nerdexam
(ISC)2

CISSP · Question #1442

While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?

The correct answer is B. Corrective and recovery controls. After a security incident has occurred, the focus shifts to limiting damage and restoring normal operations, which maps directly to corrective and recovery controls.

Submitted by rachelw· Mar 5, 2026Security Operations

Question

While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?

Options

  • ADetective and recovery controls
  • BCorrective and recovery controls
  • CPreventative and corrective controls
  • DRecovery and proactive controls

How the community answered

(31 responses)
  • A
    6% (2)
  • B
    74% (23)
  • C
    16% (5)
  • D
    3% (1)

Why each option

After a security incident has occurred, the focus shifts to limiting damage and restoring normal operations, which maps directly to corrective and recovery controls.

ADetective and recovery controls

Detective controls (e.g., IDS, log monitoring) are used to identify and alert on incidents as they happen, not to respond to or remediate their consequences after the fact.

BCorrective and recovery controlsCorrect

Corrective controls are designed to minimize the impact of an incident and fix the affected systems or processes after a security event has occurred (e.g., patching a vulnerability, isolating a compromised host). Recovery controls then restore systems and operations back to their normal state (e.g., restoring from backups, rebuilding servers). Together, these two control types address the 'dealing with consequences' phase of incident response.

CPreventative and corrective controls

Preventative controls (e.g., firewalls, access controls) are implemented before an incident to stop it from occurring, making them inappropriate as a primary response once an incident is already underway.

DRecovery and proactive controls

Proactive controls are a subset of preventative strategy focused on anticipating and reducing future threats, not on addressing the immediate aftermath of a security incident that has already occurred.

Concept tested: Security control types during incident response

Source: https://www.nist.gov/system/files/documents/2020/10/09/NISTIR_8286_second-draft.pdf

Topics

#Incident response#Security controls#Corrective controls#Recovery controls

Community Discussion

No community discussion yet for this question.

Full CISSP Practice