nerdexam
ExamsCAS-002Questions#569
CompTIA

CAS-002 · Question #569

CAS-002 Question #569: Real Exam Question with Answer & Explanation

The correct answer is A: Preventative controls are useful before an event occurs, detective controls are useful during. Security controls are categorized by when they act in relation to an incident - preventative controls act before, detective controls identify events as they occur or after, and corrective controls remediate damage after an event.

Question

Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls. A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?

Options

  • APreventative controls are useful before an event occurs, detective controls are useful during
  • BCorrective controls are more costly to implement, but are only needed for real attacks or high
  • CDetective controls are less costly to implement than preventative controls; therefore, they
  • DAlways advise the use of preventative controls as this will prevent security incidents from

Explanation

Security controls are categorized by when they act in relation to an incident - preventative controls act before, detective controls identify events as they occur or after, and corrective controls remediate damage after an event.

Common mistakes.

  • B. The claim that corrective controls are always more costly and only needed for real attacks is inaccurate; cost varies by control type, and corrective controls like patching and backups are low-cost and essential regardless of attack likelihood.
  • C. Asserting detective controls are always less costly than preventative controls is a false generalization; a SIEM or full-packet capture solution can exceed the cost of many preventative controls, and cost should not be the sole selection criterion.
  • D. Advising exclusive use of preventative controls ignores the reality that no control is 100% effective; without detective controls, breaches go unnoticed, and without corrective controls, recovery from incidents is impossible.

Concept tested. Security control categories - preventative, detective, and corrective

Reference. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice