CCNA Security Principles Questions

75 of 159 questions · Page 1/3 · Security Principles topic · Answers revealed

1
Multi-Selecteasy

Which TWO of the following are principles of the CIA triad? (Select TWO.)

Select 2 answers
A.Confidentiality
B.Integrity
C.Non-repudiation
D.Accountability
E.Authorization
AnswersA, B

Correct. Confidentiality is part of CIA.

Why this answer

Confidentiality is a core principle of the CIA triad, ensuring that data is accessible only to authorized entities. This is typically enforced through encryption (e.g., AES-256) and access control mechanisms, preventing unauthorized disclosure.

Exam trap

ISC2 often tests candidates by listing security concepts like non-repudiation or authorization as distractors, expecting you to know that the CIA triad strictly includes only confidentiality, integrity, and availability.

2
MCQeasy

A company's security policy states that employees should only have access to the data necessary to perform their job functions. This is an example of which principle?

A.Defense in depth
B.Separation of duties
C.Fail-safe
D.Least privilege
AnswerD

Correct. Access is limited to what is needed.

Why this answer

The principle of least privilege dictates that users and systems should be granted only the minimum permissions necessary to perform their tasks. By restricting data access to job-required information, the company directly implements this security control, reducing the attack surface and limiting potential damage from compromised accounts.

Exam trap

ISC2 often tests least privilege by contrasting it with separation of duties, where candidates mistakenly choose separation of duties because both involve restricting access, but separation of duties specifically splits conflicting tasks among different people to prevent collusion, not to limit data access per role.

How to eliminate wrong answers

Option A is wrong because defense in depth is a layered security strategy using multiple controls (e.g., firewalls, IDS, encryption) to protect assets, not a single access restriction policy. Option B is wrong because separation of duties divides critical tasks among multiple people to prevent fraud (e.g., one person requests a purchase, another approves it), not limiting data access per role. Option C is wrong because fail-safe ensures that a system defaults to a secure state upon failure (e.g., a firewall blocking all traffic when it crashes), not restricting user permissions to job-necessary data.

3
MCQhard

A company's security policy requires that all sensitive data be encrypted at rest and in transit. However, a recent breach occurred because an attacker exploited a misconfigured web server that exposed a database directly. Which principle was most lacking in this scenario?

A.Least privilege
B.Fail securely
C.Complete mediation
D.Defense in depth
AnswerD

Defense in depth would have prevented single point of failure.

Why this answer

Defense in depth would have added additional controls such as network segmentation and access controls to prevent a single misconfiguration from compromising data. Option A (Fail securely) ensures secure state on failure. Option B (Complete mediation) checks every access.

Option D (Least privilege) is about permissions.

4
MCQmedium

A company's security policy requires that all sensitive data be encrypted both at rest and in transit. This is an example of applying which security principle?

A.Separation of duties
B.Need to know
C.Least privilege
D.Defense in depth
AnswerD

Encrypting data at rest and in transit provides multiple layers of protection, a key element of defense in depth.

5
MCQeasy

A system administrator is configuring permissions for a new file server. To adhere to the principle of least privilege, which approach should the administrator take?

A.Grant permissions only to the IT department.
B.Grant permissions based on the user's department membership.
C.Grant each user only the permissions necessary to perform their job duties.
D.Grant all users full control to simplify management.
AnswerC

This directly implements least privilege by limiting access to what is required for the job.

6
MCQhard

A security team discovers that an internal database server is sending large amounts of data to an unknown external IP address. The server is not supposed to communicate externally. Which security control should be implemented to prevent such data exfiltration?

A.Implement a VPN for all external communications
B.Install an intrusion detection system (IDS) on the network segment
C.Configure a firewall to deny all outbound traffic from the database server except to specific authorized destinations
D.Deploy a data loss prevention (DLP) system on the server
AnswerC

Egress filtering blocks unauthorized outbound connections, preventing data exfiltration.

Why this answer

Option A is correct because a restrictive firewall egress rule blocks unauthorized outbound traffic. IDS (C) only detects, not prevent. DLP (B) monitors content but may not block at network level.

VPN (D) would not stop exfiltration; it could even facilitate it.

7
MCQeasy

A security administrator needs to ensure that a user cannot view the contents of a file but can execute it. Which access control principle should be applied?

A.Enforce separation of duties
B.Apply least privilege
C.Use defense in depth
D.Implement need-to-know
AnswerB

Least privilege grants only the permissions required for the task, which is execute without read.

Why this answer

Least privilege grants only the permissions necessary to perform a task. The user only needs execute, not read. Option C is correct because it restricts access to the minimum required.

Option A (need-to-know) limits access to sensitive info but not execution. Option B (separation of duties) divides tasks among different people. Option D (defense in depth) uses multiple layers of security.

8
MCQeasy

An organization implements a rule that an employee cannot approve their own expenses. This is an example of which security principle?

A.Least privilege
B.Separation of duties
C.Defense in depth
D.Accountability
AnswerB

Separation of duties prevents a single individual from having conflicting roles.

Why this answer

Correct: B - Separation of duties. Separation of duties prevents a single individual from having conflicting roles. Option A is wrong because least privilege limits access to only necessary resources.

Option C is wrong because defense in depth uses multiple layers. Option D is wrong because accountability tracks actions to individuals.

9
Multi-Selectmedium

Which TWO of the following are fundamental security principles? (Select TWO.)

Select 2 answers
A.Fail-open
B.Need to share
C.Defense in depth
D.Least privilege
E.Complexity
AnswersC, D

Correct. Defense in depth is a key principle.

Why this answer

Defense in depth is a fundamental security principle that implements multiple layers of security controls (e.g., firewalls, IDS/IPS, encryption, access controls) so that if one layer fails, others still provide protection. This layered approach ensures no single point of failure can compromise the entire system, aligning with the CC exam's emphasis on holistic security strategies.

Exam trap

ISC2 often tests the distinction between security principles (like defense in depth and least privilege) and design concepts (like fail-open or complexity), so candidates mistakenly select 'fail-open' because it sounds security-related, but it actually reduces security in a failure scenario.

10
MCQeasy

A security analyst notices that a user's account has been used to access sensitive files outside of normal working hours from an unknown IP address. Which security principle is most directly violated?

A.Availability
B.Non-repudiation
C.Integrity
D.Confidentiality
AnswerD

Confidentiality prevents unauthorized disclosure; the access compromised confidentiality.

Why this answer

The scenario describes unauthorized access to sensitive files from an unknown IP address outside normal hours, which directly violates the principle of confidentiality. Confidentiality ensures that data is accessible only to authorized users and systems, and this breach indicates that sensitive information may have been exposed to an unauthorized party.

Exam trap

ISC2 often tests the distinction between confidentiality and integrity by presenting a scenario where data is accessed (not modified), leading candidates to mistakenly choose integrity because they conflate 'unauthorized access' with 'data tampering'.

How to eliminate wrong answers

Option A is wrong because availability concerns ensuring systems and data are accessible when needed, not preventing unauthorized access; the account was still functional, so availability was not violated. Option B is wrong because non-repudiation relates to proving that a specific user performed an action (e.g., via digital signatures or audit logs), not preventing unauthorized access; the issue here is unauthorized use, not repudiation of actions. Option C is wrong because integrity focuses on protecting data from unauthorized modification or corruption; the scenario does not indicate any alteration of files, only access.

11
Multi-Selectmedium

A security policy requires that all changes to production systems be approved by a change management board. Which THREE of the following principles best support this requirement?

Select 3 answers
A.Non-repudiation
B.Defense in depth
C.Separation of duties
D.Accountability
E.Least privilege
AnswersA, C, D

Provides proof of approval to prevent denial.

Why this answer

Separation of duties ensures approval and implementation are done by different people. Accountability ensures actions are traceable. Non-repudiation provides proof of approval.

Least privilege and defense in depth are less directly related.

12
MCQeasy

A security administrator notices that a user with standard privileges was able to modify a system file. Which security principle has been violated?

A.Need to know
B.Defense in depth
C.Least privilege
D.Separation of duties
AnswerC

The user had more privileges than needed, violating least privilege.

Why this answer

The principle of least privilege requires that users be granted only the permissions necessary to perform their job functions. A standard user modifying a system file indicates they have been assigned unnecessary administrative rights, violating this principle. This could occur if the user is a member of a group like Administrators or has been granted explicit write access to protected directories such as %SystemRoot%\System32.

Exam trap

ISC2 often tests least privilege by presenting a scenario where a user performs an action beyond their role, and the trap is confusing it with need to know (which focuses on data access, not system-level permissions) or separation of duties (which involves task division, not permission granularity).

How to eliminate wrong answers

Option A is wrong because need to know controls access to specific data based on job necessity, not the ability to modify system files; it is about information disclosure, not system-level permissions. Option B is wrong because defense in depth is a layered security strategy (e.g., firewalls, antivirus, IDS), not a principle that directly addresses user permission levels. Option D is wrong because separation of duties divides critical tasks among multiple people to prevent fraud, not to restrict a single user's system-level access.

13
MCQeasy

An organization decides to implement multiple security controls, including firewalls, intrusion detection systems, and antivirus software. Which security principle does this represent?

A.Least privilege
B.Defense in depth
C.Risk avoidance
D.Separation of duties
AnswerB

Defense in depth uses multiple layers of controls to protect assets.

Why this answer

Defense in depth uses multiple layers of security controls to protect assets. Option A (Least privilege) is about access permissions. Option B (Separation of duties) divides tasks.

Option D (Risk avoidance) eliminates risk.

14
Multi-Selecthard

Which THREE of the following are valid security control categories based on function? (Select three).

Select 3 answers
A.Corrective
B.Detective
C.Passive
D.Reactive
E.Preventive
AnswersA, B, E

Correct. Corrective controls remediate damage after an incident.

Why this answer

Preventive, detective, and corrective controls are standard functional categories. Reactive and passive are not recognized as primary control categories.

15
MCQmedium

After a security breach, it was discovered that an attacker used a stolen certificate to sign malicious code. Which security principle was compromised?

A.Integrity
B.Non-repudiation
C.Confidentiality
D.Availability
AnswerB

Correct. The certificate's owner can deny signing the malicious code.

Why this answer

Non-repudiation ensures that an entity cannot deny having performed an action, such as signing code. When an attacker uses a stolen certificate to sign malicious code, the legitimate owner of the certificate cannot deny the signature, because the cryptographic proof (the digital signature) is bound to the certificate. This compromises the principle of non-repudiation, as the signature can no longer be reliably attributed to the intended signer.

Exam trap

ISC2 often tests the distinction between integrity and non-repudiation, where candidates mistakenly think that a stolen certificate only affects data integrity, but the core issue is the inability to prove who signed the code.

How to eliminate wrong answers

Option A is wrong because integrity ensures data has not been altered, but the breach here involves the misuse of a certificate for signing, not the modification of data. Option C is wrong because confidentiality protects data from unauthorized access, whereas the stolen certificate was used to sign code, not to read or expose secret information. Option D is wrong because availability ensures systems are accessible when needed, and the breach did not cause a denial of service or system unavailability.

16
MCQeasy

A company requires employees to use biometric authentication to access the data center. This is an example of which security principle?

A.Authentication
B.Availability
C.Integrity
D.Non-repudiation
AnswerA

Authentication verifies identity; biometrics is a method.

Why this answer

Correct: D - Authentication. Authentication is the process of verifying the identity of a user, and biometrics is one method. Option A is wrong because non-repudiation ensures actions cannot be denied, not identity verification.

Option B is wrong because availability ensures systems are accessible. Option C is wrong because integrity ensures data accuracy.

17
MCQmedium

Refer to the exhibit. What is the effect of this ACL?

A.Allows only HTTPS to 10.0.1.100
B.Denies HTTP and HTTPS to 10.0.1.100
C.Allows all traffic to 10.0.1.100
D.Allows HTTP and HTTPS traffic to server 10.0.1.100, denies all other traffic
AnswerD

Correct. The two permit lines allow those protocols; the deny all blocks everything else.

Why this answer

The ACL permits HTTP (port 80) and HTTPS (port 443) traffic from any source to host 10.0.1.100, and explicitly denies all other traffic.

18
MCQeasy

A security administrator needs to ensure that only authorized personnel can access the server room. Which physical control is most appropriate?

A.Mantrap with card reader
B.Keypad lock with a shared code
C.Biometric access control system
D.Video surveillance cameras
AnswerC

Biometric systems authenticate based on unique physical characteristics, ensuring only authorized personnel gain access.

Why this answer

A biometric access control system uses unique biological traits for authentication, providing strong physical security. Keypad locks (A) are less secure because codes can be shared. Video surveillance (C) is detective, not preventive.

Mantraps (D) are used for high-security areas but are more complex and expensive. Biometric access is the best fit for this requirement.

19
MCQhard

A system administrator configured the sudoers file as shown. What is the primary security risk of this configuration?

A.It enables privilege escalation for all users on the system
B.It logs all commands run by admin users, creating a privacy risk
C.It removes the password requirement for sudo, weakening authentication for privileged access
D.It allows any user in the admin group to run commands as any user without a password
AnswerC

The Defaults directive disables authentication, so any admin user can execute commands as root without a password.

Why this answer

Option D is correct because '!authenticate' removes the password requirement for the admin group, which violates the principle of least privilege and authentication. It does not grant passwordless sudo for all users (A) — only the admin group. (B) is a risk, but not as severe as no password. (C) is not implied by the config. The main risk is bypassing authentication.

20
Multi-Selectmedium

Which THREE of the following are core principles of the CIA triad?

Select 3 answers
A.Confidentiality
B.Integrity
C.Non-repudiation
D.Accountability
E.Availability
AnswersA, B, E

Confidentiality ensures data is accessible only to authorized persons.

Why this answer

Options A, C, and D are correct: confidentiality, integrity, and availability are the three pillars. Accountability (B) and non-repudiation (E) are related but not part of the CIA triad.

21
Multi-Selectmedium

Which TWO of the following are primary goals of the security principle of confidentiality?

Select 2 answers
A.Ensure data accuracy
B.Maintain system uptime
C.Provide user authentication
D.Protect data in transit
E.Prevent unauthorized disclosure
AnswersD, E

Protecting data in transit from interception is part of confidentiality.

Why this answer

Correct: A and C. Confidentiality ensures data is not disclosed to unauthorized parties, covering both storage and transmission. Data accuracy (integrity), system uptime (availability), and identity verification (authentication) are not confidentiality goals.

22
Multi-Selectmedium

Which THREE of the following are key objectives of a security risk management program?

Select 3 answers
A.Assess risks
B.Identify risks
C.Implement intrusion detection systems
D.Encrypt all data at rest
E.Mitigate risks
AnswersA, B, E

Risk assessment determines impact and likelihood.

Why this answer

Correct: Identify risks (A), assess risks (B), and mitigate risks (C) are core steps. Option D and E are specific controls, not overarching objectives.

23
MCQhard

Refer to the exhibit. ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::example-bucket/*" } ] } ``` A security analyst reviews this AWS S3 bucket policy. The policy currently allows anyone to read objects. Which change would implement the principle of least privilege?

A.Remove the policy entirely.
B.Add a principal element with specific user ARNs.
C.Add a condition to require MFA.
D.Change "Allow" to "Deny".
AnswerB

Adding a principal restricts access to specific authorized users, implementing least privilege by limiting who can act.

24
MCQmedium

Refer to the exhibit. Which security principle is this policy primarily enforcing?

A.Non-repudiation
B.Defense in depth
C.Confidentiality
D.Least privilege
AnswerD

Granting only specific permissions from a specific IP is least privilege.

Why this answer

Correct: B - Least privilege. The policy allows only get access to a specific bucket from a specific IP range, granting the minimum necessary access. Confidentiality is addressed indirectly, but the design emphasizes least privilege.

Defense in depth and non-repudiation are not shown.

25
MCQhard

A system administrator runs `iptables -L INPUT` and sees this rule. What is the immediate effect on the system?

A.All SSH traffic is blocked, including established sessions.
B.New SSH connections are blocked, but current SSH sessions remain active.
C.The rule has no effect because the policy is ACCEPT.
D.All outbound SSH connections are blocked.
AnswerB

The rule drops NEW packets for SSH, so new connections are blocked; established connections are unaffected.

Why this answer

The rule drops all new TCP connections to port 22 (SSH) from any source, preventing new SSH connections.

26
MCQmedium

A security architect is designing access controls for a new application. The requirement is that only managers can approve expense reports above $10,000. Which control model best fits this requirement?

A.Role-based access control (RBAC)
B.Discretionary access control (DAC)
C.Mandatory access control (MAC)
D.Rule-based access control (RuBAC)
AnswerD

RuBAC uses rules (e.g., conditions) to determine access, matching the requirement.

Why this answer

Rule-based access control (RuBAC) uses a set of rules or conditions to determine access decisions, such as the expense report amount exceeding $10,000. In this scenario, the access control decision depends on a dynamic attribute (the expense amount) rather than a static role or identity, making RuBAC the best fit. RuBAC is often implemented using access control lists (ACLs) or policy-based engines that evaluate conditions like 'if amount > 10000 then require manager approval'.

Exam trap

ISC2 often tests the distinction between RBAC and RuBAC by presenting a scenario with a conditional rule (like a dollar threshold), leading candidates to mistakenly choose RBAC because they focus on the 'manager' role rather than the rule that triggers the approval requirement.

How to eliminate wrong answers

Option A is wrong because RBAC grants permissions based on a user's job role (e.g., 'Manager'), but it does not inherently evaluate dynamic conditions like the expense amount; RBAC would allow any manager to approve any expense, not just those above $10,000. Option B is wrong because DAC allows the resource owner to control access at their discretion, which does not enforce a mandatory policy that only managers can approve high-value expenses. Option C is wrong because MAC enforces access based on system-wide labels (e.g., security clearance levels) and is typically used in classified environments, not for application-level business rules like expense thresholds.

27
MCQeasy

A healthcare organization uses smart cards and PINs to control access to patient records. An employee loses their smart card and reports it immediately. The security administrator revokes the lost smart card. However, the next day, someone attempts to use the lost smart card at a different facility, and the access is denied because the card was revoked. Which security principle is demonstrated by the fact that access was denied?

A.Integrity
B.Confidentiality
C.Accountability
D.Non-repudiation
AnswerC

The system held the individual accountable by revoking the card and preventing unauthorized use.

Why this answer

Correct: Accountability is demonstrated because the revocation and denial show that actions are traceable to individuals and controls are enforced. Option A is wrong because confidentiality is about secrecy; Option B is wrong because integrity is about data accuracy; Option D is wrong because non-repudiation prevents denial, but here the system proved the card was revoked.

28
Multi-Selecthard

Which THREE of the following are examples of implementing defense in depth? (Select THREE.)

Select 3 answers
A.Enabling single sign-on for all applications
B.Using a firewall to filter traffic
C.Allowing all traffic by default
D.Implementing access control lists
E.Encrypting data at rest
AnswersB, D, E

Correct. Firewall is a layer.

Why this answer

Option B is correct because a firewall is a fundamental component of defense in depth, providing network-level traffic filtering based on rules. It acts as a first line of defense by blocking unauthorized access and malicious traffic, thereby reducing the attack surface. This layered security approach ensures that even if other controls fail, the firewall can still prevent or mitigate threats.

Exam trap

ISC2 often tests the concept that defense in depth requires multiple independent layers of security, so candidates mistakenly select options that improve convenience (like SSO) or violate security principles (like allowing all traffic) instead of recognizing that each correct option adds a distinct security control at a different layer.

29
Multi-Selectmedium

Which TWO of the following are core components of the ISC2 Code of Ethics? (Choose two.)

Select 2 answers
A.Advance and protect the profession.
B.Disclose all confidential information to law enforcement.
C.Protect society, the common good, necessary public trust and confidence, and the infrastructure.
D.Ensure maximum profitability for the organization.
E.Always follow orders from management.
AnswersA, C

This is the fourth canon.

Why this answer

Option A is correct because the ISC2 Code of Ethics explicitly requires members to 'advance and protect the profession' as one of its four mandatory canons. This means acting honorably, maintaining competence, and not engaging in conduct that brings discredit upon the profession. It is a core ethical duty for all certified professionals.

Exam trap

ISC2 often tests the distinction between ethical duties and legal obligations, where candidates mistakenly believe that always following management orders or maximizing profit are ethical requirements, when in fact the Code prioritizes societal protection and professional integrity.

30
MCQhard

A software developer is designing a web application that will store user credentials. What is the most secure method for storing passwords?

A.Hash passwords using a strong algorithm like bcrypt with a unique salt
B.Use a tokenization service to replace passwords with tokens
C.Encrypt passwords using AES-256 and store the key separately
D.Store passwords in a secure database with access controls
AnswerA

Hashing with salt makes passwords irreversibly stored and resistant to rainbow tables.

Why this answer

Hashing with salt protects passwords even if database is compromised. Encryption is reversible, so less secure for passwords.

31
MCQmedium

A network administrator needs to ensure that sensitive financial data remains confidential while in transit over the internet. Which technology should they implement?

A.Digital signatures
B.SHA-256
C.TLS 1.3
D.AES-256
AnswerC

TLS encrypts data in transit, providing confidentiality.

Why this answer

TLS encrypts data in transit. AES is encrypting at rest. SHA-256 is hashing.

VPN can also encrypt but TLS is more specific for web traffic.

32
Multi-Selecthard

Which TWO of the following are examples of implementing the principle of least privilege?

Select 2 answers
A.Installing a security camera at the data center entrance
B.Assigning a database administrator only the permissions required for their specific tasks
C.Requiring two-factor authentication for system administrators
D.Implementing a firewall to block all incoming traffic except on port 443
E.Granting a user read-only access to a file they need to view
AnswersB, E

This minimizes privileges to job duties.

Why this answer

Correct: Granting a user only read access to a file (A) and assigning a database administrator only the necessary permissions for their job (B) both restrict privileges to the minimum required. Option C is an example of defense in depth; Option D is a backup procedure; Option E is a physical control.

33
Multi-Selectmedium

Which TWO of the following controls are examples of defense in depth?

Select 2 answers
A.Single sign-on
B.Encryption at rest
C.Network firewall
D.Anti-malware software
E.Strong password policy
AnswersC, D

A network firewall is a perimeter security layer.

Why this answer

Defense in depth uses multiple layers. Firewalls and anti-malware are typical layers. Option A (firewall) is a network layer, Option C (anti-malware) is a host layer.

Option B (single sign-on) is a convenience feature, not a security layer. Option D (strong password policy) is a procedural control but not a layered defense. Option E (encryption) is a control but defense in depth focuses on overlapping controls; encryption alone is not a layer in the same sense.

However, encryption can be considered a layer, but typically defense in depth includes network, host, and application layers. For this question, firewall and anti-malware are clearest.

34
MCQhard

An organization implements a role-based access control (RBAC) system. To maintain the principle of least privilege, what should the administrator do when a user changes roles?

A.Remove the previous role's access and assign the new role's access.
B.Keep all access and let the manager manually remove as needed.
C.Use a single role for all users to simplify management.
D.Add the new role's access while keeping the previous role's access.
AnswerA

This ensures the user has only the permissions needed for their new role, following least privilege.

35
MCQmedium

A security team is designing a network for a hospital. They need to ensure that patient data is accessible to doctors only when needed, but also protected from unauthorized access. Which principle BEST balances these requirements?

A.Defense in depth
B.Least privilege
C.Non-repudiation
D.Balancing the CIA triad
AnswerD

Balancing confidentiality and availability is key; doctors need timely access but unauthorized access must be prevented.

Why this answer

The question asks for the principle that best balances accessibility with protection. The CIA triad (Confidentiality, Integrity, Availability) is the foundational model for balancing these three competing priorities. In a hospital network, doctors need availability of patient data when needed, but confidentiality must protect against unauthorized access; balancing the triad means making trade-offs between these goals, such as using role-based access controls to ensure availability for authorized users while enforcing confidentiality.

Option D directly addresses this balancing act, whereas the other options focus on a single aspect.

Exam trap

ISC2 often tests the misconception that 'least privilege' is the best answer for balancing access and protection, but the trap is that least privilege is a component of confidentiality, not a principle for balancing all three CIA goals; the question specifically asks for the principle that 'best balances' the requirements, which is the CIA triad itself.

How to eliminate wrong answers

Option A is wrong because defense in depth is a layered security strategy (e.g., firewalls, IDS, encryption) that does not inherently balance accessibility with protection; it focuses on preventing breaches, not on ensuring data is available when needed. Option B is wrong because least privilege restricts access to the minimum necessary, which can hinder doctors' ability to access patient data in emergencies if not carefully implemented with break-glass mechanisms; it prioritizes confidentiality over availability. Option C is wrong because non-repudiation ensures that actions (e.g., accessing records) cannot be denied, typically via digital signatures or audit logs, but it does not address the balance between access and protection; it is about accountability, not availability.

36
MCQmedium

A company's security policy mandates that all changes to the firewall configuration must be approved by two different administrators before implementation. This is an example of which security principle?

A.Defense in depth
B.Need to know
C.Separation of duties
D.Least privilege
AnswerC

Requiring two administrators for approval is a classic example of separation of duties.

Why this answer

Option C is correct because the requirement for two different administrators to approve firewall configuration changes enforces separation of duties. This principle ensures that no single individual has the authority to make unilateral changes, reducing the risk of unauthorized or malicious modifications. In firewall management, this prevents a single admin from bypassing security controls or introducing backdoors without oversight.

Exam trap

ISC2 often tests separation of duties by presenting scenarios that involve dual approval or task division, and the trap here is confusing it with least privilege, as both limit individual power but least privilege focuses on permissions scope rather than collaborative authorization.

How to eliminate wrong answers

Option A is wrong because defense in depth involves multiple layers of security controls (e.g., firewall, IDS, encryption) to protect assets, not administrative approval workflows. Option B is wrong because need to know restricts access to information based on job requirements, not the authorization process for changes. Option D is wrong because least privilege limits users to the minimum permissions necessary for their role, but does not inherently require dual approval for actions; separation of duties specifically addresses the division of critical tasks among multiple individuals.

37
MCQeasy

A network administrator configures the ACL on a router as shown. What is the effect of this access list?

A.Blocks Telnet traffic entering the interface, but allows all other traffic
B.Blocks SSH traffic (port 22) from entering the interface
C.Blocks Telnet traffic leaving the interface, but allows all other traffic
D.Blocks all TCP traffic except Telnet
AnswerA

The deny statement blocks port 23 (Telnet), and the permit any permits everything else.

Why this answer

Option A is correct because the ACL denies TCP traffic to port 23 (Telnet) and permits all other IP traffic. Option B is wrong because SSH is port 22. Option C is wrong because the ACL is applied inbound on Gig0/1, so it filters incoming traffic only, not outgoing.

Option D is wrong because it applies to all TCP traffic, not just Telnet.

38
MCQeasy

An organization's security policy mandates that data must be encrypted both at rest and in transit. Which combination of controls meets this requirement?

A.AES encryption for files and IPsec for network traffic
B.BitLocker and EFS
C.S/MIME for email and RBAC for file access
D.Full-disk encryption and TLS for network communications
AnswerD

Full-disk encryption secures data at rest, and TLS secures data in transit.

Why this answer

Option C is correct because full-disk encryption protects data at rest, and TLS encrypts data in transit. AES is an encryption algorithm, but not a protocol; IPsec encrypts in transit but not at rest. S/MIME is for email in transit, but doesn't cover other data.

RBAC manages access, not encryption.

39
MCQeasy

Refer to the exhibit. Which security control is MOST likely triggered?

B.Account lockout policy
C.Antivirus software
D.Firewall rule
AnswerB

Correct. The message 'account locked due to multiple failed attempts' directly indicates this.

Why this answer

The log shows an account lockout after multiple failed authentication attempts, indicating an account lockout policy is in effect.

40
MCQhard

A company's security policy states that sensitive data must be encrypted using AES-256. During an audit, it is found that some data is encrypted with AES-128. Which security objective is most directly compromised?

A.Integrity
B.Availability
C.Confidentiality
D.Non-repudiation
AnswerC

Correct. Weaker encryption undermines confidentiality by reducing the effort required to break the encryption.

Why this answer

AES-256 offers a higher security margin than AES-128. Using weaker encryption (AES-128) directly reduces the confidentiality protection, making it easier for an attacker to decrypt the data.

41
MCQeasy

A security administrator notices that an employee is able to access files in a project folder they should not have access to. Which security principle is being violated?

A.Least privilege
B.Non-repudiation
C.Separation of duties
D.Defense in depth
AnswerA

Least privilege means users get only necessary permissions; unauthorized access violates this.

Why this answer

The scenario describes an employee accessing files they should not have access to, which directly violates the principle of least privilege. This principle mandates that users and processes should be granted only the minimum permissions necessary to perform their job functions. The administrator's observation indicates that the employee's access rights exceed what is required, leading to unauthorized file access.

Exam trap

ISC2 often tests least privilege by presenting a scenario where a user has more access than needed, and candidates may confuse it with separation of duties because both involve access control, but the key distinction is that least privilege focuses on the level of access per user, while separation of duties focuses on dividing responsibilities among multiple users.

How to eliminate wrong answers

Option B is wrong because non-repudiation ensures that a party cannot deny the authenticity of their actions (e.g., via digital signatures or audit logs), but it does not address the assignment or restriction of access permissions. Option C is wrong because separation of duties divides critical tasks among multiple individuals to prevent fraud or error (e.g., one person requests access, another approves), but the issue here is excessive permissions for a single user, not a lack of task division. Option D is wrong because defense in depth is a layered security strategy (e.g., firewalls, IDS, encryption) that provides multiple controls, but it does not specifically govern the granularity of user permissions; the violation is about over-provisioned access, not insufficient layers.

42
MCQmedium

An AWS administrator attached this IAM policy to a user. What is the effect of this policy?

A.The user can delete the bucket if allowed by another policy.
B.The user can still delete objects inside the bucket.
C.The user can delete any bucket except critical-data.
D.The user cannot delete the bucket critical-data.
AnswerD

The Deny effect prevents deletion of the specified bucket.

Why this answer

The policy explicitly denies the s3:DeleteBucket action on the critical-data bucket, overriding any allow.

43
MCQeasy

Which concept ensures that a user cannot deny having performed a specific action?

A.Non-repudiation
B.Availability
C.Integrity
D.Authorization
AnswerA

Non-repudiation provides irrefutable evidence of an action, preventing denial.

Why this answer

Non-repudiation ensures that a user cannot deny having performed a specific action, typically by using cryptographic mechanisms such as digital signatures or audit logs. In the context of the CC exam, this is most commonly achieved through public key infrastructure (PKI) where a private key signs an action, and the corresponding public key verifies the signature, providing irrefutable proof of origin. This prevents a user from later claiming they did not send a message or perform a transaction.

Exam trap

ISC2 often tests the confusion between non-repudiation and integrity, where candidates mistakenly think that ensuring data hasn't changed (integrity) also proves who changed it, but non-repudiation specifically requires a binding identity proof like a digital signature.

How to eliminate wrong answers

Option B (Availability) is wrong because it ensures that systems and data are accessible when needed, often through redundancy and fault tolerance, not by preventing denial of actions. Option C (Integrity) is wrong because it guarantees that data has not been altered or tampered with, typically via hashing or checksums, but does not provide proof of who performed an action. Option D (Authorization) is wrong because it controls what resources a user can access or what actions they can perform, based on policies or permissions, but does not create an irrefutable record of those actions.

44
MCQmedium

After a ransomware attack, the company wants to ensure that critical data can be restored. Which principle is being addressed?

A.Integrity
B.Confidentiality
C.Availability
D.Non-repudiation
AnswerC

Availability ensures data is accessible when needed; backups support recovery.

Why this answer

Correct: C - Availability. Availability ensures data is accessible when needed, and backups are a key control. Option A is wrong because confidentiality prevents unauthorized disclosure.

Option B is wrong because integrity ensures data accuracy. Option D is wrong because non-repudiation ensures actions cannot be denied.

45
Matchingmedium

Match each security policy type to its focus.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Rules for using company assets

How long data is kept

Steps to restore IT after a disaster

Maintain operations during disruptions

Why these pairings

These policies are part of governance and compliance.

46
MCQmedium

A company wants to ensure that a message received was not altered in transit. Which principle is of primary concern?

A.Availability
B.Authentication
C.Confidentiality
D.Integrity
AnswerD

Integrity ensures data is unaltered.

Why this answer

Correct: D - Integrity. Integrity ensures data has not been modified by unauthorized parties. Option A is wrong because confidentiality protects against disclosure.

Option B is wrong because availability ensures access. Option C is wrong because authentication verifies identity.

47
MCQhard

A company has implemented a role-based access control (RBAC) system. A new employee in the finance department is granted the 'Finance User' role, which allows them to view invoices but not create payments. However, after a system upgrade, it is discovered that the 'Finance User' role now includes the ability to create payments due to a misconfiguration. The employee did not request this additional privilege and has not exploited it. The security team is notified. Which principle has been violated, and what is the most appropriate immediate action?

A.Separation of duties; disable the employee's account until an investigation is complete
B.Accountability; remove the 'Finance User' role from all employees
C.Least privilege; revoke the employee's access permanently
D.Least privilege; correct the role permissions to only what is necessary
AnswerD

This restores the principle without impacting the employee's legitimate duties.

Why this answer

Correct: Least privilege is violated because the employee has more permissions than needed. The immediate action is to correct the role permissions and revert the misconfiguration (C). Option A is wrong because the employee did not misuse the privilege; Option B is wrong because disabling the account prevents work; Option D is wrong because removing the role altogether is too broad.

48
MCQhard

An organization's security policy requires that all access to sensitive data must be approved by a data owner. An administrator configures a system to enforce this. Which principle is being implemented?

A.Accountability
B.Least privilege
C.Non-repudiation
D.Authorization
AnswerD

Authorization enforces permissions based on approval.

Why this answer

Correct: B - Authorization. Authorization determines what actions an authenticated user is permitted to perform, based on approval. Option A is wrong because least privilege is about limiting access to the minimum necessary, but does not mandate a separate approver.

Option C is wrong because accountability tracks actions. Option D is wrong because non-repudiation prevents denial.

49
Multi-Selecthard

Which TWO principles are essential for ensuring accountability in an information system? (Choose two.)

Select 2 answers
A.Confidentiality
B.Availability
C.Least privilege
D.Audit trails
E.Non-repudiation
AnswersD, E

Audit trails record actions, enabling traceability and accountability.

50
MCQhard

A system administrator accidentally grants a user full administrative rights instead of read-only. Which control would best detect this error?

A.Preventive control
B.Deterrent control
C.Corrective control
D.Detective control
AnswerD

Detective controls like audit logs can detect the misconfiguration.

Why this answer

Detective controls, such as audit logs and monitoring, identify misconfigurations after they occur. Option B (Preventive) blocks errors. Option C (Corrective) fixes issues.

Option D (Deterrent) discourages.

51
MCQmedium

During a forensic investigation, it is crucial to preserve the original evidence. What is the first step the investigator should take when acquiring a hard drive?

A.Boot the drive to check for operating system errors
B.Turn off the computer and remove the hard drive
C.Create a forensic image using a write blocker
D.Calculate the hash of the original drive
AnswerC

A write-blocked forensic image ensures no data is altered during acquisition.

Why this answer

Option C is correct because creating a bit-for-bit forensic image (write blocker) preserves the original evidence. Hashing (A) verifies integrity but is done after imaging. Booting (B) modifies data.

Turning off (D) may be necessary but not the first acquisition step; the first step is to image with a write blocker.

52
Multi-Selectmedium

Which TWO of the following are methods to ensure non-repudiation? (Select two).

Select 2 answers
A.Audit logs
B.Biometric authentication
C.Digital signatures
D.Access control lists
E.Encryption
AnswersA, C

Correct. Audit logs provide evidence of actions, supporting non-repudiation.

Why this answer

Digital signatures provide cryptographic proof of origin, and audit logs provide a record of actions. Together they ensure that a party cannot deny involvement.

53
MCQhard

A multinational corporation has a policy that all sensitive emails must be digitally signed and encrypted. However, during a recent internal audit, it was discovered that many employees were not using digital signatures because the process was cumbersome. As a result, the company could not prove that certain emails were actually sent by the claimed sender. The security team needs to improve compliance without sacrificing security. Which of the following is the best approach?

A.Implement a mandatory training program emphasizing the importance of digital signatures.
B.Reduce the encryption strength to speed up the signing process.
C.Integrate the signing process seamlessly into the email client to reduce friction.
D.Allow employees to use personal signing certificates.
AnswerC

Seamless integration improves user compliance while maintaining security.

Why this answer

Integrating the signing process seamlessly into the email client reduces friction and increases compliance while maintaining security. Training alone does not address the cumbersome process, reducing encryption strength weakens security, and allowing personal certificates complicates management.

54
MCQmedium

A company experiences a data breach where customer PII was exfiltrated. The incident response team contains the breach and restores systems. Which step in the risk management process should the company prioritize next to prevent recurrence?

A.Risk mitigation
B.Risk communication
C.Risk assessment
D.Risk identification
AnswerA

Risk mitigation (treatment) is the next step to reduce the risk of recurrence.

Why this answer

After an incident, risk treatment involves implementing controls to reduce risk. Risk identification already occurred.

55
Multi-Selecteasy

Which THREE are core components of the CIA triad? (Choose three.)

Select 3 answers
A.Confidentiality
B.Integrity
C.Accountability
D.Availability
E.Non-repudiation
AnswersA, B, D

Confidentiality is one of the three core CIA goals.

56
MCQmedium

An analyst reviews the exhibit. Which security principle is being violated by allowing root login via SSH?

A.Fail-safe
B.Least privilege
C.Defense in depth
D.Separation of duties
AnswerB

Correct. Root should not be allowed to log in directly.

Why this answer

Allowing root login via SSH violates the principle of least privilege because it grants unrestricted administrative access to the system, bypassing any need for privilege escalation. In a properly secured SSH configuration, root login should be disabled (e.g., `PermitRootLogin no` in `/etc/ssh/sshd_config`), forcing administrators to log in as a regular user and then use `sudo` or `su` to elevate privileges only when necessary. This minimizes the attack surface and ensures that actions are auditable and tied to a specific user account.

Exam trap

ISC2 often tests the distinction between least privilege and defense in depth, where candidates mistakenly choose defense in depth because they think multiple security layers are involved, but the question specifically targets the principle of granting only the minimum necessary access.

How to eliminate wrong answers

Option A is wrong because fail-safe refers to a system defaulting to a secure state upon failure (e.g., a firewall dropping all traffic if it crashes), not to restricting root access. Option C is wrong because defense in depth involves multiple layers of security controls (e.g., firewalls, IDS, encryption), whereas disabling root login is a single access control measure. Option D is wrong because separation of duties divides critical tasks among multiple individuals to prevent fraud or error, which is unrelated to the SSH root login configuration.

57
Drag & Dropmedium

Drag and drop the steps to configure a wireless access point with WPA2-PSK security into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

WPA2-PSK requires setting SSID, security mode, and PSK.

58
MCQeasy

A security administrator notices that a user's account has been used to access sensitive files at unusual hours. Which security principle would most effectively help detect this type of activity?

A.Non-repudiation
B.Availability
C.Integrity
D.Accountability
AnswerD

Accountability tracks user activities and enables detection.

Why this answer

Accountability enables tracking of user actions through logs and monitoring. Option A (Non-repudiation) prevents denial of actions but does not focus on detection. Option B (Integrity) ensures data accuracy.

Option C (Availability) ensures data is accessible.

59
Multi-Selecthard

When designing a secure network, which TWO of the following are fundamental security principles that should be applied?

Select 2 answers
A.Fail secure
B.Complete mediation
C.Open design
D.Economy of mechanism
E.Least privilege
AnswersA, E

Fail secure ensures security during failures.

Why this answer

Fail secure ensures the system remains secure on failure. Least privilege restricts access to the minimum. The other options are important but less fundamental in network design.

60
Multi-Selecteasy

Which TWO of the following are examples of security principles?

Select 2 answers
A.Encryption
B.Least privilege
E.Defense in depth
AnswersB, E

Least privilege is a security principle.

Why this answer

Least privilege is a foundational security principle that dictates users, processes, or systems should only be granted the minimum access rights necessary to perform their functions. This reduces the attack surface and limits potential damage from compromised accounts or insider threats. It is a design concept, not a specific technology, which is why it qualifies as a security principle.

Exam trap

ISC2 often tests the distinction between security principles (like least privilege and defense in depth) and security technologies (like encryption, firewalls, and VLANs), trapping candidates who confuse implementation tools with the underlying design concepts.

61
MCQmedium

A mid-sized company has a network with 200 employees. The security team has implemented a policy that requires all employees to use complex passwords and change them every 60 days. However, the company has experienced multiple phishing attacks where employees have willingly provided their credentials to fake websites. The CEO wants to implement a more robust authentication method. The company uses Microsoft Active Directory and has a budget for new security tools. They also have a remote workforce. Which of the following is the BEST course of action to address the phishing risk?

A.Increase password complexity requirements and change frequency to every 30 days
B.Conduct annual phishing awareness training
C.Deploy multi-factor authentication (MFA) for all remote access and critical systems
D.Implement a password manager for all employees
AnswerC

Correct. MFA adds a second layer that phished passwords cannot bypass.

Why this answer

Multi-factor authentication (MFA) significantly reduces the risk of credential theft because even if a password is phished, the attacker cannot authenticate without the second factor. The other options either do not address phishing directly or are less effective.

62
MCQmedium

A company deploys a web application firewall (WAF), performs regular vulnerability scans, and implements strict access controls. Which security principle is being applied?

A.Defense in depth
B.Accountability
C.Risk management
D.Least privilege
AnswerA

Multiple layers of security controls exemplify defense in depth.

Why this answer

Defense in depth is the security principle of layering multiple independent security controls so that if one fails, others still provide protection. The question describes three distinct layers: a WAF (application-layer filtering), vulnerability scanning (proactive detection), and strict access controls (preventive policy). This stacking of different types of controls across the network, host, and application layers is the textbook definition of defense in depth.

Exam trap

ISC2 often tests defense in depth by listing multiple security tools and expecting candidates to recognize the layering concept, but the trap here is that candidates confuse 'defense in depth' with 'least privilege' because both involve multiple controls, when in fact least privilege is just one layer within a defense-in-depth strategy.

How to eliminate wrong answers

Option B (Accountability) is wrong because accountability refers to tracking user actions through logging and auditing (e.g., syslog, auditd) to hold individuals responsible, not to deploying multiple protective layers. Option C (Risk management) is wrong because risk management is the broader process of identifying, assessing, and mitigating risks (e.g., via risk matrices or quantitative analysis), not the specific architectural strategy of layering controls. Option D (Least privilege) is wrong because least privilege is a specific access control principle that grants only the minimum permissions needed to perform a task (e.g., using RBAC with minimal roles), not the combination of WAF, scans, and access controls.

63
MCQmedium

During a security audit, it is discovered that a single administrator can create user accounts, assign privileges, and review audit logs. Which principle is most likely being violated?

A.Separation of duties
B.Least privilege
C.Need to know
D.Defense in depth
AnswerA

Correct. The combination of account creation, privilege assignment, and audit review in one person violates separation of duties.

Why this answer

Separation of duties requires that conflicting critical tasks be performed by different individuals to prevent fraud or error. The administrator has both operational and oversight roles, violating this principle.

64
MCQeasy

Which control type is considered a physical security control?

A.Firewall rules
B.Security cameras
C.User training
D.Encryption
AnswerB

Security cameras are a physical control that monitors the environment.

Why this answer

Security cameras are a physical security control because they deter, detect, and record unauthorized physical access or activity in a facility. They are deployed as part of a layered physical security strategy, often integrated with access control systems and monitored by security personnel. Unlike logical or administrative controls, cameras directly protect tangible assets and premises.

Exam trap

ISC2 often tests the distinction between physical, administrative, and technical controls, and the trap here is that candidates confuse 'security cameras' as a monitoring/logging control (which is technical) rather than recognizing that the camera hardware itself is a physical asset deployed for physical security.

How to eliminate wrong answers

Option A is wrong because firewall rules are a logical/technical control that filters network traffic based on IP addresses, ports, and protocols; they do not physically prevent access to hardware or facilities. Option C is wrong because user training is an administrative control that educates personnel on security policies and procedures, not a physical barrier or monitoring mechanism. Option D is wrong because encryption is a technical/cryptographic control that protects data confidentiality during storage or transmission, but it does not physically secure hardware or locations.

65
Drag & Dropmedium

Drag and drop the steps to perform a password reset on a Windows user account into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Password reset requires admin rights and is done via Local Users and Groups in Computer Management.

66
MCQhard

An organization wants to implement a policy where employees must use a smart card and a PIN to access sensitive data. This is an example of:

B.Single factor authentication
D.Biometric authentication
AnswerA

Correct. This is MFA because it combines something you have (smart card) and something you know (PIN).

Why this answer

Multi-factor authentication (MFA) requires two or more different types of authentication factors. Here, the smart card (something you have) and PIN (something you know) constitute two factors, making it MFA.

67
Multi-Selecthard

Which THREE of the following are considered essential security principles according to ISC2?

Select 3 answers
A.Separation of duties
B.Encryption
C.Non-repudiation
D.Biometrics
E.Least privilege
AnswersA, C, E

Separation of duties prevents conflicts of interest.

Why this answer

Correct: A, B, D. Least privilege, non-repudiation, and separation of duties are key security principles. Biometrics and encryption are mechanisms, not principles.

68
Multi-Selecteasy

Which TWO of the following are examples of preventive security controls?

Select 2 answers
A.Encryption
B.Backup
C.Antivirus software
AnswersC, D

Antivirus prevents malware execution.

Why this answer

Firewalls and antivirus software are preventive controls that block or stop attacks. IDS is detective, encryption is protective but not primarily preventive, and backup is corrective.

69
MCQhard

A financial services firm has a data center that houses customer financial records. They have implemented a defense-in-depth strategy including firewalls, IDS/IPS, and encryption. Recently, an internal audit revealed that a junior administrator has been logging into the database server with a shared admin account and has made unauthorized changes to customer records. The company wants to prevent such incidents in the future while maintaining operational efficiency. The current environment uses Linux servers with PostgreSQL databases. There is no centralized authentication system. What is the BEST action to take?

A.Increase the frequency of password changes for the shared admin account
B.Disable all shared accounts and implement individual accounts with role-based access control and audit logging
C.Use database encryption to prevent unauthorized changes
D.Implement a network access control (NAC) solution to restrict database access to specific IP addresses
AnswerB

Correct. This enforces accountability and least privilege.

Why this answer

The core issue is the lack of accountability due to a shared admin account. Disabling shared accounts and implementing individual accounts with role-based access control (RBAC) and audit logging directly addresses this by ensuring each action is tied to a specific user, enabling non-repudiation and precise forensic analysis. This aligns with the principle of least privilege and is the most effective way to prevent unauthorized changes while maintaining operational efficiency through granular permission management.

Exam trap

ISC2 often tests the misconception that encryption or network controls can solve insider threats, when in reality, only user-level accountability and audit trails can prevent and trace unauthorized actions by authenticated users.

How to eliminate wrong answers

Option A is wrong because increasing password change frequency for a shared account does not solve the lack of accountability; multiple users still share credentials, making it impossible to trace who made specific changes. Option C is wrong because database encryption protects data at rest or in transit from external interception, but it does not prevent an authenticated user (the junior admin) from making unauthorized modifications. Option D is wrong because network access control (NAC) restricts which IP addresses can connect to the database, but it does not address the internal threat of an authorized user with a shared account making unauthorized changes from an allowed IP.

70
MCQmedium

A security engineer is designing a backup strategy for a critical database. The database must be recoverable within four hours in the event of a failure. Which security principle primarily drives this requirement?

A.Availability
B.Integrity
C.Non-repudiation
D.Confidentiality
AnswerA

The requirement specifies recovery within a time frame, which is a measure of availability.

Why this answer

Availability ensures that systems and data are accessible when needed. Recovery time objective (RTO) of four hours is an availability requirement. Option C is correct.

Option A (confidentiality) protects data secrecy. Option B (integrity) ensures data accuracy. Option D (non-repudiation) prevents denial of actions.

71
MCQhard

You are a security analyst at a mid-sized financial firm. The company has a policy that all remote access must be secured using a VPN. Recently, an employee reported that they were able to connect to the internal network from a coffee shop without using the VPN client. The employee accidentally left the client running but it was not authenticating. Upon investigation, you find that the network administrator had configured a rule on the firewall to allow RDP traffic from any public IP to a specific internal server for maintenance purposes. The rule was supposed to be temporary but was never removed. The server contains sensitive customer data. The incident has been reported to management. Which of the following is the most immediate corrective action you should take?

A.Remove the temporary firewall rule that allows RDP from any public IP
B.Disable RDP access on all servers
C.Conduct a full audit of all firewall rules
D.Implement a security awareness training program for all employees
AnswerA

This immediately closes the unauthorized access path.

Why this answer

Correct: Removing the temporary firewall rule closes the unauthorized access path. Option A is wrong because disabling RDP entirely may disrupt legitimate maintenance; Option C is wrong because a security awareness training is long-term, not immediate; Option D is wrong because conducting an audit does not remove the immediate risk.

72
MCQhard

A cloud security engineer reviews the following S3 bucket policy. What is the primary security risk?

A.The bucket does not have encryption enabled
B.The bucket policy permits deletion of objects by anyone
C.The bucket allows unauthorized users to write objects
D.The bucket is publicly readable, allowing anyone to access its contents
AnswerD

Principal: * allows anonymous access, and GetObject permits reading.

Why this answer

Option A is correct because the policy allows any anonymous user to read any object in the bucket (Principal: * without condition). Option B is wrong because write access is not granted. Option C is wrong because the risk is unauthorized read, not deletion.

Option D is wrong; encryption is not addressed here.

73
MCQmedium

A security engineer is configuring a firewall to allow web traffic but block all other inbound connections. The firewall is set to deny all traffic by default and only allow specific ports. Which security principle is being applied?

A.Default deny
B.Defense in depth
C.Fail-safe
D.Least privilege
AnswerA

Correct. The firewall denies everything by default.

Why this answer

The correct answer is A, Default deny. The scenario describes a firewall configured to deny all traffic by default and then explicitly allow only specific ports (e.g., TCP 80/443 for web traffic). This directly implements the default deny security principle, where any traffic not explicitly permitted is blocked.

This contrasts with a default allow posture, which would permit all traffic unless explicitly denied.

Exam trap

ISC2 often tests the distinction between 'default deny' (a firewall ACL posture) and 'least privilege' (a user/process access control model), causing candidates to confuse network-level traffic filtering with user-level permissions.

How to eliminate wrong answers

Option B is wrong because defense in depth is a layered security strategy using multiple controls (e.g., firewall, IDS, antivirus), not a single rule about default traffic handling. Option C is wrong because fail-safe ensures a system defaults to a secure state upon failure (e.g., a firewall blocking all traffic if it crashes), not the initial configuration of allowing only specific ports. Option D is wrong because least privilege grants users or processes only the minimum access needed to function, which applies to user permissions, not to firewall rule sets that control network traffic.

74
MCQeasy

An organization is developing a security policy that defines the rules for acceptable use of company resources. Which principle should guide the creation of this policy to ensure it is enforceable and effective?

A.Non-repudiation
B.Defense in depth
C.Least privilege
D.Separation of duties
AnswerC

Least privilege ensures users have only necessary access, making policy enforceable.

Why this answer

Least privilege minimizes risk by granting only necessary access. Other principles are less relevant for policy enforcement.

75
MCQmedium

A company implements two-factor authentication (2FA) for all remote access. Which primary security goal is this enhancing?

A.Availability
B.Integrity
C.Confidentiality
D.Non-repudiation
AnswerC

2FA ensures only authorized users access data, protecting confidentiality.

Why this answer

2FA strengthens authentication, ensuring only authorized users access data, thereby protecting confidentiality. Option B (Integrity) is about data accuracy. Option C (Availability) is about uptime.

Option D (Non-repudiation) is about proof of actions.

Page 1 of 3 · 159 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Security Principles questions.