CERTIFIED-IN-CYBERSECURITY Question #316: Real Exam Question with Answer & Explanation

Question

Which principle is primarily concerned with preventing unauthorized data alteration or destruction?

Options

• AAvailability
• BConfidentiality
• CAuthentication
• DIntegrity

Explanation

Within the CIA Triad, integrity refers to ensuring that data remains accurate, consistent, and trustworthy throughout its lifecycle and, by implication, also preventing unauthorized alteration or destruction (see ISC2 Study Guide, Module 1, under The CIA Triad). Integrity is guaranteed by implementing measures such as using digital signatures, checksums, and version control. Authentication is primarily concerned with verifying the identity of users and ensuring that only authorized users can access data. However, authentication alone is not enough to prevent data alteration or destruction. For example, consider a customer logged into their online banking account using proper authentication methods and that a malicious attacker somehow gains access to the user's authenticated session (perhaps using session hijacking or man-in-the- middle attacks). Even though the user was properly authenticated, the attacker, riding on the authenticated session, could transfer funds to another account, alter transaction histories, or even delete the account. Authentication alone did not prevent data alteration or destruction. Regarding the other options, confidentiality is primarily concerned with preventing unauthorized access to data and ensuring that data is only accessible to authorized users. Availability primarily ensures data is accessible to authorized users when needed.

No community discussion yet for this question.