nerdexam
ExamsCAS-001Questions#52
CompTIA

CAS-001 · Question #52

CAS-001 Question #52: Real Exam Question with Answer & Explanation

The correct answer is A: Preventative controls are useful before an event occurs, detective controls are useful during an event,. The standard security control taxonomy defines three temporal phases: Preventative controls act before an event to stop it from occurring (e.g., access controls, encryption). Detective controls identify that an event is occurring or has occurred (e.g., IDS, audit logs, SIEM). Cor

Question

Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls. A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?

Options

  • APreventative controls are useful before an event occurs, detective controls are useful during an event,
  • BCorrective controls are more costly to implement, but are only needed for real attacks or high value
  • CDetective controls are less costly to implement than preventative controls; therefore, they should be
  • DAlways advise the use of preventative controls as this will prevent security incidents from occurring

Explanation

The standard security control taxonomy defines three temporal phases: Preventative controls act before an event to stop it from occurring (e.g., access controls, encryption). Detective controls identify that an event is occurring or has occurred (e.g., IDS, audit logs, SIEM). Corrective controls reduce the impact after an event and restore normal operations (e.g., incident response, backups, patching). This distinction is essential when justifying security investments - no single category is universally superior or cheaper; the right mix depends on risk appetite, asset value, and threat landscape. Option B is false - corrective controls are not inherently more expensive. Option C is misleading; cost is context-dependent. Option D is incorrect because prevention alone is never sufficient; undetected incidents require detective and corrective capabilities.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice