D430 - PA - Security Requirements (Actual Exam) Questions with verified Answers (Latest Update 2026) UPDATE!!

Definition of Symmetric-Key

A cryptographic key used for both encryption and decryption

Definition of Block Ciphers

A symmetric-key that encrypts/decrypts data in fixed sized bits

Definition of DES

Symmetric-key block cipher that encrypts data in blocks of 64 bits using a 56-bit key

Weaknesses of DES include-

- Small/weak key size

- Small bit size

Vulnerabilities of DES include-

- Brute force attacks

- Block replay attacks

Definition of AES

Symmetric-key block cipher that encrypts data in blocks of 128 bits using a key size of 128, 192, or 256 bits

Definition of Asymmetric-Key

Uses a public and private cryptographic key

Definition of Public Key

Half a key used within an Asymmetric-Key that is used for Encryption

Definition of Private Key

Half a key used within an Asymmetric-Key that is used for Decryption

Definition of RSA

An asymmetric algorithm for cryptography

Definition of SSL/TLS

Cryptographic protocols used to provide secure communication over a network

Definition of Confidentiality

Protection of sensitive information from unauthorized users who attempt to access and alter data

Methods of ensuring Confidentiality include-

- Encryption

- Access Control (permissions)

- Steganography (embedding hidden info)

Definition of Integrity

The protection of data from unauthorized modification, deletion, or alteration

- Ensures data is accurate, complete, and reliable

Methods of ensuring Integrity include-

- Antivirus Software

- Hashing

- Digital Signatures

- Certificates

Definition of Availability

The guarantee that data and systems are always running and accessible/usable to authorized users

What does Availability do?

Ensures that data systems are accessible and usable when needed

Methods of ensuring Availability include-

- Alarm Systems

-High redundancy

- Fault Tolerance

A hospital only allows authorized healthcare personnel within one department access to patient Personal Identifiable Information. When employees move to another department, that access is revoked.

Confidentiality

A technology firm maintains an alternate site that is running 24/7, and operations can be moved to this location in the event of a major disaster.

Availability

Employees need to have key cards in order to enter their company offices.

Confidentiality

Only authorized personnel at a company have write access to certain files. All other employees have only read access to these files.

Confidentiality

A hacker was able to crack a hashed message and change its contents.

Integrity

A company hashes their data files in order to monitor whether information has been tampered with.

Integrity

A company employs redundant servers, which means that these systems are duplicated, and in the event of a malfunction, one server will fail over to other.

Availability

A company's network infrastructure uses load balancers which will distribute the "load" of tasks such as file requests and data routing to a variety of servers, thereby ensuring that no single device is overburdened.

Availability

A hacker uses a man-in-the-middle attack to intercept wireless traffic from users.

Confidentiality

A hacker launched a DDoS attack which flooded a website with unwanted traffic from a number of computers and took the site offline.

Availability

Two groups of the Parkerian Hexad include-

- CIA

- PPU

Definition of Possession

Ensuring that the right people have access to the right information at the right time

Definition of Physical (Security)

Measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm

Definition of Utility

Ensuring that information assets are functional, efficient, and effective

Definition of Stateful Firewall

Keeps track of the state of network connections, allowing it to make more informed decisions about which traffic to allow or block

Definition of Client-Side Attacks

An attacker targets a user's web browser, mobile app, or other software to compromise the security of the system, steal sensitive data, or disrupt service

Definition of Server-Side Attacks

An attacker targets a web server, database, or other infrastructure to compromise the security of the system, steal sensitive data, or disrupt service

Define SQL Injection

Web application vulnerability which allows an attacker to inject malicious SQL code into a web's database in order to extract or modify sensitive datay

Definition of a Threat

Something that has the potential to cause harm

Definition of Vulnerability

Weaknesses that threats can exploit to cause harm

Definition of Risk

The likelihood that something bad will happen

Definition of Impact

The value of the asset being threatened and uses it to calculate risk

Definition of Firewall

Network monitoring and control system that relies on predetermined security rules

"Static state" typically refers to-

Data at Rest

Definition of Data at Rest

Data that is stored on a device or medium, and is not currently being transmitted or processed

Examples of Data at Rest include-

- Files stored on hard/flash drives

- Data stored in a database

- Backup data

Vulnerabilities for Data at Rest include-

- Unauthorized access

- Data breaches

- Data corruption

Ways to protect Data at Rest include-

- Use of encryption

- Access Controls

- Backing up data

"In transit" typically refers to-

Data in Motion

Definition of Data in Motion

Data transmitted between devices, systems, or networks

Examples of Data in Motion include-

- Data transmitted over the internet

- Data being sent via email or messaging apps

- Data being transferred via Bluetooth or Wi-Fi

- Data being streamed from a server to a client

Vulnerabilities for Data in Motion include-

- Interception

- Eavesdropping

- Tampering

- Man-in-the-Middle attacks

Ways to protect Data in Motion include-

- Encryption

- Secure protocols

- Authentication and Authorization

- Secure networks

"Dynamic state" typically refers to-

Data in Use

Definition of Data in Use

Data being actively processed, accessed, or manipulated

Vulnerabilities for Data in Use include-

- Unauthorized access

- Data tampering

- Data exposure

- Memory-based attacks

Which attack targets the Confidentiality of data

Interception

Interruption, Modification, and Fabrication are handled in which categories of the CIA triad

Integrity and Availability

Definition of Interception

Unauthorized access, capture, or diversion of data while it is in transit

Examples of Interception include-

- Eavesdropping

- DNS spoofing

- Man-in-the-Middle attacks

- Packet sniffing

- Session hijacking

Definition of Interruption

The act of disrupting or breaking into a normal flow of events, processes, or communications

Types of Interruption include-

- Physical

- Logical

- Human

Causes of Interruption include-

- Hardware failure

- Software bugs

- Network congestion

- Cyber attacks

- Human error

Definition of Modification

Act of altering or changing data, information, or a system

Types of Modification include-

- Authorized

- Unauthorized

- Malicious

Examples of Modification include-

- Data tampering

- Malware injections

- SQL injection

- Watering Hole Attacks

Definition of Fabrication

Act of creating false or misleading information, data, or evidence with the intention of manipulating others

Types of Fabrication include-

- Data

- Identity

- Evidence

- System

Examples of Fabrication include-

- Fake data

- Fake identities

- Fake system logs

Examples of Physical Controls include-

- Locks

- Cameras

- Cases

- Guards

- Backup generators

Definition of Logical Controls

Protects the systems, networks, and environments that process, transmit, and store data

Examples of Logical Controls include-

- Passwords

- Encryption

- Access controls

- Firewalls

Definition of Administrative Control

Dictates how the users of an environment should behave based on rules, laws, policies, and procedures

Examples of Administrative Control includes-

- Employee screening

- Awareness training

- Separation of Duties

- Least Privilege Principle