Confidentiality, Integrity, and Availability Exercise

Question 1

Your company handles sensitive financial data, and an employee has accidentally left a laptop with open files in a public area. Someone notices the data and takes a screenshot of it.

What would have prevented this breach of confidentiality?

A. Using strong encryption for sensitive files B. Setting strict internal policies for file storage C. Using a VPN for accessing the data remotely D. Both a and b

Question 2

A banking system experiences an issue where the transaction records in the database are modified by an attacker without authorization.

Which measure would best maintain data integrity and prevent such unauthorized modifications?

A. Using access control lists (ACLs) B. Implementing digital signatures on transaction data C. Regularly backing up transaction logs D. Encrypting database storage

Question 3

A popular e-commerce website faces a DDoS (Distributed Denial of Service) attack. The site becomes unresponsive.

Which action would improve the availability of the website and mitigate future DDoS attacks?

A. Implementing a load balancer and cloud-based DDoS protection B. Installing more firewalls C. Reducing the number of customer accounts D. Increasing the website's bandwidth

Question 4

A company sends sensitive financial data over email without encryption. An attacker intercepts the email.

Which of the following would best protect the confidentiality of sensitive data in emails?

A. Encrypting the email content using PGP B. Using a secure email provider like ProtonMail C. Implementing 2-factor authentication (2FA) D. Both a and b

Question 5

Your company’s server is configured to automatically install software updates. An attacker compromises the update server.

How could you maintain the integrity of the software updates and prevent such attacks?

A. Using digital signatures for software updates B. Enabling real-time monitoring C. Regularly patching the update server D. All of the above

Question 6

A critical system goes down after a server crash, and the business cannot access customer data for hours.

Which of the following ensures availability and reduces downtime?

A. Implementing regular backups and disaster recovery plans B. Increasing server storage capacity C. Encrypting backup files D. Limiting user access to the system