Domain 1 – Section A Review: Security Foundations

Security+ Domain 1 — General Security Concepts Section A — Security Foundations Review 10 Questions

This section integrates:

Security Control Categories and Types
The CIA Triad
Authentication, Authorization, and Accounting (AAA)

Security+ tests whether you can select the right control for a given scenario and apply foundational security principles to real-world situations.

1. Control Selection Based on Scenario

Controls are classified by category (technical, managerial, operational, physical) and by type (preventive, detective, corrective, deterrent, compensating, directive).

The best control is the one that matches the risk, the environment, and the constraint.
Category tells you who implements it. Type tells you what it does.

When a scenario describes a problem:

Identify whether the gap is technical, procedural, or physical.
Determine whether you need to prevent, detect, or correct.
Compensating controls exist when the ideal control is not feasible.

Do not confuse a control's category with its type. A security camera is physical (category) and detective (type). A firewall rule is technical (category) and preventive (type).

2. CIA Triad Application

Every security decision maps back to confidentiality, integrity, or availability:

Confidentiality — only authorized access.
Integrity — data is accurate and unaltered.
Availability — systems are accessible when needed.

Encryption protects confidentiality.
Hashing protects integrity.
Redundancy protects availability.

When a question asks what was compromised, map the attack to the specific CIA element. Data exfiltration targets confidentiality. Ransomware targets availability. Man-in-the-middle attacks can target integrity.

3. AAA Framework Decisions

Authentication, Authorization, and Accounting form the access control lifecycle:

Authentication verifies identity (who are you?).
Authorization determines permissions (what can you do?).
Accounting tracks actions (what did you do?).

Authentication must come before authorization.
Accounting ensures you can prove what happened.

Common exam traps:

Confusing authentication with authorization.
Forgetting that accounting provides the audit trail.
Assuming MFA solves authorization problems.

Section A Decision Pattern

When unsure in Domain 1 Section A:

Identify the CIA element at risk.
Classify the control by category and type.
Match the control to the scenario constraint.
Separate authentication from authorization issues.
Choose the most specific, scenario-appropriate answer.

Section A – Practice Questions

Question 1

A company requires all employees to watch a security training video before accessing production systems. What type of control is this?

A. Technical preventive
B. Operational detective
C. Managerial directive
D. Physical deterrent

Answer & reasoning

Correct: C

A mandatory training requirement is a managerial control (policy-driven) that directs behavior. Directive controls tell people what they must do. This is not technical because no technology enforces it, and it is not detective because it does not identify violations after the fact.

Question 2

An attacker intercepts database replication traffic and modifies records before they reach the backup server. Which element of the CIA triad is PRIMARILY compromised?

A. Confidentiality
B. Availability
C. Authentication
D. Integrity

Answer & reasoning

Correct: D

Modifying data in transit is an integrity attack. The data is being altered, not just observed. While confidentiality could also be affected, the primary impact described is unauthorized modification.

Question 3

A user authenticates successfully to a web application but receives an error when attempting to access the admin panel. Which AAA component is responsible for this restriction?

A. Authentication
B. Authorization
C. Accounting
D. Availability

Answer & reasoning

Correct: B

The user proved their identity (authentication succeeded) but lacks permission to access the admin panel. Authorization determines what an authenticated user is allowed to do.

Question 4

After a security breach, a company installs motion-activated cameras at all server room entrances. What category and type best describes this control?

A. Physical detective
B. Technical detective
C. Physical deterrent
D. Operational corrective

Answer & reasoning

Correct: A

Cameras are physical controls (they exist in the physical environment). Motion-activated cameras primarily serve a detective function — they record and identify events. While cameras can deter, their primary classification is detective because they capture evidence of activity.

Question 5

A hospital encrypts all patient records at rest and in transit. A power outage makes the electronic health record system unavailable for six hours. Which CIA element is impacted by the outage?

A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation

Answer & reasoning

Correct: C

The encryption protects confidentiality and integrity, but the power outage prevents authorized users from accessing the system. Availability means systems and data are accessible when needed. The mention of encryption is a distractor.

Question 6

An organization cannot afford a next-generation firewall but implements strict network segmentation using VLANs and ACLs instead. What type of control is the VLAN/ACL configuration?

A. Corrective
B. Deterrent
C. Directive
D. Compensating

Answer & reasoning

Correct: D

A compensating control is implemented when the primary control is not feasible. The organization uses VLANs and ACLs as an alternative to the next-generation firewall, providing similar risk reduction through a different mechanism.

Question 7

A security analyst reviews logs and discovers that a terminated employee accessed a file share two days after their departure. Which AAA component failed?

A. Authentication
B. Authorization
C. Accounting
D. Auditing

Answer & reasoning

Correct: A

The terminated employee's credentials should have been revoked. Authentication failed because the system still accepted credentials that should have been disabled. Accounting actually worked — the logs captured the access. The failure was in the authentication lifecycle (deprovisioning).

Question 8

A financial services firm implements digital signatures on all wire transfer requests. Which CIA element does this PRIMARILY protect?

A. Confidentiality
B. Integrity
C. Availability
D. Accountability

Answer & reasoning

Correct: B

Digital signatures verify that data has not been altered and confirm the sender's identity. The primary function is ensuring integrity — proving the wire transfer request is authentic and unmodified. While digital signatures also provide non-repudiation, integrity is the CIA triad element most directly protected.

Question 9

A company posts warning signs stating that all network activity is monitored and unauthorized access will be prosecuted. What type of control is this?

A. Deterrent
B. Preventive
C. Detective
D. Compensating

Answer & reasoning

Correct: A

Warning signs discourage unauthorized behavior by communicating consequences. They do not prevent or detect anything — they deter. A deterrent control reduces the likelihood of a threat by discouraging the action.

Question 10

During an incident investigation, the security team needs to determine exactly which files a compromised account accessed and when. Which AAA component provides this information?

A. Authentication
B. Authorization
C. Accounting
D. Access control

Answer & reasoning

Correct: C

Accounting tracks and records user activity, including what resources were accessed and when. This audit trail is essential for incident investigation and forensics. Authentication proves identity and authorization grants permissions, but accounting provides the historical record of actions taken.