312-50V10 · Question #256
Which security control role does encryption meet?
The correct answer is A. Preventative. Encryption is classified as a preventative control because it stops unauthorized parties from accessing plaintext data before a breach can succeed.
Question
Which security control role does encryption meet?
Options
- APreventative
- BDetective
- COffensive
- DDefensive
How the community answered
(38 responses)- A92% (35)
- C3% (1)
- D5% (2)
Why each option
Encryption is classified as a preventative control because it stops unauthorized parties from accessing plaintext data before a breach can succeed.
Preventative controls act before an attack to stop it from succeeding. Encryption prevents unauthorized disclosure by rendering data unreadable without the correct key, stopping the harm at the point of access rather than detecting or responding to it afterward. This makes it a proactive, preventative measure rather than a reactive one.
Detective controls identify attacks or anomalies after or during the event (e.g., IDS, audit logs) - encryption does not detect anything.
Offensive is not a standard security control category; it describes adversarial activity, not a defensive control type.
Defensive is not a formal security control classification - the standard categories are preventative, detective, corrective, deterrent, compensating, and recovery.
Concept tested: Security control classification - preventative controls
Source: https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-overview
Topics
Community Discussion
No community discussion yet for this question.