Section 2: IT Security Fundamentals

Question 1

Type: Question & Answer
Question: What security principle ensures that sensitive information is only accessed by those with authorisation and kept away from unauthorised individuals?

Answer 1

Answer: Confidentiality

Question 2

Type: Multiple Choice Question (Select ONE answer)
Question: Which of the following is a primary method for maintaining Confidentiality in IT security?
A) Implementing redundancy in systems
B) Using hashing algorithms for data verification
C) Applying strong encryption to data
D) Ensuring physical access to servers

Answer 2

Answer: C) Applying strong encryption to data

Question 3

Type: True/False
Question: Integrity in the CIA Triad primarily focuses on ensuring data is always available to authorised users.

Answer 3

Answer: False (Integrity focuses on accuracy and reliability, preventing unauthorised changes.)

Question 4

Type: Multiple Choice Question (Select ONE answer)
Question: Which of the following is crucial for maintaining data integrity?
A) Secure communication channels
B) Data consistency
C) Backup systems
D) Access control lists for physical entry

Answer 4

Answer: B) Data consistency

Question 5

Type: Multiple Choice Question (Select ALL that apply)
Question: Which of the following are methods used to maintain Availability in IT systems?
A) Redundancy
B) Fault Tolerance
C) Encryption
D) Backup Systems

Answer 5

Answer: A, B, D

Question 6

Type: True/False
Question: The CIA Triad stands for Confidentiality, Integrity, and Authentication.

Answer 6

Answer: False (It stands for Confidentiality, Integrity, and Availability.)

Question 7

Type: Question & Answer
Question: Which element of the DAD Triad refers to the unauthorised access and exposure of information?

Answer 7

Answer: Disclosure

Question 8

Type: Multiple Choice Question (Select ONE answer)
Question: When unauthorised changes are made to data, it represents a loss of integrity, which corresponds to which element of the DAD Triad?
A) Disclosure
B) Alteration
C) Denial
D) Destruction

Answer 8

Answer: B) Alteration

Question 9

Type: True/False
Question: Denial, in the DAD Triad, directly attacks the availability principle by making information inaccessible.

Answer 9

Answer: True

Question 10

Type: Question & Answer
Question: What security concept ensures that a party in communication cannot deny the authenticity of their signature on a document or a message sent by them?

Answer 10

Answer: Non-Repudiation

Question 11

Type: Multiple Choice Question (Select ONE answer)
Question: Non-repudiation is typically implemented using:
A) Symmetric encryption
B) Digital signatures
C) Firewall rules
D) Physical access controls

Answer 11

Answer: B) Digital signatures

Question 12

Type: Question & Answer
Question: What is the process of verifying a user’s identity, device, or any other entity in a computer system, often involving passwords or biometrics?

Answer 12

Answer: Authentication

Question 13

Type: Multiple Choice Question (Select ONE answer)
Question: After a user successfully authenticates, the system determines what resources and actions they are allowed to perform. This process is called:
A) Accounting
B) Identification
C) Authorisation
D) Auditing

Answer 13

Answer: C) Authorisation

Question 14

Type: True/False
Question: The “Accounting” component of the AAA framework involves keeping track of activities to monitor logs of a user’s actions for auditing purposes.

Answer 14

Answer: True

Question 15

Type: Multiple Choice Question (Select ONE answer)
Question: A methodical assessment that compares an organisation’s current security posture with established standards and regulatory requirements to identify areas for improvement is known as a:
A) Risk assessment
B) Vulnerability scan
C) Gap analysis
D) Penetration test

Answer 15

Answer: C) Gap analysis

Question 16

Type: Multiple Choice Question (Select ONE answer)
Question: Strict identity verification, least privilege access, Multi-Factor Authentication (MFA), and monitoring/logging all traffic are concepts associated with:
A) Traditional perimeter security
B) Zero Trust
C) Discretionary Access Control
D) Physical security

Answer 16

Answer: B) Zero Trust

Question 17

Type: Question & Answer
Question: What modern security philosophy requires verification of access each time, assuming no inherent trust inside or outside the network perimeter?

Answer 17

Answer: Zero Trust

Question 18

Type: True/False
Question: In a Zero Trust model, once a user is authenticated, they are automatically granted full access to all network resources.

Answer 18

Answer: False (Zero Trust requires continuous verification and adherence to least privilege.)