JT
JT Exams
Log inStart Free Trial
SecuritySecurity+CISSP

The CIA Triad Explained for Security+ and CISSP

Three principles sit at the foundation of every security decision ever made: Confidentiality, Integrity, and Availability. Every security control you deploy, every policy you write, every risk you accept or mitigate connects back to one or more of these three. Security+ and CISSP exams use the CIA Triad as the lens for evaluating scenarios. When a question describes an attack or a security failure, the correct answer usually starts with identifying which element of the triad is threatened. Get comfortable thinking in these terms and scenario questions become significantly more predictable.

6 min
3 sections · 6 exam key points
5 practice questions

Confidentiality

Confidentiality means information is accessible only to those who are authorized to see it. When confidentiality is violated, data is exposed to someone who should not have it. The breach might be deliberate, like an attacker stealing credentials to read private emails, or accidental, like a misconfigured S3 bucket making internal documents publicly accessible.

Controls that protect confidentiality include encryption (data becomes unreadable without the key), access controls (only authorized users can open the file), and data classification (knowing what data is sensitive so you can protect it appropriately). Multi-factor authentication supports confidentiality by making credential theft insufficient on its own.

On exams, confidentiality questions often involve encryption, need-to-know access, and data exposure scenarios. If a question describes an attacker reading data they should not have seen, confidentiality is the violated property.

Integrity

Integrity means data has not been altered in an unauthorized way and that its source is trustworthy. Integrity violations happen when an attacker modifies data in transit, corrupts a file, or tampers with logs to cover their tracks. The problem is not always that someone read the data, but that they changed it.

Hashing is the primary tool for verifying integrity. A hash function produces a fixed-size fingerprint of any input. If the file changes even slightly, the hash changes completely. When you download software and verify a SHA-256 checksum, you are checking integrity. Digital signatures combine hashing with asymmetric encryption to verify both integrity and the identity of the sender.

Data integrity matters as much as data confidentiality in many contexts. A confidential medical record that has been tampered with can lead to the wrong treatment. Financial records that have been altered can support fraud. Logs that have been modified hide evidence of an attack.

Availability and how to choose the correct answer

Availability means systems and data are accessible to authorized users when they need them. A system can be perfectly confidential and perfectly intact but still fail if it is not available. DDoS attacks target availability directly by overwhelming systems with traffic until legitimate requests cannot get through. Ransomware that encrypts your files also attacks availability because you cannot access your own data.

Controls that protect availability include redundancy (duplicate systems and links so no single failure brings everything down), failover (automatic switchover to backup systems), load balancing (distributing traffic so no single server is overwhelmed), and regular backups (restore from backup when data is inaccessible).

Identifying which CIA property is attacked: data read by an unauthorized party = confidentiality. Data modified without authorization = integrity. System or data not accessible = availability. Many attacks target multiple properties simultaneously. Ransomware encrypts files (availability) and sometimes exfiltrates them before encrypting (confidentiality).

DAD is the opposite of CIA: Disclosure (vs confidentiality), Alteration (vs integrity), Destruction/Denial (vs availability).

CIA Triad reference

PropertyViolated when...Common controlsExample attack
ConfidentialityUnauthorized party reads dataEncryption, access control, MFA, classificationData breach, credential theft
IntegrityData is altered without authorizationHashing, digital signatures, version controlMan-in-the-middle, log tampering
AvailabilityAuthorized users cannot access systems or dataRedundancy, backups, failover, DDoS mitigationDDoS, ransomware

Key exam facts — Security+ / CISSP

  • Confidentiality: data seen only by authorized parties. Controls: encryption, access control, MFA.
  • Integrity: data not altered without authorization. Controls: hashing, digital signatures.
  • Availability: systems accessible when needed. Controls: redundancy, backups, failover.
  • DAD model is the inverse: Disclosure, Alteration, Destruction/Denial.
  • Most attacks threaten more than one CIA property simultaneously.
  • Classify the scenario first, then identify the correct control or threat category.

Common exam traps

Availability is less important than confidentiality and integrity.

All three properties are equally important in context. A hospital network where systems are unavailable during an emergency can cost lives. The relative importance of each property depends on the asset and the business context, not a universal ranking.

Encryption protects integrity.

Encryption protects confidentiality by making data unreadable without the key. To protect integrity, you need hashing or digital signatures. These verify that the data has not changed, regardless of whether it is encrypted.

A DDoS attack is a confidentiality violation.

DDoS attacks target availability by flooding systems until they cannot respond to legitimate users. Unless the attacker is also extracting data, no confidentiality violation occurs.

Practice questions — CIA Triad

These questions are representative of what you will see on Security+, CISSP exams. The correct answer and explanation are shown immediately below each question.

Q1.An attacker intercepts encrypted data in transit and reads its contents without authorization. Which element of the CIA Triad has been violated?

A.Integrity
B.Availability
C.Confidentiality
D.Non-repudiation

Explanation: Confidentiality is violated when unauthorized parties access data they should not see. Integrity would be violated if the data was modified. Availability would be violated if the data or system became inaccessible. Non-repudiation is not a CIA Triad property — it is a related but separate security concept.

Q2.A company's database is modified by a disgruntled employee to change financial records without authorization. Which CIA Triad property is primarily violated?

A.Confidentiality
B.Integrity
C.Availability
D.Authentication

Explanation: Integrity means data has not been altered in an unauthorized way. Unauthorized modification of financial records is a direct integrity violation. Confidentiality would apply if the data was merely read without authorization. Availability applies to denial of access.

Q3.A company's website is targeted by a DDoS attack and becomes unreachable for 4 hours. Which CIA property is violated?

A.Confidentiality
B.Integrity
C.Availability
D.All three equally

Explanation: A DDoS attack floods systems until legitimate users cannot reach them — this is an availability attack. No data is read (no confidentiality violation) and no data is changed (no integrity violation) unless the attacker is also doing something else simultaneously.

Q4.Which security control BEST protects data integrity during transmission?

A.Symmetric encryption
B.Hash functions and digital signatures
C.Access control lists
D.Multi-factor authentication

Explanation: Hash functions create a fingerprint of data; if the data changes in transit, the hash won't match, revealing tampering. Digital signatures combine hashing with asymmetric cryptography to verify both integrity and the sender's identity. Encryption protects confidentiality. ACLs control access. MFA verifies identity.

Q5.Ransomware encrypts all files on a corporate server, making them inaccessible to employees. Which CIA property is primarily affected?

A.Confidentiality
B.Integrity
C.Availability
D.Non-repudiation

Explanation: Ransomware encrypts files so authorized users cannot access them — this is primarily an availability attack. Note that many ransomware attacks also exfiltrate data before encrypting (which would add a confidentiality violation), but the primary effect described — inaccessibility — is an availability impact.

Frequently asked questions — CIA Triad

What does CIA stand for in cybersecurity?

CIA stands for Confidentiality, Integrity, and Availability — the three foundational properties that every security control is designed to protect. Confidentiality ensures data is accessible only to authorized parties. Integrity ensures data has not been altered without authorization. Availability ensures systems and data are accessible when needed by authorized users.

What is the DAD triad?

DAD is the adversarial counterpart to CIA: Disclosure (the violation of Confidentiality — unauthorized access to data), Alteration (the violation of Integrity — unauthorized modification of data), and Destruction or Denial (the violation of Availability — preventing authorized access). Some exams use DAD as a framework for categorizing attacks.

Does encryption protect integrity or confidentiality?

Encryption primarily protects confidentiality by making data unreadable without the decryption key. It does not guarantee integrity — an attacker could modify encrypted data without being detected (in schemes without authentication). Integrity is protected by hash functions and message authentication codes (MACs). Modern authenticated encryption schemes like AES-GCM protect both simultaneously.

How is the CIA Triad tested on Security+ and CISSP?

Security+ and CISSP use the CIA Triad to frame scenario questions: given a description of an attack or a security failure, you must identify which property is violated and select the appropriate control. Common scenarios include data breach (confidentiality), log tampering (integrity), DDoS (availability), and ransomware (availability + confidentiality). Knowing which controls protect which property is essential.

Can a single attack violate multiple CIA properties?

Yes. Many sophisticated attacks violate more than one CIA property. Ransomware often exfiltrates data (confidentiality violation) before encrypting it (availability violation). A man-in-the-middle attack may read data in transit (confidentiality) and modify it (integrity). When answering exam questions, identify the PRIMARY property violated by the scenario being described.

Practice this topic

Security+practice questions

Test yourself on CIA Triad

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice testStart 7-Day Free Trial

No credit card · Cancel anytime

Related certification topics

Cryptography

Security+CISSP

Risk Management

Security+CISSP

Incident Response

Security+CISSP

PKI & Certificates

Security+CISSP