nerdexam
(ISC)2

CAP · Question #170

To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended

The correct answer is B. Preventive controls. When security controls are classified by their temporal relationship to an incident, three main categories emerge: preventive controls stop an incident before it occurs (e.g., firewalls, access controls, encryption), detective controls identify an incident while it is happening o

Selection and Approval of Framework, Security, and Privacy Controls

Question

To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?

Options

  • AAdaptive controls
  • BPreventive controls
  • CDetective controls
  • DCorrective controls

How the community answered

(53 responses)
  • A
    2% (1)
  • B
    87% (46)
  • C
    4% (2)
  • D
    8% (4)

Explanation

When security controls are classified by their temporal relationship to an incident, three main categories emerge: preventive controls stop an incident before it occurs (e.g., firewalls, access controls, encryption), detective controls identify an incident while it is happening or shortly after (e.g., IDS, audit logs), and corrective controls restore systems after an incident has occurred (e.g., backups, patch management). Adaptive controls (Choice A) are not a standard time-based category - they are associated with frameworks like the adaptive security architecture that continuously adjusts to changing threat landscapes, making them distinct from the classical preventive/detective/corrective triad.

Topics

#Security Controls#Control Classification#Preventive Controls#Security Incident Prevention

Community Discussion

No community discussion yet for this question.

Full CAP Practice