21 Jul Practice Test Question-Control Categories
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Naomi is installing a new endpoint detection and response (EDR) solution for her organization. What category of control is she installing?
A. Technical
B. Operational
C. Managerial
D. Detective
Correct Answer: A
There are three categories of security control: technical, operational, and managerial. Technical controls enforce CIA in the digital space. Naomi is installing an EDR system that uses technology to detect and respond to security incidents. Therefore, the EDR system is best described as a technical control. Operational controls include the processes that we put in place to manage technology in a secure manner. So this is not the correct answer. Managerial controls are procedural mechanisms that focus on the mechanics of the risk management process. So this is not the correct answer either. Security controls also come in types such as: preventive, detective, corrective, deterrent, physical, and compensating controls. We are looking for control categories, not control types. So detective is another incorrect answer.
Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!
No Comments