CC · topic practice

Security Principles practice questions

Use this page to practise Security Principles questions for this certification. Focus on how the exam tests security principles in scenario format — understanding the why behind each answer builds more durable knowledge than memorising options.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Security Principles

What the exam tests

What to know about Security Principles

Security Principles questions on this certification test your ability to deploy and manage security principles concepts in scenario-based situations.

Core Security Principles concepts and how they apply in real-world cloud scenarios.

How to deploy security principles correctly and verify the outcome.

Troubleshooting security principles issues by interpreting error output and system state.

Cloud best practices and Security Principles design trade-offs tested by this certification.

Watch out for

Common Security Principles exam traps

  • Selecting the most expensive service when a simpler managed option meets the requirement.
  • Forgetting that cloud resources must be explicitly secured — defaults are rarely secure.
  • Choosing a global service fix when the issue is region-specific.
  • Overlooking cost implications of cross-region data transfer in architecture questions.

Practice set

Security Principles questions

20 questions · select your answer, then reveal the explanation

A security analyst discovers that an employee's workstation has been infected with ransomware. Which security principle has been directly violated?

A company is designing a new authentication system for remote employees. They want to ensure that if one authentication factor is compromised, the system remains secure. Which security principle should they apply?

During a security audit, it is found that a database administrator can access payroll data. The company policy states that administrators should not have access to sensitive HR data. Which security principle is being violated?

A company has implemented a policy where all employees must use a smart card and PIN to access the data center. Which security principle does this practice support?

A security engineer is configuring a firewall to allow web traffic but block all other inbound connections. The firewall is set to deny all traffic by default and only allow specific ports. Which security principle is being applied?

An organization is implementing a new system that processes financial transactions. To reduce the risk of fraud, they ensure that no single individual can both initiate and approve a transaction. Which security principle is this?

A company's security policy states that employees should only have access to the data necessary to perform their job functions. This is an example of which principle?

After a security breach, it was discovered that an attacker used a stolen certificate to sign malicious code. Which security principle was compromised?

A security analyst is reviewing logs and finds that a user accessed files outside of their department. The user claims it was necessary for a project. Which principle should the analyst use to assess whether this was appropriate?

A company wants to ensure that if a server fails, it does not cause a security breach. Which principle should guide the design?

A security team implements a policy that requires all access to sensitive data to be logged and audited. Which principle is being enforced?

Which TWO of the following are fundamental security principles? (Select TWO.)

Which THREE of the following are examples of implementing defense in depth? (Select THREE.)

Which TWO of the following are principles of the CIA triad? (Select TWO.)

Which THREE of the following are examples of the principle of least privilege? (Select THREE.)

An analyst reviews the exhibit. Which security principle is being violated by allowing root login via SSH?

Exhibit

Refer to the exhibit.

```
Oct 15 10:23:45 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:46 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:47 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:48 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:49 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
```

An analyst reviews the exhibit. What security principle is best demonstrated by this policy?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::bucket1/*",
      "Condition": {
        "IpAddress": {"aws:SourceIp": "10.0.0.0/24"}
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::bucket2/*"
    }
  ]
}
```

An administrator reviews the exhibit. Which security principle is being violated?

Exhibit

Refer to the exhibit.

```
User: jdoe
Groups: Domain Users, VPN Users, HR-Read
Effective Permissions on \\server\HRDocs:
  - Read
  - Write (inherited from HR-Read group)
  - Deny Delete
```

A mid-sized company has a network with 200 employees. The security team has implemented a policy that requires all employees to use complex passwords and change them every 60 days. However, the company has experienced multiple phishing attacks where employees have willingly provided their credentials to fake websites. The CEO wants to implement a more robust authentication method. The company uses Microsoft Active Directory and has a budget for new security tools. They also have a remote workforce. Which of the following is the BEST course of action to address the phishing risk?

A financial services firm has a data center that houses customer financial records. They have implemented a defense-in-depth strategy including firewalls, IDS/IPS, and encryption. Recently, an internal audit revealed that a junior administrator has been logging into the database server with a shared admin account and has made unauthorized changes to customer records. The company wants to prevent such incidents in the future while maintaining operational efficiency. The current environment uses Linux servers with PostgreSQL databases. There is no centralized authentication system. What is the BEST action to take?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Security Principles sessions

Start a Security Principles only practice session

Every question in these sessions is drawn from the Security Principles domain — nothing else.

Related practice questions

Related CC topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CC exam test about Security Principles?
Security Principles questions on this certification test your ability to deploy and manage security principles concepts in scenario-based situations.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Security Principles questions in a focused session?
Yes — the session launcher on this page draws every question from the Security Principles domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CC topics?
Use the topic links above to move to related areas, or go back to the CC question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CC exam covers. They are not copied from any real exam or dump site.