CSSLP · Question #269
CSSLP Question #269: Real Exam Question with Answer & Explanation
The correct answer is D: Preventive controls. Preventive controls are security measures specifically designed and implemented to stop a security incident or violation from occurring in the first place, acting proactively to mitigate risks.
Question
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?
Options
- ACorrective controls
- BAdaptive controls
- CDetective controls
- DPreventive controls
Explanation
Preventive controls are security measures specifically designed and implemented to stop a security incident or violation from occurring in the first place, acting proactively to mitigate risks.
Common mistakes.
- A. Corrective controls are applied after an incident has occurred to minimize its impact and restore the system to a secure state, not to prevent the initial incident.
- B. Adaptive controls adjust their behavior based on changing conditions or threats, but 'adaptive' is not a standard classification based on the timing of an incident's prevention.
- C. Detective controls are designed to identify and alert when an incident is occurring or has already occurred, rather than proactively preventing it.
Concept tested. Security control types - Preventive
Reference. https://csrc.nist.gov/glossary/term/preventive_control
Topics
Community Discussion
No community discussion yet for this question.