SSCP Question #106: Real Exam Question with Answer & Explanation

The correct answer is C: Preventive. Preventive controls stop a security incident before it occurs. Password management (enforcing complexity, expiration, history, lockouts) prevents unauthorized users from gaining access in the first place. Detective controls identify incidents after they happen; compensating contr

Submitted by fatema_kw· Apr 18, 2026Access Controls

Question

Password management falls into which control category?

Options

ACompensating
BDetective
CPreventive
DTechnical

Explanation

Preventive controls stop a security incident before it occurs. Password management (enforcing complexity, expiration, history, lockouts) prevents unauthorized users from gaining access in the first place. Detective controls identify incidents after they happen; compensating controls are alternatives when a primary control cannot be implemented; 'technical' is a control category type (not a functional category) that can include preventive, detective, or corrective controls.

Topics

#Password Management#Security Controls#Preventive Controls#Control Types

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions