1.2 Deductive logic & conditional (if-then) statements
Key Takeaways
- A conditional 'If P then Q' claims only that Q holds whenever P holds, and it says nothing about cases where P is false.
- Modus ponens (P is true, so Q is true) and modus tollens (Q is false, so P is false) are the two valid conditional inferences.
- Affirming the consequent and denying the antecedent are invalid, so a true conclusion never proves the hypothesis.
- Only the contrapositive 'If not Q then not P' is logically equivalent to the original; the converse and inverse are not.
- In 'If P then Q', P is sufficient for Q and Q is necessary for P, and reversing those roles produces false conclusions.
Deductive reasoning on the Cyber Test
Deductive-logic items give you one or more premises that you must treat as true, then ask what must follow. Unlike sequence questions there is no arithmetic; the correct answer is whatever is guaranteed by the premises, not merely likely or possible. Cyber roles lean heavily on this skill because access-control rules, firewall policies, and alerting conditions are all if-then statements, and a defender has to know exactly what a rule does — and does not — imply. Reading a conditional as if it says more than it does is one of the most common and costly mistakes in security work, so the test probes it directly.
The conditional statement
A conditional has the form "If P, then Q," where P is the hypothesis (also called the antecedent) and Q is the conclusion (the consequent). Example: "If a user is an administrator, then the user can delete logs." The statement asserts exactly one thing — whenever P is true, Q is also true. It says nothing at all about what happens when P is false. A non-administrator might or might not be able to delete logs; the conditional simply does not address that case.
The truth table below shows when a conditional itself is true or false:
| P | Q | If P then Q |
|---|---|---|
| T | T | T |
| T | F | F |
| F | T | T |
| F | F | T |
Notice the only row that makes the whole conditional false is P true with Q false. That is why a rule is considered broken only when its trigger fires but its promised result fails to happen.
Two valid inferences
- Modus ponens (affirming the hypothesis): From "If P then Q" and "P is true," you may conclude "Q is true." If administrators can delete logs, and Alice is an administrator, then Alice can delete logs.
- Modus tollens (denying the conclusion): From "If P then Q" and "Q is false," you may conclude "P is false." If Alice cannot delete logs, then Alice is not an administrator.
Two invalid inferences (the classic traps)
- Affirming the consequent: From "If P then Q" and "Q is true," concluding "P is true" is invalid. Someone who can delete logs is not necessarily an administrator — a different rule might also grant that ability.
- Denying the antecedent: From "If P then Q" and "P is false," concluding "Q is false" is invalid. A non-administrator might still delete logs through some other path.
Converse, inverse, and contrapositive
Starting from "If P then Q," three related statements appear constantly on the test:
| Form | Statement | Equivalent to original? |
|---|---|---|
| Original | If P then Q | - |
| Converse | If Q then P | No |
| Inverse | If not P then not Q | No |
| Contrapositive | If not Q then not P | Yes |
Only the contrapositive always shares the original's truth value. Swapping P and Q (the converse) or negating both without swapping (the inverse) produces a statement that can be true when the original is false, so neither is a safe substitute.
Necessary versus sufficient
P is sufficient for Q when P alone guarantees Q — exactly what "If P then Q" says. Q is necessary for P when P cannot occur without Q. In "If you pass the exam, you get the badge," passing is sufficient to earn the badge. Keep the direction straight: in "If P then Q," P is sufficient for Q, and Q is necessary for P. Confusing the two — assuming a merely necessary condition is also sufficient — leads directly to false conclusions, such as believing that anyone holding the badge must have passed when a second route to the badge exists.
Syllogisms and chaining
A syllogism chains statements to reach a conclusion. "All A are B; all B are C; therefore all A are C" is valid. Conditionals chain the same way: from "If P then Q" and "If Q then R," you may conclude "If P then R." Watch the quantifiers closely: "some A are B" never licenses a claim about all A. A valid example: "No hackers are trusted accounts; some employees are hackers; therefore some employees are not trusted accounts."
A worked multi-step deduction
Suppose the test gives you three premises: (1) "If a login is flagged, then an analyst reviews it." (2) "If an analyst reviews a login, then it is logged in the case system." (3) "A particular login is not in the case system." Work backward with the contrapositive of (2): not-logged implies no analyst review. Then apply the contrapositive of (1): no review implies the login was not flagged. So the guaranteed conclusion is that the login was not flagged. Chaining plus contrapositive is the workhorse pattern for the harder logic items, and it always beats guessing at what feels plausible.
Common traps
- Confusing the converse ("If Q then P") with the original statement.
- Treating "some" as if it meant "all" or "only."
- Believing a false hypothesis makes the whole conditional false — it does not; the conditional stays true.
- Reversing necessary and sufficient conditions.
- Drawing a conclusion the premises never support instead of answering that nothing follows.
Given the rule "If a device is quarantined, then it cannot reach the internet," you observe that a device cannot reach the internet. What can you validly conclude?
Which statement is logically equivalent to "If a packet is malformed, then the firewall drops it"?
All administrators can delete logs. Sam cannot delete logs. What follows?