Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ (SY0-701) > General Security Concepts: Examine Security Control Types > Flashcards

General Security Concepts: Examine Security Control Types Flashcards

1
Q

What are the 7 Security Control Types

A

Preventive
Deterrent
Detective
Corrective
Compensating
Recovery
Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

What is the function of a Preventive Security Control Type?

A

Preventative: Helps block or avoid a compromise of information systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the function of a Deterrent Security Control Type?

A

Deterrent: Seeks to discourage potential threats, making these assets look less appealing or more difficult to exploit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the function of a Corrective Security Control Type?

A

Corrective: Provides mitigation and remediation for a security incident’s impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the function of a Compensating Security Control Type?

A

Compensating: Provides an alternative measure to meet a requirement of the implemented security control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the function of a Recovery Security Control Type?

A

Recovery: Returns a system or normalcy following a security incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the function of a Directive Security Control Type?

A

Directive: Are mandatory controls that pertain to guidance and governing adherence to regulations and standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the example of a Preventive Security Control Type?

A

Preventative:

Data encryption: Blocks unauthorized users from organizational data.

Application filtering: Blocks applications from executing or permits them to. This is sometimes referred to as a white/black listing.

Access control systems: Allows or denies access to resources for authorized users while blocking all access to unauthorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the example of a Deterrent Security Control Type?

A

Signs: Discourages unauthorized access to restricted locations or facilities, and includes labels and warnings.

Security cameras: Dissuade bad actors from committing malicious activities, as are visible and can be seen.

Guards: Discourages bad actors from performing malicious activities by providing the physical presence of trained security personnel who actively monitor locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the example of a Detective Security Control Type?

A

Detective:

CCTV: Provides recorded video that you can review so as to identify bad actors.

Motion sensors: Provides a triggered response mechanism that’s built into such devices as lights, cameras, and alarms.

IDS/IPS: Provides real-time monitoring and response mechanisms for security compromises.

Security Information and Event Management (SIEM) systems: Combines log analysis and correlation, and a centralized platform for detecting, collecting, managing, and analyzing security events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the example of a Corrective Security Control Type?

A

Corrective:

Data backup and restore procedures: Enables organizations to provide crucial data protection and recovery.

Incident response plans and procedures: Provides an organization with the steps, tools, and guidance needed to address a potential security incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the example of a Compensating Security Control Type?

A

Compensating:

Network segmentation: An example is a security control that provides an alternative (compensating) method for patching legacy systems.

Virtualization: An example is a security control that isolates a legacy application or system when patching isn’t an obtainable security control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the example of a Recovery Security Control Type?

A

Recovery:

Disaster recovery plan (DRP): Provides a strategy, guidelines, and procedures for restoring systems and data after a major disruptive event.

Data backup and restoration utilities: Creates copies of data and system configurations, which you can use to restore systems and data if data loss, corruption, or system failures occur.

Business continuity plan (BCP): Outlines strategies and actions to ensure essential business functions continue during and after disruptive events, including IT-related incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the example of a Directive Security Control Type?

A

Directive:

Acceptable use policy (AUP): Outlines the appropriate and expected behavior that employees must adhere to when using an organization’s information system(s).

Password policy: Establishes and controls an organization’s user-password construction and usage requirements.

Data classification policy: Categorizes an organization’s data by sensitivity and outlines appropriate storage, , and sharing procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security+ (SY0-701) (122 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions