CIA TRIAD

Real‑World Scenarios

Confidentiality

Integrity

Availability

Cybersecurity Tools & Controls

100

A company encrypts customer data stored in its database. Which CIA principle is this?

What is confidentiality

100

This principle ensures information is only accessible to those authorized to see it.

What is confidentiality

100

This principle ensures data is accurate, complete, and unaltered.

What is integrity

100

This principle ensures information and systems are accessible when needed.

What is availability

100

This software scans for and removes malicious programs.

What is antivirus software

200

A backup server activates after the main server fails. Which principle?

What is availability

200

A common method to protect confidentiality by scrambling data.

What is encryption

200

A checksum or hash is used to verify this.

What is data integrity

200

Backups help maintain availability after this type of event.

What is data loss

200

Firewalls protect networks by controlling this.

What is traffic

300

A file’s hash value changes unexpectedly. Which principle is at risk?

What is integrity

300

This type of attack tricks users into revealing confidential information.

What is phishing

300

This type of malware modifies files without permission.

What is a virus

300

This type of attack overwhelms a system to make it unavailable.

What is a DDoS attack

300

This type of control includes policies, training, and awareness.

What are administrative controls

400

An employee accidentally deletes critical files. Which principle is impacted?

What is availability

400

Multi‑factor authentication strengthens confidentiality by requiring this.

What is additional verification

400

Digital signatures help ensure integrity and this.

What is authenticity

400

Redundant systems improve availability by providing this.

What is failover

400

This security model restricts access based on job roles.

What is role‑based access control (RBAC)

500

A hacker alters financial records without being detected. Which principle is violated?

What is integrity

500

This principle states users should only have the minimum access needed to do their job.

What is least privilege

500

This type of attack intercepts and alters communication between two parties.

What is a man‑in‑the‑middle attack

500

UPS devices protect availability by preventing outages caused by this.

What is power failure

500

This advanced tool monitors network traffic for suspicious behavior.

What is an intrusion detection system (IDS)