CSSLP · Question #326
CSSLP Question #326: Real Exam Question with Answer & Explanation
The correct answer is B: Detective controls. Audit trails and audit logs fall under detective controls because they record events, allowing for subsequent review and identification of suspicious activities or policy violations after they have occurred.
Question
Audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Under which of the following controls does audit control come?
Options
- AReactive controls
- BDetective controls
- CProtective controls
- DPreventive controls
Explanation
Audit trails and audit logs fall under detective controls because they record events, allowing for subsequent review and identification of suspicious activities or policy violations after they have occurred.
Common mistakes.
- A. Reactive controls respond to an event after it has been detected, such as incident response, rather than solely detecting it.
- C. Protective controls is a less common classification, but typically refers to mechanisms that safeguard assets, which can overlap with preventive or corrective controls.
- D. Preventive controls aim to stop an undesirable event from occurring in the first place, whereas audit trails log events that have already transpired.
Concept tested. Security control types - audit trails
Reference. https://learn.microsoft.com/en-us/azure/architecture/framework/security/design-controls
Topics
Community Discussion
No community discussion yet for this question.