CISSP · Question #131
Which of the following is a detective access control mechanism?
The correct answer is A. Log review. Access controls are categorized by function; detective controls identify and record security events after they occur, distinguishing them from preventive or administrative controls.
Question
Which of the following is a detective access control mechanism?
Options
- ALog review
- BLeast privilege
- CPassword complexity
- DNon-disclosure agreement
How the community answered
(41 responses)- A93% (38)
- B5% (2)
- C2% (1)
Why each option
Access controls are categorized by function; detective controls identify and record security events after they occur, distinguishing them from preventive or administrative controls.
Log review is a detective control because it involves examining recorded activity to identify security incidents, policy violations, or anomalies that have already occurred. Detective controls do not prevent events but rather discover and document them after the fact, enabling incident response and forensic analysis.
Least privilege is a preventive control because it proactively restricts user permissions to reduce the attack surface before any unauthorized action can take place.
Password complexity is a preventive control because it enforces strong authentication requirements to stop unauthorized access from occurring in the first place.
A non-disclosure agreement is an administrative (deterrent) control because it is a legal/policy document designed to deter information disclosure rather than detect or prevent a technical security event.
Concept tested: Categories of access control mechanisms by function
Source: https://www.nist.gov/system/files/documents/2017/05/09/SP800-53Ar4.pdf
Topics
Community Discussion
No community discussion yet for this question.