Password management falls into which control category?
- A. Compensating
- B. Detective
- C. Preventive
- D. Technical
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Preventive controls are put in place to inhibit harmful occurrences. Access control is an
example of a preventive control. Passwords are used in access control; therefore, password control is a preventive control.
Preventive controls can be administrative, physical or technical.
Preventive Technical controls include:
✑ Passwords, biometrics, smart cards
✑ Encryption, secure protocols, call-back systems, database views, constrained user interfaces
✑ Antimalware software, access control lists, firewalls, intrusion prevention system
Incorrect Answers:
A:
Compensating controls are controls that provide an alternative measure of control. Password management does not fall into the Compensating control category.
B: Detective controls are established to discover harmful occurrences. Password management does not fall into the Detective control category.
D: Technical is a control type, not a control category. Password management is a technical control but it falls into the Preventive control category.
References:
, 6th Edition, McGraw-Hill,
2013, p. 31
12.Patent: Electronic hardware and software solutions implemented to control access toinformation and information networks.
Get answer to your question and much more
13.Integrity: A process designed to identify potential events that may affect the entity, manage riskso it is within its risk appetite, and provide reasonable assurance regarding the achievement ofentity objectives.
Get answer to your question and much more
14.Risk Management: The practice of passing on the risk in question to another entity, such as aninsurance company.
Get answer to your question and much more
15.Data Disclosure: A breach for which it was confirmed that data was actually disclosed [not justexposed] to an unauthorized party.A] TrueB] False
16.You are a security consultant. A large enterprise customer hires you to ensure that their securityoperations are following industry standard control frameworks. For this project, the customerwants you to focus on technology solutions that will discourage malicious activities. Which typeof control framework should you focus on?
Get answer to your question and much more
17.You are performing a risk analysis for an internet service provider [ISP] that has thousands ofcustomers on its broadband network. Over the past 5 years, some customers have beencompromised or experienced data breaches. The ISP has a large amount of monitoring and logdata for all customers. Using that data, you need to figure out the likelihood of additionalcustomers experiencing a security incident. Which type of approach should you use for the riskanalysis?
Get answer to your question and much more
Test your knowledge of the CISSP exam’s Domain 1: Security and Risk Management -- one of the heaviest-weighted portions of the test -- with this practice quiz.
The following quiz is excerpted from the CISSP [ISC]2 Certified Information Systems Security Professional Official Study Guide, 7th Edition, ©2015 John Wiley & Sons, All Rights Reserved.
For IT professionals whose background may be more focused on hardware and software, the world of cybersecurity, risk management and compliance can be new, and sometimes challenging, territory. As opposed to the muscle-memory tasks like firewall configuration or patch deployment, the skills needed to navigate the shifting, strategic concepts of risk and compliance uses a different part of your brain. But these areas are critical for building a security program in any organization, from small businesses to global enterprises.
The importance of these disciplines is not lost on the [ISC]2, which administers the Certified Information Systems Security Professional [CISSP] exam. Domain 1 of the certification exam, Security and Risk Management, is one of the most heavily weighted sections of the test. It accounts for 16% of the final score -- the largest amount assigned to the exam’s eight domains. Only other section of the test, Domain 7: Security Operations, shares the same weight.
At a high level, Domain 1 covers cybersecurity, risk management, compliance, law, regulations and business continuity. According to [ISC]2, more specific concepts tested in Domain 1 include:
- confidentiality, integrity and availability
- security governance principles
- compliance
- legal and regulatory issues
- professional ethics
- security policies, standards, procedures and guidelines
Planning to take the CISSP exam and obtain certification? Test your knowledge of Domain 1 with this practice quiz, comprising five multiple-choice questions and 10 true/false questions on key concepts, vocabulary and principles of cybersecurity, risk management, compliance and more.
CISSP® is a registered mark of [ISC]².
This was last published in July 2017
Dig Deeper on Careers and certifications
-
10 cybersecurity certifications to boost your career in 2022
By: Steve Zurier
-
10 CIPP/US practice questions to test your privacy knowledge
By: Isabella Harford
-
Sample CompTIA Security+ exam questions and answers
By: Sharon Shea
-
CISSP practice exam questions and answers
By: Sharon Shea
Are designed to signal a warning when a security control has been breached?
Are procedures implemented to define the roles responsibilities policies and administrative functions needed to manage the control environment?
Term Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment. | Definition Administrative Controls |
Term Determines the potential impact of disruptive events on the organization's business processes. | Definition Vulnerability Assessment |