CAP · Question #170
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended
The correct answer is B. Preventive controls. When security controls are classified by their temporal relationship to an incident, three main categories emerge: preventive controls stop an incident before it occurs (e.g., firewalls, access controls, encryption), detective controls identify an incident while it is happening o
Question
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?
Options
- AAdaptive controls
- BPreventive controls
- CDetective controls
- DCorrective controls
How the community answered
(53 responses)- A2% (1)
- B87% (46)
- C4% (2)
- D8% (4)
Explanation
When security controls are classified by their temporal relationship to an incident, three main categories emerge: preventive controls stop an incident before it occurs (e.g., firewalls, access controls, encryption), detective controls identify an incident while it is happening or shortly after (e.g., IDS, audit logs), and corrective controls restore systems after an incident has occurred (e.g., backups, patch management). Adaptive controls (Choice A) are not a standard time-based category - they are associated with frameworks like the adaptive security architecture that continuously adjusts to changing threat landscapes, making them distinct from the classical preventive/detective/corrective triad.
Topics
Community Discussion
No community discussion yet for this question.