CISSP · Question #1442
CISSP Question #1442: Real Exam Question with Answer & Explanation
The correct answer is B: Corrective and recovery controls. After a security incident has occurred, the focus shifts to limiting damage and restoring normal operations, which maps directly to corrective and recovery controls.
Question
While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?
Options
- ADetective and recovery controls
- BCorrective and recovery controls
- CPreventative and corrective controls
- DRecovery and proactive controls
Explanation
After a security incident has occurred, the focus shifts to limiting damage and restoring normal operations, which maps directly to corrective and recovery controls.
Common mistakes.
- A. Detective controls (e.g., IDS, log monitoring) are used to identify and alert on incidents as they happen, not to respond to or remediate their consequences after the fact.
- C. Preventative controls (e.g., firewalls, access controls) are implemented before an incident to stop it from occurring, making them inappropriate as a primary response once an incident is already underway.
- D. Proactive controls are a subset of preventative strategy focused on anticipating and reducing future threats, not on addressing the immediate aftermath of a security incident that has already occurred.
Concept tested. Security control types during incident response
Reference. https://www.nist.gov/system/files/documents/2020/10/09/NISTIR_8286_second-draft.pdf
Topics
Community Discussion
No community discussion yet for this question.