Examice

Exam CISSP All QuestionsBrowse all questions from this exam

Go to Exam

Question 200

What BEST describes the confidentiality, integrity, availability triad?

A vulnerability assessment to see how well the organization's data is protected

The three-step approach to determine the risk level of an organization

The implementation of security systems to protect the organization's data

A tool used to assist in understanding how to protect the organization's data

Correct Answer: D

The confidentiality, integrity, and availability (CIA) triad is best described as a tool used to assist in understanding how to protect an organization's data. It serves as a fundamental model or guideline within the field of information security, helping professionals identify and implement appropriate measures to secure data against unauthorized access, alteration, or unavailability. This conceptual framework helps in the assessment and implementation of security controls to maintain the desired levels of confidentiality, integrity, and availability of information.

Discussion

stickerbush1970Option: C

CIA is all about Data and access to it. I don't have a good reason for C, however I would go C by elimination of the others, B doesn't have the word data in the answer, CIA is not an vulnerability assessment, and CIA isn't a tool.

jackdryan

C is correct

inmymind84Option: D

Why it isnt D?

maawar83

it is not a tool

eboehm

yes it is. It is used to assist you in figuring out how to implement controls based on those 3 principles

franbarproOption: C

Given answer is correct - CIA is not a tool. It's a model used to secure systems (Protect organization's data).

CuteRabbit168

The CIA triad is a key tenet at the core of information security. This tool is used to help the information security professional think about how to best protect organizational data https://www.oreilly.com/library/view/information-security-handbook/9781788478830/f8ca030b-787f-40df-b46f-6febf47c013c.xhtml

CuteRabbit168

Answer is D

Coolwater

Its not a tool, its model https://www.fortinet.com/resources/cyberglossary/cia-triad#:~:text=The%20three%20letters%20in%20%22CIA%20triad%22%20stand%20for%20Confidentiality%2C%20Integrity%2C%20and%20Availability.%20The%20CIA%20triad%20is%20a%20common%20model%20that%20forms%20the%20basis%20for%20the%20development%20of%20security%20systems.%20They%20are%20used%20for%20finding%20vulnerabilities%20and%20methods%20for%20creating%20solutions.

CuteRabbit168Option: D

Obvious this is the answer

matt1976Option: C

It is C. The CIA triad is a common model that forms the basis for the development of security systems.

SpaceMonkey1Option: D

Option C could be interpreted as implying that the confidentiality, integrity, and availability (CIA) triad refers to the implementation of security systems to protect an organization's data. While security systems are indeed employed to uphold these principles, the CIA triad itself is not a specific implementation or system but rather a foundational concept guiding security strategies. The CIA triad outlines three primary objectives essential to information security—ensuring data confidentiality, maintaining data integrity, and guaranteeing data availability. It's a principle or guideline used to shape the design, selection, and implementation of security measures and systems within an organization to protect its data and resources. Therefore, while security systems are implemented to align with the CIA triad, the triad itself represents the overarching principles rather than the specific tools or systems used for protection.

rajkamal0Option: C

C is the correct answer. CIA Triad is not a tool.

74gjd_37Option: C

Among the given options, C best describes the CIA triad from a CISSP perspective as it highlights the implementation of security systems to safeguard and protect an organization's data.

Nicola_2_RegOption: D

The wording is not appropriate enough... I mean, D would be more accurate. CIA triad does not implement, it is a concept (moreless a immaterial tool to help CISOs).

SaintDaSinnerOption: C

The CIA triad is widely accepted as a model "not a Tool" in information security.

DJOEKOption: C

agree with stickerbush1970. No other reasoning

50e940eOption: D

security systems did not mean program or framework. We may not develop systems to protect our data

CCNPWILLOption: C

C is the best option given the wording. deleted the other A and B based on just being way off.

eboehmOption: D

Haha soooo many people on here have zero understanding of the word "tool" A tool is ANYTHING that would assist you with the implementation. This could be training, google, a manual, a model, a concept, a standard, CISSP certification, the list goes on. Hillarious how many think the CIA triad, an intangible construct that is only in our heads, is somehow an implementation of security controls

gjimenezfOption: C

Data security

georgegeorge125487Option: A

A model (i.e. a sort of tool or approach) to manage security.

DMODOption: D

This is another language comprehension test. I interpreted "tool" as a metaphor for "something that helps", which could also apply to frameworks, models, etc. But obviously I was wrong. :-(