Chapter 2 Β· Tricks & Performance

Trick Questions & Performance Tasks

Common exam traps and scenario challenges for the CIA Triad.

⚠️ How to Use This Page Form your answer mentally before revealing. Rushing defeats the purpose.

🎯 Trick 1 β€” Hashing vs. Encryption

Which CIA principle does hashing protect? Which does encryption protect? Many students mix these up.

Hashing β†’ Integrity. Encryption β†’ Confidentiality.

Hashing creates a fingerprint to detect if data was changed β€” it doesn't hide the data. Encryption hides the data so unauthorized parties can't read it.

Memory trick: H for Hashing = H for Hasn't-changed (Integrity). E for Encryption = E for Eyes-only (Confidentiality).

🎯 Trick 2 β€” Ransomware Violates Which Pillar?

Ransomware encrypts all your files and demands payment. Which CIA pillar is violated?

Primarily Availability β€” but potentially all three.

β€’ Availability: Files are inaccessible (encrypted by attacker)
β€’ Confidentiality: Modern ransomware often exfiltrates data before encrypting (double extortion)
β€’ Integrity: If the attacker modifies files rather than just encrypting them

On the exam, if only one violation is asked: Availability. But be ready for "which two pillars are violated in a double-extortion ransomware attack?" = Availability + Confidentiality.

🎯 Trick 3 β€” Patching Under Availability?

Why is patching listed as an Availability mechanism rather than a Security/Integrity one?

Because patching's primary CIA role is keeping systems stable and running.

Unpatched systems crash more, get exploited by ransomware (availability attack), and fall victim to DoS via known vulnerabilities. Patching keeps systems UP β€” hence Availability.

It also helps Confidentiality (closing vulnerabilities that allow data theft) and Integrity (closing vulnerabilities that allow data modification), but its primary CIA classification is Availability.

🎯 Trick 4 β€” Non-Repudiation Under Integrity?

Non-repudiation means you can't deny your actions. Why is it listed under Integrity and not its own category?

Because non-repudiation is an extension of integrity β€” it proves both what the data contains AND who created/sent it.

Integrity = data wasn't changed. Non-repudiation = data wasn't changed AND came from a specific verified party. It's a stronger form of integrity that includes origin authentication. Digital signatures achieve both simultaneously.

🎯 Performance Task β€” Map the Breach

A hospital reports: 1) Attacker viewed patient records without authorization. 2) Attacker changed some medication dosage records. 3) Hospital's appointment system was offline for 4 hours. Map each incident to the correct CIA pillar and name one control that would have prevented or detected each.

1. Viewing records β†’ Confidentiality. Prevention: stronger access controls + MFA on the records system.

2. Changing dosage records β†’ Integrity. Detection: hash-based change monitoring on medical records; digital signatures on critical data.

3. System offline β†’ Availability. Prevention: redundant failover servers; DDoS mitigation; patching to prevent exploit-based crashes.

🎯 Trick 5 β€” CIA Order: Does It Matter?

Some organizations prioritize Availability first (financial trading systems). Others prioritize Confidentiality first (intelligence agencies). Does the order of CIA matter for the exam?

For the exam: the order does NOT change the meaning of each principle.

CIA = AIC = CAI β€” all refer to the same three principles. The order is just a naming convention. What matters is knowing what each principle means and which mechanisms support it.

In real-world security, the relative priority of each pillar depends on business context β€” but CompTIA tests knowledge of definitions, not prioritization.