Security Controls

Question 1

What are detective controls used for?

Answer 1

To identify and log intrusion attempts.

Question 2

Give an example of a detective control.

Answer 2

Collecting and reviewing system logs.

Question 3

What are the types of assets that security controls protect?

Answer 3

Data, physical property, computer systems.

Question 4

What is the purpose of preventive controls?

Answer 4

To block access to resources and prevent security events.

Question 5

What are corrective controls used for?

Answer 5

To apply controls after an event has been detected and reverse its impact.

Question 6

What type of controls are firewalls and anti-virus systems?

Answer 6

Technical controls.

Question 7

What is an example of an operational control?

Answer 7

Security guards or awareness programs.

Question 8

What are physical controls designed to do?

Answer 8

Limit physical access to assets.

Question 9

What is a compensating control?

Answer 9

A control used when existing controls aren’t sufficient.

Question 10

How can ransomware impact be mitigated?

Answer 10

By restoring from backups.

Question 11

What do directive controls aim to do?

Answer 11

Direct subjects towards security compliance.

Question 12

What is the purpose of deterrent controls?

Answer 12

To discourage intrusion attempts.

Question 13

Provide an example of a directive control.

Answer 13

Guard shack checks all identification.

Question 14

What is an example of a preventive control?

Answer 14

Implementing firewall rules.

Question 15

What can a well-placed warning sign act as?

Answer 15

A deterrent control.

Question 16

How do administrative controls contribute to security?

Answer 16

Through policies and procedures for security design and implementation.

Question 17

What are security controls?

Answer 17

Measures implemented to protect systems and data from threats.

Question 18

Why are security controls categorized?

Answer 18

To better manage and implement them based on specific needs and risks.

Question 19

Name one category of security controls.

Answer 19

Technical controls.

Question 20

What is an example of a technical control?

Answer 20

Firewalls.

Question 21

Can a security control exist in multiple categories?

Answer 21

Yes, some controls may fit multiple categories.

Question 22

Why might an organization combine types of security controls?

Answer 22

To create a more integrated security approach tailored to their needs.

Question 23

What drives the creation of new security controls?

Answer 23

The evolution of systems and processes.

Question 24

Why is it important to regularly update security controls?

Answer 24

To address emerging threats and vulnerabilities.

Question 25

What is the difference between administrative and technical controls?

Answer 25

Administrative controls focus on policies and procedures, while technical controls use technology to protect systems.

Question 26

How can an organization’s security controls vary?

Answer 26

Based on their specific environment, risks, and regulatory requirements.