1.1

Question 1

4 control CATEGORIES

Answer 1

Technical controls
Managerial controls
Operational controls
Physical controls

Question 2

A control category that is implemented using systems, including OSs

Answer 2

Technical controls

Question 3

A security control category that is administrative and associated with security design and implementation

Security policies, standard operating procedures

Answer 3

Managerial controls

Question 4

A security control category implemented by people instead of systems

Security guards, awareness programs

Answer 4

Operational controls

Question 5

The control category that limits physical access

Guard shacks, fences, locks, badge readers

Answer 5

Physical controls

Question 6

6 control TYPES

Answer 6

Preventive
Deterrent
Detective
Corrective
Compensating
Directive

Question 7

A type of security control that blocks access to a resource

Answer 7

Preventive

Question 8

A control type that discourages an intrusion attempt, but does NOT directly prevent access

Answer 8

Deterrent

Question 9

A control type that identifies and logs intrusion attempts, and may/may not prevent access

Answer 9

Detective

Question 10

A security control type that applies after an event has been detected to reverse the impact of the event

Keeps the system operating with minimal downtime

Answer 10

Corrective

Question 11

A control type that is put in place when existing controls are not sufficient. It is a method of control using other means.

May be temporary

Answer 11

Compensating

Question 12

A security control type that directs a subject toward security compliance: “Do this, please”

A relatively weak security control

Answer 12

Directive