By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
The CIA Triad (Confidentiality, Integrity, Availability) is the foundational model for information security. Risk management identifies, assesses, and mitigates threats to these three principles. Businesses, governments, and individuals use this framework to protect data, systems, and operations from cyberattacks, human error, and disasters.
Without CIA and risk management, organizations face legal penalties, reputational damage, and operational collapse.
Scenario: A small e-commerce website.
- Customer database (PII: names, emails, credit cards) - Website (WordPress + WooCommerce) - Payment gateway (Stripe API) - Employee laptops
Use a risk matrix (Likelihood vs. Impact):
A company stores customer credit card data in a database. Which CIA principle is most directly violated if an attacker steals this data?
A) Confidentiality B) Integrity C) Availability D) Non-repudiation
Correct Answer: A) ConfidentialityExplanation: Confidentiality ensures only authorized users access data. Theft violates this principle.Why the Distractors Are Tempting: - B) Integrity: Incorrect because integrity refers to data accuracy, not access.- C) Availability: Incorrect because availability refers to system uptime, not data theft.- D) Non-repudiation: Incorrect because this ensures actions can’t be denied (e.g., digital signatures).
A hospital’s electronic health record (EHR) system crashes during a ransomware attack. Which risk treatment strategy would have best prevented this?
A) Transferring risk via cyber insurance B) Reducing risk with redundant servers and backups C) Accepting the risk because attacks are rare D) Avoiding risk by not using digital records
Correct Answer: B) Reducing risk with redundant servers and backupsExplanation: Redundancy and backups directly mitigate availability risks.Why the Distractors Are Tempting: - A) Transferring risk: Insurance compensates for losses but doesn’t prevent downtime.- C) Accepting risk: Unwise for critical systems like healthcare.- D) Avoiding risk: Impractical—digital records are essential for modern healthcare.
A developer deploys a web app with a SQL injection vulnerability. Which CIA principle is most at risk, and what’s the best mitigation?
A) Confidentiality; enforce MFA B) Integrity; use parameterized queries C) Availability; deploy a WAF D) Confidentiality; encrypt the database
Correct Answer: B) Integrity; use parameterized queriesExplanation: SQL injection primarily threatens integrity (data tampering). Parameterized queries prevent injection.Why the Distractors Are Tempting: - A) Confidentiality: MFA protects access but doesn’t stop SQL injection.- C) Availability: A WAF can help but doesn’t address the root cause (bad code).- D) Confidentiality: Encryption protects data at rest but doesn’t stop injection attacks.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.