Chapter 1 - Types of security controls Flashcards

1
Q

A company has guards at the gate, guards at the entrance to its main building, and an access control vestibule inside the building. Access to the office where the company’s data resides is controlled through two additional doors that use RFID (radio frequency identification) locks. Which controls are being adopted by the company? (Select TWO.)
A. Preventive
B. Deterrent
C. Corrective
D. Physical

A

B. Detterant
D. Physical

All the controls described in the scenario are physical controls. They are set up as deterrent controls to prevent access of unauthorized personnel to the office.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

One of the file servers of an organization has suffered an attack. The organization’s IT administrator is searching the log files to understand what happened. What type of control are they implementing when carrying out the investigation?
A. Operational
B. Technical
C. Detective
D. Operational

A

C. Detective

Detective controls help in uncovering issues and anomalies that have already occurred. Therefore, log files being searched is a detective control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

During a monthly team meeting, an IT manager tasks both the mail administrator and the network administrator with creating a standard operating procedure. What type of control describes the mail administrator and network administrator’s task?
A. Directive
B. Managerial
C. Operational
D. Technical

A

A. Directive

Directive control provides specific instructions or guidelines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which control type focuses on eliminating or minimizing potential threats before they can cause harm?
A. Preventive
B. Compensating
C. Deterrent
D. Corrective

A

A. Preventive

Preventive controls are designed to prevent problems or risks from occurring by eliminating or minimizing potential threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An organization has been sent information by Microsoft that a critical update for Windows 11 has just been released. The organization’s cybersecurity team immediately applies this latest update to all of its Windows 11 computers. What type of control have they carried out?
A. Preventive
B. Compensating
C. Deterrent
D. Corrective

A

D. Corrective

Because the Windows 11 computers were vulnerable, the cybersecurity team needed to take corrective action by patching each computer to harden it and prevent attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An organization suffered a ransomware attack, where one of the technical controls was compromised. What type of control should a company implement to prevent a reoccurrence?
A. Preventive
B. Compensating
C. Detective
D. Corrective

A

B. Compensating

Compensating controls are alternative measures implemented when primary controls are not feasible or sufficient. In this case, the primary control needs to be replaced by a secondary control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following physical controls would deter someone from entering a quarry? (Select TWO.)
A. Bollards
B. Guards
C. Barrier
D. Signs
E. Lights

A

B. Guards
C. Barrier

Using a barrier and guards at the entrance to the quarry could prevent unauthorized personnel from entering the quarry. Once the guard has checked the identification of the personnel, they can raise the barrier to allow entry. The bollards are not useful, as they would prevent everyone from entering the quarry, including people who worked there.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Within the spectrum of control categories, which one is tasked with establishing protocols and guidelines to enhance the effectiveness of organizational oversight?
A. Technical
B. Managerial
C. Operational
E. Physical

A

B. Managerial

Top-level executives, including the CEO or president, may set the overall policy direction for the organization. They might also be involved in creating high-level policies that align with the company’s mission, vision, and strategic goals. These are known as managerial controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Following a third-party compliance audit, a company has been recommended that additional instructions need to be included in the current compliance policies. What type of control BEST describes the recommended action?
A. Operational
B. Directive
C. Deterrent
D. Corrective

A

B. Directive

directive controls provide specific instructions or guidelines for compliance with policies and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A cybersecurity administrator has decided to use homomorphic encryption to protect data so that they can read the data without needing to decrypt it. What type of control BEST describes the action carried out by the cybersecurity administrator?
A. Managerial
B. Technical
C. Operational
D. Physical

A

B. Technical

The cybersecurity administrator uses a Technical control, which is a control that relies on technology to protect and secure data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly