. What action did the firewall take on the traffic from 10.0.1.15 to 10.0.2.10?

A.Logged and permitted
B.Denied the traffic
C.Permitted the traffic
D.Translated the source address
AnswerB

The syslog message explicitly states 'denied'.

Why this answer

The firewall denied the traffic from 10.0.1.15 to 10.0.2.10 because the access control list (ACL) or security policy explicitly denies the source IP 10.0.1.15, as shown in the exhibit. The firewall processes rules sequentially, and the first matching rule for this traffic is a deny entry, so the packet is dropped without further inspection or logging unless specified.

Exam trap

ISC2 often tests the sequential processing of ACLs, where candidates mistakenly think a later permit rule overrides an earlier deny rule, but the first match always wins.

How to eliminate wrong answers

Option A is wrong because the firewall did not log the traffic; the exhibit shows no log keyword on the matching deny rule, and logging is only triggered by a permit or explicit log action. Option C is wrong because the traffic was not permitted; the first matching rule is a deny, so the packet is dropped before any permit rule is evaluated. Option D is wrong because source NAT (translation) is not applied; NAT rules are typically evaluated after ACLs, and the traffic was denied before any translation could occur.

89
MCQeasy

A government agency stores classified documents on a secure server. The server is connected to the internet, but access is restricted using a firewall and requires two-factor authentication. An auditor discovers that the server's operating system has not been patched for over a year, making it vulnerable to remote code execution attacks. Which security principle is most directly compromised by this missing patch, and what is the best corrective action?

A.Confidentiality; test the patch in a dev environment first before applying to production
B.Non-repudiation; disconnect the server from the internet
C.Integrity; apply the security patch immediately
D.Availability; use a load balancer to distribute traffic
AnswerC

Prompt patching restores the integrity of the system and closes the vulnerability.

Why this answer

Correct: Availability and integrity could be compromised by unpatched vulnerabilities. The best action is to apply the patch (B) as soon as possible. Option A is wrong because patching after testing is good but immediate application is needed; Option A delays; Option C is wrong because it doesn't fix the vulnerability; Option D is wrong because disconnecting all servers is excessive.

90
Multi-Selecteasy

Which THREE of the following are considered fundamental security principles? (Select three).

Select 3 answers
A.Separation of duties
B.Single sign-on
C.Hashing
D.Least privilege
E.Defense in depth
AnswersA, D, E

Correct. Separation of duties is a key principle to prevent fraud and error.

Why this answer

Separation of duties is a fundamental security principle that prevents any single individual from having excessive control over critical processes by dividing responsibilities among multiple people. This reduces the risk of fraud, error, or abuse, as collusion would be required to bypass controls. It is a core concept in access control models and compliance frameworks like SOX and PCI DSS.

Exam trap

ISC2 often tests the distinction between a security principle (a high-level design guideline) and a security mechanism (a specific tool or technology), so candidates mistakenly select SSO or hashing because they are security-related, but they are not fundamental principles.

91
MCQeasy

A security analyst discovers that an employee's workstation has been infected with ransomware. Which security principle has been directly violated?

A.Availability
B.Least privilege
C.Separation of duties
D.Defense in depth
AnswerB

Correct. The user likely had excessive permissions.

Why this answer

Ransomware directly violates the availability security principle because it encrypts files and systems, rendering them inaccessible to authorized users. While the infection may also impact confidentiality or integrity, the immediate and primary effect is denial of access to data and services, which is a breach of availability.

Exam trap

ISC2 often tests the distinction between the CIA triad principles, and the trap here is that candidates confuse the cause (ransomware) with the principle violated, mistakenly thinking 'least privilege' is the answer because the infection occurred, but the direct violation is availability, not least privilege.

How to eliminate wrong answers

Option A is wrong because availability is the principle that is violated, not the one that was directly violated by the ransomware; the question asks which principle has been directly violated, and availability is the correct answer, so this option is actually correct but the question expects the principle that was violated, not the one that was not. Option C is wrong because separation of duties is a control to prevent fraud or errors by dividing responsibilities among multiple people; it is not directly violated by ransomware, which is a technical attack on data access. Option D is wrong because defense in depth is a strategy of layering multiple security controls, not a security principle; the question asks for a security principle, and defense in depth is a design approach, not a principle like confidentiality, integrity, or availability.

92
MCQmedium

A company's security policy requires that all data at rest be encrypted. Which of the following is the BEST approach to ensure compliance while maintaining performance?

A.Deploy full disk encryption on all endpoints and servers.
B.Use database encryption to protect sensitive data.
C.Apply network encryption using TLS for all data transfers.
D.Implement file-level encryption for sensitive files only.
AnswerA

Full disk encryption encrypts the entire drive, ensuring all data at rest is protected with minimal performance overhead when using hardware-based encryption.

Why this answer

Full disk encryption (FDE) encrypts the entire storage volume, including the operating system, applications, and all data at rest, ensuring compliance with a policy requiring all data at rest to be encrypted. FDE operates at the block level, typically using AES-256, with minimal performance overhead because encryption and decryption are handled by the disk controller or CPU with hardware acceleration (e.g., AES-NI), making it the best approach for maintaining performance while meeting the broad requirement.

Exam trap

ISC2 often tests the distinction between 'data at rest' and 'data in transit' encryption, and the trap here is that candidates may choose database or file-level encryption because they think it is more targeted, but they overlook the policy's explicit 'all data at rest' requirement, which only full disk encryption satisfies comprehensively.

How to eliminate wrong answers

Option B is wrong because database encryption only protects data within the database, leaving other data at rest (e.g., OS files, logs, temp files) unencrypted, failing the 'all data at rest' requirement. Option C is wrong because network encryption (TLS) protects data in transit, not data at rest, so it does not address the policy requirement at all. Option D is wrong because file-level encryption only encrypts specific files, leaving other data at rest (e.g., system files, swap space, unencrypted directories) exposed, and it often introduces higher performance overhead due to per-file cryptographic operations and key management.

93
MCQeasy

A system administrator must grant a help desk technician the ability to reset user passwords but not change user roles. Which security principle does this scenario enforce?

A.Accountability
B.Principle of least privilege
C.Need-to-know
D.Non-repudiation
AnswerB

The technician has only the necessary permissions (password reset) and no extra privileges (role changes).

Why this answer

Least privilege ensures users have only the permissions needed. Granting password reset but not role changes limits permissions to the job function. Option A is correct.

Option B (need-to-know) limits data access. Option C (accountability) tracks actions. Option D (non-repudiation) ensures actions can't be denied.

94
MCQeasy

An administrator reviews the exhibit. Which security principle is being violated?

A.Non-repudiation
B.Separation of duties
C.Least privilege
D.Accountability
AnswerC

Correct. Write access may be excessive.

Why this answer

The user has write access to HR documents, which may not be necessary for their role, violating least privilege.

95
MCQhard

A security analyst reviews this firewall log entry. What type of activity is most likely being attempted?

A.A legitimate SMB file sharing connection from an internal client.
B.A potential SMB exploitation attempt from an external host.
C.A port scan attempt on port 445.
D.An outbound connection to an SMB server.
AnswerB

The SYN packet to port 445 from an external source is typical of SMB exploits such as EternalBlue.

Why this answer

The log shows a TCP SYN packet from a high source port to destination port 445 (SMB), commonly used in ransomware attacks like EternalBlue.

96
MCQeasy

A company's security policy requires that employees must change their passwords every 90 days and passwords must be at least 12 characters. Which security principle is being enforced?

A.Integrity
B.Availability
C.Non-repudiation
D.Confidentiality
AnswerA

Regularly changing and strengthening passwords ensures that credentials remain valid and are not compromised, which upholds integrity.

Why this answer

Option B is correct because password complexity and expiration directly support the integrity of authentication by making it harder for attackers to guess or reuse credentials. Confidentiality (A) is about secrecy, but the primary goal here is ensuring that only authorized users can access systems (integrity of access control). Availability (C) and non-repudiation (D) are not the main focus.

97
MCQhard

During an incident response, a forensics analyst captures a memory dump from a compromised server. The analyst needs to ensure the dump is not altered during analysis. Which practice best maintains integrity?

A.Encrypt the memory dump file
B.Maintain a chain of custody log
C.Restrict access to the dump to authorized personnel only
D.Generate a cryptographic hash of the dump before analysis
AnswerD

A hash allows subsequent verification that the data has not been altered.

Why this answer

Creating a cryptographic hash (e.g., SHA-256) of the original dump and verifying it before and after analysis ensures integrity. Option D is correct. Option A (encryption) protects confidentiality, not integrity.

Option B (log access) is about monitoring. Option C (chain of custody) documents handling but doesn't prevent alteration by itself.

98
MCQhard

Refer to the exhibit. Which security principle is being supported by the logging of these events?

A.Availability
B.Authentication
C.Non-repudiation
D.Accountability
AnswerD

Logs allow tracing failures to an IP address and time, supporting accountability.

Why this answer

Correct: A - Accountability. Logging provides a record of events that can be traced to specific sources, enabling accountability. Non-repudiation involves proof of actions by a user, but these logs do not prove user identity.

Authentication and availability are not directly supported.

99
MCQmedium

A company implements role-based access control (RBAC) to ensure users have only the permissions necessary for their job roles. This is an example of:

A.Least privilege
B.Defense in depth
C.Separation of duties
D.Need-to-know
AnswerA

RBAC enforces least privilege by granting only required permissions.

Why this answer

RBAC enforces least privilege by granting permissions based on roles. Option A (Separation of duties) divides tasks. Option B (Need-to-know) restricts data access.

Option C (Defense in depth) is layering controls.

100
MCQmedium

You are designing a backup strategy for a critical database. The business requires that in the event of a failure, data loss must not exceed 15 minutes. Which metric primarily addresses this requirement?

A.Service Level Agreement (SLA)
B.Mean Time Between Failures (MTBF)
C.Recovery Point Objective (RPO)
D.Recovery Time Objective (RTO)
AnswerC

RPO specifies the maximum age of data that must be restored, directly limiting data loss.

Why this answer

Option A is correct because Recovery Point Objective (RPO) defines the maximum acceptable data loss in terms of time. Recovery Time Objective (RTO) is about downtime duration. MTBF relates to reliability, and SLA is a service agreement.

RPO directly addresses data loss tolerance.

101
MCQeasy

A security analyst notices that a user has been granted access to files beyond their job function. Which principle is violated?

A.Least privilege
B.Authentication
C.Non-repudiation
D.Accountability
AnswerA

Correct. Excessive access violates the least privilege principle.

Why this answer

Least privilege requires that users be granted only the minimum permissions necessary to perform their duties. The scenario shows excessive access, directly violating this principle.

102
Multi-Selecthard

Which THREE of the following are considered methods to ensure accountability in a system?

Select 3 answers
A.Data encryption
B.Audit logs
C.Digital signatures
D.Intrusion prevention system
E.User authentication
AnswersB, C, E

Audit logs record user actions, enabling traceability.

Why this answer

Accountability requires that actions can be traced to an individual. Audit logs (A) track events. User authentication (B) identifies users.

Digital signatures (D) provide non-repudiation and link actions to a signer. Option C (encryption) protects data but does not directly provide accountability. Option E (firewall) controls access but does not trace actions.

103
MCQhard

A mid-sized financial services company has recently experienced a security incident where an attacker gained access to the internal network through a compromised VPN account. The account belonged to a remote employee who had been granted full network access. The company's security team is now reviewing their security principles to prevent a recurrence. The company has 500 employees, with 50 remote workers. They use a traditional perimeter-based firewall and VPN for remote access. The incident revealed that the compromised account had access to the entire internal network, including sensitive financial databases. The security team is considering implementing a new access control model. They have identified the following requirements: (1) Remote workers should only access specific applications necessary for their roles, (2) Access should be granted based on identity and device posture, (3) Network segmentation should be enforced regardless of location. Which of the following approaches BEST addresses these requirements?

A.Implement multi-factor authentication on the existing VPN and enforce stricter password policies.
B.Adopt a Zero Trust Architecture (ZTA) that uses an identity-aware proxy and micro-segmentation.
C.Create separate VLANs for each department and restrict inter-VLAN routing with ACLs.
D.Apply the principle of least privilege by reducing user permissions on the network and servers.
AnswerB

ZTA provides identity and device verification, least privilege access to specific applications, and network segmentation regardless of location.

Why this answer

Zero Trust Architecture (ZTA) aligns with all three requirements: it verifies identity and device posture, grants least privilege access to specific applications, and enforces micro-segmentation regardless of location. VPN with MFA (A) still grants broad network access. Network segmentation (B) alone does not incorporate identity or device posture.

Least privilege (D) is a principle, not an architecture; implementing it without ZTA may not provide the granular control needed.

104
MCQeasy

A small business owner wants to ensure that their company's data remains accurate and unaltered during transmission over the internet. They regularly send financial reports to their accountant via email. The owner is concerned that a hacker might intercept and modify the reports before they reach the accountant. Which security principle is most directly threatened in this scenario, and what is the best technical control to implement?

A.Confidentiality; encrypt the email attachments
B.Non-repudiation; require read receipts
C.Integrity; apply a digital signature or hash to the files
D.Availability; use a redundant email server
AnswerC

Digital signatures and hashes detect and prevent unauthorized changes.

Why this answer

Correct: Integrity is threatened; using digital signatures or hashing ensures data integrity. Option A is wrong because confidentiality protects secrecy, not accuracy; Option B is wrong because availability ensures access, not integrity; Option D is wrong because non-repudiation prevents denial, but the immediate threat is modification.

105
MCQeasy

Refer to the exhibit. ``` C:\> netstat -an | find "LISTENING" TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 192.168.1.10:3389 0.0.0.0:0 LISTENING ``` A server administrator runs this command and sees the output. Which service is listening on a port that should typically be disabled to reduce the attack surface?

A.HTTP (port 80)
B.Remote Desktop (port 3389)
C.All of the above
D.HTTPS (port 443)
AnswerB

Port 3389 (RDP) is a common attack vector and should be disabled if remote administration is not strictly required.

Why this answer

Remote Desktop Protocol (RDP) on port 3389 is a high-risk service that should typically be disabled on servers unless absolutely necessary, as it provides a direct graphical interface for remote administration and is a common target for brute-force attacks. The output shows RDP listening on a specific internal IP (192.168.1.10), indicating it is bound to a routable interface, which increases exposure. In contrast, HTTP (port 80) and HTTPS (port 443) are standard web services that are often required for a server's function, so they are not typically disabled for attack surface reduction.

Exam trap

ISC2 often tests the misconception that all listening ports are equally risky, but the trap here is that HTTP and HTTPS are expected services on a server, while RDP is a high-risk administrative service that should be disabled unless explicitly required.

How to eliminate wrong answers

Option A is wrong because HTTP (port 80) is a standard web service that is often necessary for serving web content; disabling it would break normal server functionality, and it is not typically disabled solely to reduce attack surface unless the server has no web role. Option C is wrong because not all services listed should be disabled; only Remote Desktop (port 3389) is the one that should typically be disabled, while HTTP and HTTPS are commonly required. Option D is wrong because HTTPS (port 443) is the secure version of HTTP and is essential for encrypted web traffic; it is not a service that should be routinely disabled, as it protects data in transit.

106
MCQhard

During a security audit, it is found that a database administrator can access payroll data. The company policy states that administrators should not have access to sensitive HR data. Which security principle is being violated?

A.Accountability
B.Least privilege
C.Separation of duties
D.Privacy
AnswerC

Correct. The DBA should not have access to payroll data.

Why this answer

The scenario describes a single database administrator having both the ability to access and modify payroll data, which combines operational and oversight roles. Separation of duties (SoD) is the principle that requires splitting critical tasks and privileges among multiple individuals to prevent fraud or error. Here, the administrator's access violates SoD because they can both manage the database and view sensitive HR data, which should require separate authorization.

Exam trap

ISC2 often tests the distinction between least privilege and separation of duties, where candidates mistakenly choose least privilege because they focus on the 'should not have access' phrasing, but the real violation is the combination of conflicting roles, not just excessive permissions.

How to eliminate wrong answers

Option A is wrong because accountability refers to the ability to trace actions to a specific user via logging and auditing, not to restricting access based on role. Option B is wrong because least privilege would limit the administrator's access to only what is necessary for their job, but the core issue here is the combination of conflicting duties (admin and data viewer), not just excessive permissions. Option D is wrong because privacy is a broader concept about protecting personal data from unauthorized disclosure, but the specific security principle violated is the lack of separation between operational and oversight functions.

107
MCQmedium

A company's security policy requires that all employees use strong passwords and change them every 90 days. An employee writes their password on a sticky note and attaches it to their monitor. Another employee sees it and uses it to log into the first employee's account to send a fake email. The security team is conducting a post-incident review. Which security principle failed, and what is the most effective long-term solution to prevent this type of incident?

A.Integrity; conduct annual security awareness training
B.Accountability; implement multi-factor authentication
C.Availability; prohibit sticky notes in the office
D.Confidentiality; enforce 15-character passwords
AnswerB

MFA ensures that a password alone is not sufficient for access.

Why this answer

Correct: The failure is in enforcement of policy and user behavior (accountability). The most effective solution is to implement multi-factor authentication (MFA) (B), which reduces reliance on passwords. Option A is wrong because shorter passwords are weaker; Option C is wrong because training alone is often insufficient; Option D is wrong because disabling sticky notes is hard to enforce.

108
Multi-Selectmedium

Which TWO of the following are examples of administrative security controls? (Choose two.)

Select 2 answers
A.Intrusion detection system
B.Security awareness training
C.Firewall
D.Encryption
E.Background checks for employees
AnswersB, E

Training is an administrative control that educates users on security policies.

109
MCQhard

An organization is implementing a new system that processes financial transactions. To reduce the risk of fraud, they ensure that no single individual can both initiate and approve a transaction. Which security principle is this?

A.Need to know
B.Separation of duties
C.Accountability
D.Least privilege
AnswerB

Correct. Initiation and approval are separate duties.

Why this answer

Separation of duties (SoD) is the security principle that prevents a single individual from having conflicting responsibilities, such as both initiating and approving a financial transaction. By splitting these tasks across different roles, the organization reduces the risk of fraud or error because collusion would be required to bypass controls. This is a core internal control mechanism in financial systems and aligns with the principle of dual control.

Exam trap

ISC2 often tests the distinction between 'separation of duties' and 'least privilege' by presenting a scenario where a user has too many permissions, tempting candidates to choose least privilege, but the core issue is the conflict of having both initiation and approval authority, not the amount of access.

How to eliminate wrong answers

Option A is wrong because 'need to know' restricts access to information based on job requirements, not the division of conflicting tasks. Option C is wrong because 'accountability' ensures actions can be traced to an individual, but does not inherently prevent a single person from performing both initiation and approval. Option D is wrong because 'least privilege' limits permissions to the minimum necessary for a role, but does not address the conflict of having both initiation and approval capabilities within the same role.

110
MCQhard

A security analyst discovers that an organization's firewall rule set allows all inbound traffic on TCP port 443 from any source to a single web server. Additionally, the server has a known critical vulnerability in its TLS implementation. Which principle of security architecture is most directly violated by this configuration?

A.Least privilege
B.Defense in depth
C.Separation of duties
D.Fail-safe defaults
AnswerA

The rule allows any source, which is the broadest possible privilege, violating the principle of least privilege.

Why this answer

Least privilege requires restricting access to only what is necessary. Allowing inbound from any source (0.0.0.0/0) violates least privilege because it is broader than necessary. Option B is correct.

Option A (defense in depth) would be violated if no other controls exist, but the question asks the most direct violation. Option C (separation of duties) is about task division. Option D (fail-safe) is about default deny.

111
MCQeasy

A company uses encryption to protect data at rest and in transit. This primarily addresses which aspect of the CIA triad?

A.Integrity
B.Authentication
C.Confidentiality
D.Availability
AnswerC

Correct. Encryption protects data confidentiality by making it unreadable to unauthorized parties.

Why this answer

Encryption prevents unauthorized access to data, thereby maintaining confidentiality. While encryption can support integrity, its primary role in this context is confidentiality.

112
MCQmedium

A company experiences a ransomware attack that encrypts all files on a server. Which security control would MOST effectively allow recovery without paying the ransom?

A.Firewall
B.Regular backups
C.Intrusion detection system
D.Antivirus software
AnswerB

Correct. Backups are the primary recovery mechanism against ransomware.

Why this answer

Regular backups enable restoration of encrypted data from a clean copy, bypassing the need to pay the ransom. Other controls help prevent or detect but do not directly facilitate recovery.

113
MCQhard

After a security breach, investigators find that an attacker exploited a vulnerability in a publicly accessible application to gain access to internal databases. Which security principle would have most effectively limited the impact?

A.Accountability
B.Confidentiality
C.Defense in depth
D.Non-repudiation
AnswerC

Defense in depth would have layered controls (e.g., segmentation, IDS) to limit the attacker's lateral movement.

114
MCQhard

A security engineer is designing a system that must ensure that any changes to a configuration file are logged with the identity of the person who made the change. Which principle is being implemented?

A.Accountability
B.Non-repudiation
C.Confidentiality
D.Integrity
AnswerB

Non-repudiation ensures that changes cannot be denied by the person who made them.

Why this answer

Non-repudiation provides proof of the identity of the person who performed an action, preventing denial. Option B (Accountability) is about tracking but not necessarily proof. Option C (Integrity) ensures data unchanged.

Option D (Confidentiality) protects from unauthorized access.

115
MCQeasy

The exhibit shows the current iptables rules. Which security principle is most clearly enforced by the default policy?

A.Fail-safe defaults
B.Defense in depth
C.Separation of duties
D.Least privilege
AnswerA

The default drop policy ensures that any unapproved traffic is blocked, which is a fail-safe default.

Why this answer

The default policy is DROP on the INPUT chain, meaning any traffic not explicitly allowed is denied. This is a 'fail-safe defaults' or 'default deny' principle. Option B is correct.

Option A (least privilege) is about minimal permissions, but the default policy is about default action. Option C (separation of duties) is not shown. Option D (defense in depth) is not directly demonstrated.

116
MCQhard

A financial institution is implementing a new transaction approval process. The process requires that for any transaction over $10,000, two managers must approve: one from the sales department and one from the finance department. However, due to a system configuration error, a single manager can approve the entire transaction if they are logged in from a specific IP address. This error is discovered during a routine audit. Which security principle has been circumvented, and what is the best remediation?

A.Separation of duties; fix the configuration to require approvals from two different managers
B.Defense in depth; add a third approval for transactions over $50,000
C.Accountability; log all approvals and audit monthly
D.Least privilege; reduce the transaction limit to $5,000
AnswerA

This restores the intended segregation of duties.

Why this answer

Correct: Separation of duties is circumvented. The best remediation is to correct the configuration to require two distinct approvals (B). Option A is wrong because it doesn't fix the flaw; Option C is wrong because it adds unnecessary complexity; Option D is wrong because it ignores the requirement for two different departments.

117
Multi-Selecthard

Which TWO of the following are best practices for implementing the principle of least privilege?

Select 2 answers
A.Grant all users full administrative rights to reduce support calls
B.Assign permissions based on the minimum necessary to perform job functions
C.Use a single shared administrative account for all IT staff
D.Remove all default accounts from systems
E.Regularly review and revoke unnecessary privileges
AnswersB, E

This is the core of least privilege.

Why this answer

Options B and D are correct: assign minimal permissions and regularly audit privileges. Granting all permissions (A) violates least privilege. Using a single shared admin account (C) prohibits accountability.

Removing default accounts is good but not directly least privilege (E).

118
MCQeasy

An organization wants to ensure that data remains unaltered during transmission over the internet. Which security goal is being addressed?

A.Non-repudiation
B.Availability
C.Confidentiality
D.Integrity
AnswerD

Integrity ensures data is not altered during transmission.

Why this answer

Integrity ensures that data is not altered during transmission, typically verified through cryptographic hash functions (e.g., SHA-256) or message authentication codes (MACs) such as HMAC. Protocols like TLS use integrity checks to detect any unauthorized modification of packets in transit, directly addressing the requirement that data remains unaltered.

Exam trap

ISC2 often tests the distinction between confidentiality and integrity by presenting a scenario about data alteration, where candidates mistakenly choose confidentiality because they associate encryption with all security, ignoring that encryption alone does not prevent tampering.

How to eliminate wrong answers

Option A is wrong because non-repudiation prevents a party from denying an action, usually via digital signatures (e.g., RSA or ECDSA), not by ensuring data is unchanged during transit. Option B is wrong because availability ensures systems and data are accessible when needed, often through redundancy or DDoS mitigation, not by protecting against alteration. Option C is wrong because confidentiality protects data from unauthorized disclosure via encryption (e.g., AES), but does not guarantee that data has not been tampered with during transmission.

119
MCQmedium

Your organization is implementing a new access control system to protect a highly sensitive research database. The security policy mandates that no single individual should have the ability to both approve and execute changes to the database. This is to prevent fraud and errors. Which security principle does this policy enforce, and which of the following best implements it?

A.Defense in depth; require both parties to authenticate
B.Accountability; log all changes and have an auditor review them
C.Separation of duties; require that one person submits a change request and another person implements it
D.Least privilege; assign the same person as approver and executor but with limited permissions
AnswerC

This ensures no single individual has complete control over the entire process.

Why this answer

Correct: Separation of duties; requiring two different people for approval and execution (B). Option A is wrong because it gives one person both roles; Option C is wrong because it combines roles; Option D is wrong because an auditor does not execute changes.

120
MCQhard

A security architect is designing a system that must ensure that a sender cannot later deny having sent a message. Which cryptographic mechanism should be implemented?

A.Symmetric encryption
B.Access control lists
C.Hashing
D.Digital signatures
AnswerD

Correct. Digital signatures ensure non-repudiation of origin.

Why this answer

Digital signatures provide non-repudiation by binding the sender's identity to the message using public key cryptography. The sender cannot deny because only they possess the private key used to sign.

121
MCQhard

An organization requires that two separate administrators approve and implement changes to firewall rules. This practice enforces which security principle?

A.Least privilege
B.Defense in depth
C.Need to know
D.Separation of duties
AnswerD

Requiring two administrators to approve changes is a classic example of separation of duties.

Why this answer

Requiring two separate administrators to approve and implement firewall rule changes enforces separation of duties. This principle ensures that no single individual has the authority to both authorize and execute a change, reducing the risk of unauthorized modifications or errors. In firewall management, this prevents a single admin from introducing malicious or misconfigured rules without oversight.

Exam trap

ISC2 often tests separation of duties by describing a scenario involving multiple people for a single task, and the trap is confusing it with least privilege, which focuses on limiting permissions rather than splitting responsibilities.

How to eliminate wrong answers

Option A is wrong because least privilege restricts user access rights to the minimum necessary for their role, but it does not require multiple approvals for a single action. Option B is wrong because defense in depth involves multiple layers of security controls (e.g., firewalls, IDS, encryption), not administrative approval workflows. Option C is wrong because need to know limits access to information based on job requirements, not the process of approving changes.

122
MCQeasy

Refer to the exhibit. The security principle demonstrated by the default policy is:

A.Separation of duties
B.Defense in depth
C.Need to know
D.Least privilege
AnswerD

Default deny restricts access to only what is explicitly allowed, embodying least privilege.

Why this answer

Correct: A - Least privilege. The default DROP policy denies all traffic by default, allowing only explicitly permitted services, which follows the principle of least privilege. Options B, C, and D do not describe default deny.

123
MCQmedium

A security policy requires that all changes to a production system go through a formal change management process with approval from a change control board. This is an example of which security principle?

A.Least privilege
B.Governance
C.Defense in depth
D.Separation of duties
AnswerB

Correct. The structured approval board and process exemplify security governance.

Why this answer

Governance involves establishing policies, processes, and oversight to ensure security aligns with business objectives. The formal change management process is a governance mechanism.

124
MCQhard

A small e-commerce company hosts its web application on a single server with a public IP address. The server runs a Linux OS with Apache, MySQL, and PHP. The company recently experienced a data breach where an attacker gained access to the customer database. The investigation reveals that the attacker exploited a vulnerability in the PHP application to execute arbitrary commands. The server logs show that the attacker used an unauthenticated HTTP POST request to a legacy script that should have been removed. Additionally, the server had default firewall rules allowing all inbound traffic on ports 80 and 443. The company wants to prevent future breaches without redesigning the entire application. Which course of action is the most effective?

A.Move the database to a separate internal server and require VPN access for administration.
B.Upgrade the PHP version to the latest release and enable SELinux.
C.Remove the legacy script and update the firewall to block all traffic except necessary IPs.
D.Implement a web application firewall (WAF) with virtual patching for the vulnerability.
AnswerD

A WAF can block the exploit and similar attacks without requiring code changes, providing immediate protection.

Why this answer

Option D is the most effective because it provides immediate protection against the exploited vulnerability without requiring application redesign. A WAF with virtual patching can inspect HTTP POST requests to the legacy script and block malicious payloads, even if the underlying code remains vulnerable. This approach addresses the root cause (the unauthenticated exploit) while allowing the company to maintain operations and plan a permanent fix.

Exam trap

ISC2 often tests the misconception that removing the vulnerable component (Option C) is sufficient, but the trap is that the question asks for preventing future breaches without redesigning the entire application, meaning a WAF provides ongoing protection against similar exploits in other parts of the application, whereas simply removing one script leaves other potential vulnerabilities unaddressed.

How to eliminate wrong answers

Option A is wrong because moving the database to a separate server and requiring VPN for administration does not prevent the attacker from exploiting the PHP application vulnerability to execute commands on the web server, which could still lead to database access via the application's credentials. Option B is wrong because upgrading PHP and enabling SELinux may reduce the attack surface but does not directly block the specific unauthenticated POST request to the legacy script; SELinux can restrict process capabilities but does not filter HTTP traffic. Option C is wrong because removing the legacy script and updating the firewall to block all traffic except necessary IPs is reactive and does not protect against future zero-day vulnerabilities or similar exploits in other scripts; the firewall only controls network-level access, not application-layer attacks.

125
MCQmedium

A security analyst observes the log entries on an SSH server as shown. What is the most likely type of attack in progress?

A.Dictionary attack
B.Privilege escalation
C.Brute-force attack
D.Denial-of-service (DoS) attack
AnswerC

Multiple rapid failures from the same IP indicate an automated brute-force attempt to guess the password.

Why this answer

Option B is correct because repeated failed password attempts for the same account (root) from the same IP in rapid succession is characteristic of a brute-force attack. Dictionary attack (A) uses a list of common passwords, but the log does not show different passwords; it could be either, but brute-force is more general. (C) is wrong because it's not a DoS (though it might degrade performance). (D) is wrong because there is no indication of privilege escalation beyond root attempts.

126
MCQmedium

A company wants to ensure that if a server fails, it does not cause a security breach. Which principle should guide the design?

A.Defense in depth
B.Fail-safe
C.Default deny
D.Least privilege
AnswerB

Correct. The system should fail securely.

Why this answer

Fail-safe ensures that when a server fails, it defaults to a secure state (e.g., closed ports, denied access) rather than an insecure one. This prevents a security breach by guaranteeing that failure does not inadvertently expose data or allow unauthorized access. In the CC exam, this principle is directly tied to designing systems that remain secure even under fault conditions.

Exam trap

ISC2 often tests fail-safe by contrasting it with 'fail-open' scenarios, where candidates mistakenly think a failed server should continue operating (e.g., allowing traffic) to maintain availability, but the principle prioritizes security over availability in failure states.

How to eliminate wrong answers

Option A is wrong because defense in depth is a layered security strategy (e.g., firewalls, IDS, encryption) that reduces risk but does not specifically address what happens when a server fails. Option C is wrong because default deny is an access control rule that denies all traffic unless explicitly allowed, which is a configuration policy, not a principle for handling server failure scenarios. Option D is wrong because least privilege limits user/process permissions to the minimum necessary, which reduces attack surface but does not dictate the system's behavior upon failure.

127
MCQeasy

A company implements a policy that requires two employees to approve any financial transaction over $10,000. Which security principle is being applied?

A.Need to know
B.Defense in depth
C.Least privilege
D.Separation of duties
AnswerD

Correct. The policy requires two individuals, which is a classic example of separation of duties.

Why this answer

Separation of duties ensures that no single individual has control over all critical functions, reducing the risk of fraud or error. In this scenario, requiring two approvals for large transactions institutionalizes the principle.

128
MCQmedium

A company is designing a new authentication system for remote employees. They want to ensure that if one authentication factor is compromised, the system remains secure. Which security principle should they apply?

A.Fail-safe
B.Least privilege
C.Need to know
D.Defense in depth
AnswerD

Correct. Multiple authentication factors provide layered security.

Why this answer

Defense in depth is the correct principle because it involves implementing multiple layers of security controls so that if one authentication factor is compromised, other layers still protect the system. In this scenario, requiring multiple authentication factors (e.g., password plus biometric or token) ensures that a single compromised factor does not grant full access, maintaining overall system security.

Exam trap

ISC2 often tests the distinction between defense in depth and fail-safe, where candidates mistakenly choose fail-safe because they think it means 'safe if one factor fails,' but fail-safe is about system failure modes, not layered authentication.

How to eliminate wrong answers

Option A is wrong because fail-safe refers to a system that defaults to a secure state when a failure occurs (e.g., locking all doors on power loss), not to layering multiple authentication factors. Option B is wrong because least privilege limits user access rights to only what is necessary for their role, but does not address the scenario of a compromised authentication factor. Option C is wrong because need to know restricts access to information based on job requirements, which is about data confidentiality, not about ensuring security when one factor is breached.

129
MCQeasy

A company has implemented a policy where all employees must use a smart card and PIN to access the data center. Which security principle does this practice support?

A.Keep it simple
B.Defense in depth
C.Least privilege
D.Fail-safe
AnswerB

Correct. Multiple factors create depth.

Why this answer

The use of both a smart card (something you have) and a PIN (something you know) creates a multi-factor authentication mechanism. This layered approach ensures that even if one factor is compromised, the other still provides protection, which is the core of the defense-in-depth principle. Defense in depth is about implementing multiple, overlapping security controls rather than relying on a single point of defense.

Exam trap

ISC2 often tests the concept that defense in depth is about multiple layers of security, not just multiple factors of authentication, but here the smart card and PIN specifically represent two distinct authentication factors, which is a clear example of a layered defense.

How to eliminate wrong answers

Option A is wrong because 'Keep it simple' advocates for minimizing complexity to reduce errors and attack surface, whereas adding a smart card and PIN introduces additional complexity for stronger security. Option C is wrong because 'Least privilege' restricts users to only the permissions necessary for their job, which is unrelated to the authentication method used to access the data center. Option D is wrong because 'Fail-safe' ensures that a system defaults to a secure state (e.g., locking access) when a failure occurs, but the question describes a normal operational authentication process, not a failure scenario.

130
Multi-Selecthard

Which THREE of the following are recognized security control types according to ISC2? (Choose three.)

Select 3 answers
A.Deterrent
B.Technical
C.Physical
D.Operational
E.Administrative
AnswersB, C, E

Technical controls include firewalls, encryption, etc.

Why this answer

Option B (Technical) is correct because ISC2 recognizes technical controls as a primary security control type, encompassing mechanisms like firewalls, encryption, and intrusion detection systems that enforce security policies through technology. These controls operate at the system or network level to protect assets directly.

Exam trap

ISC2 often tests the distinction between control types and control functions (like deterrent, detective, preventive), causing candidates to mistakenly select 'deterrent' as a type instead of recognizing it as a function that can be fulfilled by any of the three recognized types.

131
MCQeasy

A small financial firm has a single server that hosts a critical database and also runs a web application. The server is located in a closet with a simple lock. An intern accidentally left the closet door open, and an unauthorized person gained physical access, connected a laptop to the server, and copied the database. The company wants to prevent such incidents in the future. Which of the following is the most effective course of action?

A.Require two-factor authentication for database access.
B.Move the database to a separate server and apply encryption.
C.Implement strong access controls on the database files.
D.Install a CCTV camera in the server closet.
AnswerB

Separating the database and encrypting it reduces the risk of data theft from physical access.

Why this answer

Moving the database to a separate server and encrypting it reduces the risk of data theft from physical access. CCTV is detective, 2FA protects remote access, and strong ACLs can be bypassed with physical control of the server.

132
MCQeasy

A security analyst discovers that an employee shared their password with a colleague to complete a task. Which security principle has been violated?

A.Availability
B.Confidentiality
C.Integrity
D.Accountability
AnswerD

Password sharing undermines accountability because actions cannot be tied to a specific individual.

Why this answer

Accountability relies on unique identification. Password sharing breaks this link.

133
MCQeasy

A company wants to implement a security control that ensures users are who they claim to be before granting access to a system. Which type of control should they prioritize?

A.Auditing
B.Authentication
C.Authorization
D.Accounting
AnswerB

Authentication verifies identity, which is the first step in access control.

Why this answer

Authentication verifies identity. Authorization determines permissions. Accounting tracks actions.

Auditing reviews logs.

134
MCQhard

A security architect is evaluating a biometric authentication system. The system's false positive rate is 0.1%, and the false negative rate is 2%. Which security principle is most compromised if the organization prioritizes user convenience over security?

A.Confidentiality
B.Non-repudiation
C.Availability
D.Integrity
AnswerC

A high false negative rate denies access to legitimate users, reducing availability.

Why this answer

A low false positive rate means few unauthorized users are authenticated, but a high false negative rate can lock out legitimate users, affecting availability. If convenience is prioritized, the false negative rate might be reduced by lowering thresholds, increasing false positives and compromising security (confidentiality/integrity). However, the immediate principle affected by a high false negative rate is availability because legitimate users cannot access systems.

Option C is correct. Option A (confidentiality) is more related to false positives. Option B (integrity) is not direct.

Option D (non-repudiation) is about accountability.

135
MCQhard

You are implementing a security control to prevent unauthorized devices from connecting to the corporate wired network. Which network access control method should be used?

A.VLAN segmentation
B.MAC address filtering
C.Network Access Control (NAC) only
D.802.1X authentication
AnswerD

802.1X authenticates devices at the port level, checking credentials before allowing network access.

Why this answer

Option C is correct because 802.1X authentication requires devices to authenticate before gaining network access, providing port-level security. MAC filtering (A) can be bypassed by spoofing. NAC (B) is a broader concept, but 802.1X is the specific technology.

VLAN segmentation (D) separates traffic but does not authenticate devices.

136
MCQmedium

During a security audit, you discover that a financial application stores passwords using MD5 hashing without salt. What is the primary security concern with this practice?

A.MD5 is reversible, allowing attackers to recover plaintext passwords
B.MD5 is too slow, causing performance issues during authentication
C.Without salting, the hashes are vulnerable to precomputed rainbow table attacks
D.Storing hashes violates PCI DSS compliance, but does not affect security
AnswerC

Rainbow tables can quickly find matching plaintext for unsalted MD5 hashes.

Why this answer

Option B is correct because MD5 is vulnerable to rainbow table attacks, and lack of salting makes it easy for attackers to precompute hashes. Reversibility is not the primary concern (hashing is one-way). Speed is actually a vulnerability, not a strength.

Compliance violation is a secondary issue.

137
MCQhard

An analyst reviews the exhibit. What security principle is best demonstrated by this policy?

A.Separation of duties
B.Defense in depth
C.Non-repudiation
D.Least privilege
AnswerD

Correct. The policy grants only necessary access and denies all other actions.

Why this answer

The policy grants users only the permissions necessary to perform their job functions, which is the core definition of least privilege. By restricting access to only required resources, the policy minimizes the attack surface and limits potential damage from compromised accounts.

Exam trap

ISC2 often tests least privilege by describing a policy that restricts access to only what is needed, and the trap is confusing it with separation of duties because both involve limiting actions, but separation of duties focuses on dividing tasks among multiple people to prevent collusion, not on minimizing individual permissions.

How to eliminate wrong answers

Option A is wrong because separation of duty requires splitting critical tasks among multiple people to prevent fraud, not simply limiting individual permissions. Option B is wrong because defense in depth involves multiple layers of security controls (e.g., firewall, IDS, encryption), not a single access restriction policy. Option C is wrong because non-repudiation ensures that an action cannot be denied later, typically via digital signatures or logging, not by limiting permissions.

138
Multi-Selecteasy

Which TWO of the following are core principles of the CIA triad?

Select 2 answers
A.Integrity
B.Non-repudiation
C.Confidentiality
D.Authorization
E.Authentication
AnswersA, C

Integrity is one of the three CIA triad principles.

Why this answer

The CIA triad consists of Confidentiality, Integrity, and Availability. Options A and C are correct. Option B (Non-repudiation) is separate.

Option D (Authentication) is separate. Option E (Authorization) is separate.

139
MCQmedium

During a security audit, it is discovered that a single employee can approve purchase orders and also receive the goods. Which security principle is being violated?

A.Separation of duties
B.Defense in depth
C.Least privilege
D.Need-to-know
AnswerA

Separation of duties prevents conflicts by dividing critical tasks.

Why this answer

Separation of duties requires that conflicting tasks be divided among different individuals to prevent fraud. Option A (Least privilege) is about access levels. Option B (Need-to-know) restricts data access.

Option C (Defense in depth) is about layered controls.

140
MCQmedium

A company is designing a secure network architecture for its new headquarters. The security team proposes implementing multiple layers of security controls, including firewalls, intrusion detection systems, and access control lists. Which security principle is being primarily applied?

A.Defense in depth
B.Separation of duties
C.Least privilege
D.Need-to-know
AnswerA

Defense in depth employs multiple overlapping security controls to protect assets.

Why this answer

Correct: Defense in depth uses multiple layers of security to protect assets. Option A is wrong because least privilege limits access rights; Option B is wrong because separation of duties divides tasks among multiple people; Option D is wrong because need-to-know restricts access to information necessary for job functions.

141
MCQhard

The exhibit shows a snippet of /var/log/auth.log on a Linux server. Which security principle is most likely violated if the failed attempts continue without action?

A.Non-repudiation
B.Separation of duties
C.Least privilege
D.Defense in depth
AnswerC

Allowing root login over SSH grants full privileges and is a violation of least privilege; it should be disabled.

Why this answer

The logs show repeated failed SSH attempts from the same IP, indicating a brute force attack. If no action is taken, availability could be compromised if the attacker locks out the root account, or confidentiality/integrity if they succeed. However, most directly, the principle of least privilege is violated because root login over SSH is allowed (root is a privileged account).

Option A is correct. Option B (defense in depth) would be violated if no other controls, but the question asks the principle most likely violated. Option C (separation of duties) not relevant.

Option D (non-repudiation) not directly.

142
MCQmedium

A company's security policy states that all sensitive data must be encrypted both at rest and in transit. Which threat model does this control primarily address?

A.Data tampering
B.Unauthorized disclosure
C.Denial of service
D.Repudiation
AnswerB

Encryption prevents unauthorized parties from reading the data, thus preventing disclosure.

Why this answer

Encryption at rest and in transit primarily protects confidentiality against unauthorized access. Option B is correct. Option A (availability) is about uptime.

Option C (integrity) is about accuracy, though encryption can help, but primary is confidentiality. Option D (non-repudiation) is about proof of origin.

143
MCQhard

A company implements a policy that after an employee leaves, their account must be disabled within 24 hours. Which principle is this policy primarily intended to support?

A.Availability
B.Integrity
C.Confidentiality
D.Accountability
AnswerD

Accountability requires that actions can be traced to individuals; disabling former accounts prevents untraceable actions.

Why this answer

Correct: C - Accountability. Disabling accounts ensures that actions are traceable to active employees, preventing unauthorized use and maintaining accountability. Option A is wrong because confidentiality is about data secrecy.

Option B is wrong because integrity is about data accuracy. Option D is wrong because availability is system accessibility.

144
Multi-Selectmedium

Which THREE of the following are examples of the principle of least privilege? (Select THREE.)

Select 3 answers
A.Granting a user only the permissions needed to perform their job
B.Giving all employees full access to the file server
C.Allowing a contractor access only during their contract period
D.Providing read-only access to a database for a reporting analyst
E.Assigning administrator rights to all employees by default
AnswersA, C, D

Correct. This is the essence of least privilege.

Why this answer

Option A is correct because the principle of least privilege dictates that a user should be granted only the permissions necessary to perform their job functions. This minimizes the attack surface and limits potential damage from accidental or malicious actions. In practice, this means assigning specific roles or access control lists (ACLs) rather than broad permissions.

Exam trap

ISC2 often tests the principle of least privilege by including options that sound reasonable but grant excessive access, such as 'full access to the file server' or 'administrator rights to all employees,' to see if candidates recognize that even temporary or role-based access must be strictly limited to the minimum necessary.

145
MCQmedium

The exhibit shows an AWS S3 bucket policy. What is the net effect for a user with IP 10.1.1.1 trying to read the object 'executive/salary.xlsx'?

A.Allowed because the IP matches the Allow condition
B.Denied because the Deny statement explicitly blocks access to the executive prefix
C.Allowed only if the user is authenticated with MFA
D.Denied only if the request originates from outside 10.0.0.0/8
AnswerB

The Deny statement explicitly denies all actions on the executive prefix, overriding the Allow.

Why this answer

The policy has an Allow for GetObject from IP range 10.0.0.0/8 (including 10.1.1.1) but also a Deny for all actions on the 'executive/' prefix. Deny overrides Allow (explicit deny). So the read is denied.

Option B is correct. Option A is wrong because the Deny applies. Option C and D are wrong.

146
MCQhard

A security analyst is reviewing logs and finds that a user accessed files outside of their department. The user claims it was necessary for a project. Which principle should the analyst use to assess whether this was appropriate?

A.Need to know
B.Accountability
C.Separation of duties
D.Least privilege
AnswerA

Correct. Access should be based on necessity for the task.

Why this answer

The 'need to know' principle restricts access to information based on the specific requirements of a user's role or project. In this scenario, the analyst must verify if the user's project actually required access to those specific files, not just if the user had the technical ability to access them. This principle is a subset of least privilege, focusing on data access rather than system permissions.

Exam trap

ISC2 often tests the distinction between 'least privilege' (permissions assigned to a role) and 'need to know' (justification for accessing specific data at a specific time), causing candidates to pick 'least privilege' when the scenario involves a user who already has the permission but needs to justify the access.

How to eliminate wrong answers

Option B (Accountability) is wrong because accountability refers to the ability to trace actions back to an individual (e.g., via audit logs), not to determine if the access was justified. Option C (Separation of duties) is wrong because it prevents a single individual from performing conflicting tasks (e.g., initiating and approving a payment) to reduce fraud risk, which is unrelated to cross-departmental file access. Option D (Least privilege) is wrong because while it grants the minimum permissions needed for a role, the user already had access; the question is about whether that access was appropriate for a specific task, which is the definition of 'need to know'.

147
Matchingmedium

Match each type of malware to its primary behavior.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Attaches to files and spreads

Self-replicates without a host file

Disguised as legitimate software

Encrypts data for payment

Secretly monitors user activity

Why these pairings

These are common malware types defined in cybersecurity.

148
MCQmedium

A security manager is designing a policy to prevent one person from both approving and disbursing payments. Which principle is being applied?

A.Separation of duties
B.Need to know
C.Least privilege
D.Defense in depth
AnswerA

Separation of duties ensures that no single individual has control over multiple critical tasks, reducing fraud risk.

Why this answer

Separation of duties ensures that no single individual has control over two or more phases of a critical transaction, such as both approving and disbursing payments. By splitting these responsibilities, the organization reduces the risk of fraud or error because collusion between two or more people would be required to bypass controls. In payment systems, this is often enforced through dual-authorization workflows in ERP or financial management software.

Exam trap

ISC2 often tests separation of duties by pairing it with 'least privilege' in the same question, and the trap is that candidates confuse the two because both limit access, but separation of duties specifically prevents conflicting task combinations, not just reducing permissions.

How to eliminate wrong answers

Option B (Need to know) is wrong because it restricts access to information only to those who require it for their job, not to prevent a single person from completing conflicting tasks. Option C (Least privilege) is wrong because it limits users to the minimum permissions necessary to perform their role, but does not inherently separate conflicting duties like approval and disbursement. Option D (Defense in depth) is wrong because it describes a layered security approach using multiple controls, not the specific segregation of incompatible functions.

149
MCQmedium

A company deploys a web application that stores user passwords using a salted hash. During a security review, an auditor recommends switching from SHA-1 to SHA-256. What is the primary security benefit of this change?

A.It improves system availability
B.It provides encryption of the passwords at rest
C.It increases collision resistance
D.It enhances non-repudiation
AnswerC

SHA-256 offers stronger collision resistance than SHA-1, reducing the risk of two different inputs producing the same hash.

Why this answer

SHA-1 is considered weak due to collision vulnerabilities, while SHA-256 is more resistant. The change improves integrity protection for stored passwords. Option B (collision resistance) is correct.

Option A (encryption) is wrong because hashing is not encryption. Option C (availability) is not directly related. Option D (non-repudiation) requires digital signatures, not just hashing.

150
MCQhard

Refer to the exhibit. A user from IP 10.0.1.5 attempts to download an object from example-bucket. What will happen?

A.Denied because the deny statement overrides
B.Access denied due to implicit deny
C.Allowed because the allow statement matches
D.Allowed because the deny statement is invalid
AnswerA

Correct. Explicit deny takes precedence over allow.

Why this answer

The policy includes both an allow for the 10.0.0.0/16 range and a more specific deny for the 10.0.1.0/24 subnet. Since 10.0.1.5 falls within the deny condition, the explicit deny overrides the allow, resulting in denied access.

← PreviousPage 2 of 3 · 159 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Security Principles questions.