Skip to content

This textbook is in beta – content is actively being refined. Report issues or suggestions

15.01 Security Fundamentals CIA Triad and AAA - Quiz

Section 15.01 Quiz: CIA Triad and AAA

Question 1: What does the “C” in the CIA Triad represent?

  • Confidentiality { data-correct }
  • Consistency
  • Compliance
  • Continuity

Question 2: Which security principle ensures that data remains accurate and unmodified by unauthorized parties?

  • Confidentiality
  • Integrity { data-correct }
  • Availability
  • Authentication

Question 3: In the code examples, what technique was used to protect password storage?

  • Plain text storage
  • Simple MD5 hashing
  • PBKDF2 with salt { data-correct }
  • Base64 encoding

Question 4: What is the primary purpose of rate limiting in availability protection?

  • Improve system performance
  • Reduce server costs
  • Prevent resource exhaustion attacks { data-correct }
  • Enhance user experience

Question 5: Which authentication factor represents “something you are”?

  • Password
  • Smart card
  • Fingerprint { data-correct }
  • Security token

Question 6: In Role-Based Access Control (RBAC), what determines a user’s permissions?

  • User’s IP address
  • Time of access
  • User’s assigned role { data-correct }
  • System load

Question 7: What is the main purpose of accountability in security?

  • Prevent unauthorized access
  • Encrypt sensitive data
  • Track and audit user actions { data-correct }
  • Improve system performance

Question 8: In the authentication example, what happens after multiple failed login attempts?

  • Password is reset automatically
  • User account is deleted
  • Account is temporarily locked { data-correct }
  • System shuts down

Question 9: Which component ensures non-repudiation in the accountability system?

  • Password complexity requirements
  • Role-based permissions
  • Audit logging with integrity protection { data-correct }
  • Session timeout

Question 10: What does the circuit breaker pattern help protect against?

  • SQL injection attacks
  • Password brute force
  • Cascading system failures { data-correct }
  • Data encryption failures

Question 11: In the authorization example, why might a student be denied access to another student’s grades?

  • System maintenance
  • Network connectivity issues
  • Resource ownership restrictions { data-correct }
  • Database corruption

Question 12: What makes the audit logging system tamper-evident?

  • File permissions
  • Database encryption
  • Integrity hashes for each log entry { data-correct }
  • User authentication

Question 13: Which principle would be violated if unauthorized users could read encrypted student records?

  • Confidentiality { data-correct }
  • Integrity
  • Availability
  • Authorization

Question 14: In the library system example, what additional security measure is required for administrators?

  • Stronger passwords
  • IP address restrictions
  • Multi-factor authentication { data-correct }
  • Biometric scanning

Question 15: What is the primary benefit of implementing all six security principles together?

  • Reduced implementation costs
  • Improved system performance
  • Simplified user interface
  • Comprehensive defense-in-depth protection { data-correct }