CSSLP Question #395: Real Exam Question with Answer & Explanation

The correct answer is A: Corrective controls. The question asks about the type of security controls designed to limit damage after an incident. Corrective controls are specifically implemented to minimize the impact of an event and restore normal operations.

Secure Software Concepts

Question

Which type of controls is intended to limit the extent of any damage caused by an incident?

Options

ACorrective controls
BPreventive controls
CDetective controls
DLimitation controls

Explanation

The question asks about the type of security controls designed to limit damage after an incident. Corrective controls are specifically implemented to minimize the impact of an event and restore normal operations.

Common mistakes.

B. Preventive controls aim to stop an incident from happening in the first place, such as firewalls or access controls.
C. Detective controls identify incidents as they occur or after they have occurred, like intrusion detection systems or security audits.
D. Limitation controls is not a standard, recognized category of security controls.

Concept tested. Types of security controls (corrective)

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

Topics

#Security Controls#Corrective Controls#Incident Management#Damage Limitation

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions