CGRC Question #126: Real Exam Question with Answer & Explanation

Question

To help review or design security controls, they can be classified by several criteri

Options

• AOne of these criteria is based on time. According to this criteria, which of the following controls are
• BAdaptive controls
• CPreventive controls
• DDetective controls
• ECorrective controls

Explanation

When classifying security controls by time, preventive controls are designed to stop security incidents from occurring, acting proactively before any compromise can happen.

Common mistakes.

• A. Adaptive controls adjust their behavior based on changing threat landscapes or system states; while important, they are not primarily classified by their temporal position (before, during, or after an event) in the same way as preventive, detective, or corrective controls.
• C. Detective controls are designed to identify security incidents or policy violations after they have occurred but before significant damage is done.
• D. Corrective controls are implemented to repair damage, restore systems, or recover from a security incident after it has taken place.

Concept tested. Security control types by time

Reference. https://www.isaca.org/resources/news-and-trends/isaca-journal/2019/volume-2/cybersecurity-controls-preventive-detective-and-corrective

No community discussion yet for this question.