Preguntas en base a los objectivos del examen comptia sec +

Questions and Answers

Which of the following is an example of a technical security control?

User access reviews

Vulnerability management

Periodic risk assessments

Firewall rules (correct)

What category do firewalls and encryption belong to?

Operational controls

Technical controls (correct)

Corrective controls

Managerial controls

Which of the following control types is specifically designed to remediate security issues that have already occurred?

Preventive controls

Corrective controls (correct)

Detective controls

Deterrent controls

Which of the following is not a characteristic of operational controls?

Periodic risk assessments

What is the primary purpose of deterrent controls?

To prevent attackers from attempting security violations

Which of the following examples is classified as a physical control?

Locks

Which type of control includes mechanisms like intrusion detection systems?

Detective controls

Which of the following best describes managerial controls?

Procedural frameworks focusing on risk management

Which of the following scenarios best illustrates a preventive control?

Implementing firewall rules to block unauthorized traffic

Which of the following options does not represent a form of corrective control?

Performing vulnerability management

Examples of technical security controls include firewall rules, access control lists, and ______.

encryption

Operational controls include user access reviews, log monitoring, and ______ management.

vulnerability

Managerial controls focus on the mechanics of the ______ management process.

risk

Examples of physical security controls include fences, perimeter lighting, locks, and ______ suppression systems.

fire

Preventive controls intend to stop a security issue before it ______.

occurs

Deterrent controls seek to prevent an attacker from attempting to violate security ______.

policies

Detective controls identify security events that have already ______.

occurred

Corrective controls remediate security issues that have already ______.

occurred

Vicious guard dogs and barbed wire fences are examples of ______ controls.

deterrent

Explain the role of technical controls in information security.

Technical controls enforce confidentiality, integrity, and availability through digital mechanisms such as firewalls and encryption.

What distinguishes operational controls from other security control categories?

Operational controls focus on processes for managing technology securely, including user access reviews and log monitoring.

Describe the difference between preventive and detective controls.

Preventive controls aim to stop security issues before they happen, while detective controls identify security events that have already occurred.

Identify a key characteristic of managerial controls and provide an example.

Managerial controls are procedural mechanisms focusing on risk management, such as periodic risk assessments.

What is the purpose of physical controls in a security framework?

Physical controls are designed to protect the physical environment, using measures like fences and locks to deter unauthorized access.

What is the primary focus of integrity controls in cybersecurity?

To protect information from unauthorized modifications

Which control mechanisms are primarily aimed at ensuring availability in information systems?

Fault tolerance and clustering solutions

Which of the following factors may threaten both integrity and availability controls?

Nonmalicious events like hardware failures

What is a common goal of attackers concerning confidentiality?

To achieve unauthorized disclosure of information

Which of the following best describes the purpose of access control lists?

To manage permissions for system access

Study Notes

Security Control Categories

• Security controls are categorized by their mechanism of action.
• Four categories of security controls exist: technical, operational, managerial, and physical.

Technical Controls

• Enforce confidentiality, integrity, and availability in digital spaces.
• Examples include:
  • Firewall rules: Manage network traffic.
  • Access control lists: Define user permissions and access.
  • Intrusion prevention systems: Detect and prevent potential threats.
  • Encryption: Protects data by converting it into coded format.

Operational Controls

• Focus on processes for managing technology securely.
• Examples include:
  • User access reviews: Assess and validate user permissions.
  • Log monitoring: Track and analyze system logs for suspicious activity.
  • Vulnerability management: Identify and remediate weaknesses in systems.

Managerial Controls

• Procedural mechanisms concentrating on risk management processes.
• Examples include:
  • Periodic risk assessments: Evaluate risks and vulnerabilities regularly.
  • Security planning exercises: Prepare strategies for security enhancement.
  • Incorporation of security into change management: Ensure security is considered in all organizational changes.

Physical Controls

• Impact the physical security of facilities and assets.
• Examples include:
  • Fences: Provide perimeter security.
  • Perimeter lighting: Deters unauthorized access through visibility.
  • Locks: Secure access to buildings and rooms.
  • Fire suppression systems: Protect facilities from fire hazards.
  • Burglar alarms: Alert to unauthorized entry.

Security Control Types

• Security controls can also be classified by their desired effect.

Preventive Controls

• Aim to stop security issues before they occur.
• Examples include:
  • Firewalls: Block unauthorized access.
  • Encryption: Prevent unauthorized data access during transmission.

Deterrent Controls

• Seek to discourage attackers from attempting to breach security.
• Examples include:
  • Guard dogs: Deter intruders through presence.
  • Barbed wire fences: Physically obstruct entry.

Detective Controls

• Identify security events that have already taken place.
• Example:
  • Intrusion detection systems: Monitor networks for suspicious activities.

Corrective Controls

• Address and remediate security issues post-incident.
• Example:
  • Restoring backups: Recover data after a ransomware attack.

Compensating Controls

• Mitigate risks associated with exceptions to security policies.

Directive Controls

• Inform employees and stakeholders on security protocols.
• Examples include:
  • Policies and procedures: Provide guidelines to achieve security objectives.

Security Control Categories

• Security controls are categorized by their mechanism of action.
• Four categories of security controls exist: technical, operational, managerial, and physical.

Technical Controls

• Enforce confidentiality, integrity, and availability in digital spaces.
• Examples include:
  • Firewall rules: Manage network traffic.
  • Access control lists: Define user permissions and access.
  • Intrusion prevention systems: Detect and prevent potential threats.
  • Encryption: Protects data by converting it into coded format.

Operational Controls

• Focus on processes for managing technology securely.
• Examples include:
  • User access reviews: Assess and validate user permissions.
  • Log monitoring: Track and analyze system logs for suspicious activity.
  • Vulnerability management: Identify and remediate weaknesses in systems.

Managerial Controls

• Procedural mechanisms concentrating on risk management processes.
• Examples include:
  • Periodic risk assessments: Evaluate risks and vulnerabilities regularly.
  • Security planning exercises: Prepare strategies for security enhancement.
  • Incorporation of security into change management: Ensure security is considered in all organizational changes.

Physical Controls

• Impact the physical security of facilities and assets.
• Examples include:
  • Fences: Provide perimeter security.
  • Perimeter lighting: Deters unauthorized access through visibility.
  • Locks: Secure access to buildings and rooms.
  • Fire suppression systems: Protect facilities from fire hazards.
  • Burglar alarms: Alert to unauthorized entry.

Security Control Types

• Security controls can also be classified by their desired effect.

Preventive Controls

• Aim to stop security issues before they occur.
• Examples include:
  • Firewalls: Block unauthorized access.
  • Encryption: Prevent unauthorized data access during transmission.

Deterrent Controls

• Seek to discourage attackers from attempting to breach security.
• Examples include:
  • Guard dogs: Deter intruders through presence.
  • Barbed wire fences: Physically obstruct entry.

Detective Controls

• Identify security events that have already taken place.
• Example:
  • Intrusion detection systems: Monitor networks for suspicious activities.

Corrective Controls

• Address and remediate security issues post-incident.
• Example:
  • Restoring backups: Recover data after a ransomware attack.

Compensating Controls

• Mitigate risks associated with exceptions to security policies.

Directive Controls

• Inform employees and stakeholders on security protocols.
• Examples include:
  • Policies and procedures: Provide guidelines to achieve security objectives.

Security Control Categories

• Security controls are categorized by their mechanism of action.
• Four categories of security controls exist: technical, operational, managerial, and physical.

Technical Controls

• Enforce confidentiality, integrity, and availability in digital spaces.
• Examples include:
  • Firewall rules: Manage network traffic.
  • Access control lists: Define user permissions and access.
  • Intrusion prevention systems: Detect and prevent potential threats.
  • Encryption: Protects data by converting it into coded format.

Operational Controls

• Focus on processes for managing technology securely.
• Examples include:
  • User access reviews: Assess and validate user permissions.
  • Log monitoring: Track and analyze system logs for suspicious activity.
  • Vulnerability management: Identify and remediate weaknesses in systems.

Managerial Controls

• Procedural mechanisms concentrating on risk management processes.
• Examples include:
  • Periodic risk assessments: Evaluate risks and vulnerabilities regularly.
  • Security planning exercises: Prepare strategies for security enhancement.
  • Incorporation of security into change management: Ensure security is considered in all organizational changes.

Physical Controls

• Impact the physical security of facilities and assets.
• Examples include:
  • Fences: Provide perimeter security.
  • Perimeter lighting: Deters unauthorized access through visibility.
  • Locks: Secure access to buildings and rooms.
  • Fire suppression systems: Protect facilities from fire hazards.
  • Burglar alarms: Alert to unauthorized entry.

Security Control Types

• Security controls can also be classified by their desired effect.

Preventive Controls

• Aim to stop security issues before they occur.
• Examples include:
  • Firewalls: Block unauthorized access.
  • Encryption: Prevent unauthorized data access during transmission.

Deterrent Controls

• Seek to discourage attackers from attempting to breach security.
• Examples include:
  • Guard dogs: Deter intruders through presence.
  • Barbed wire fences: Physically obstruct entry.

Detective Controls

• Identify security events that have already taken place.
• Example:
  • Intrusion detection systems: Monitor networks for suspicious activities.

Corrective Controls

• Address and remediate security issues post-incident.
• Example:
  • Restoring backups: Recover data after a ransomware attack.

Compensating Controls

• Mitigate risks associated with exceptions to security policies.

Directive Controls

• Inform employees and stakeholders on security protocols.
• Examples include:
  • Policies and procedures: Provide guidelines to achieve security objectives.

Confidentiality

• Protects sensitive information from unauthorized access.
• Cybersecurity professionals implement tools like firewalls, access control lists, and encryption to strengthen confidentiality.
• Attackers may target confidentiality controls to disclose sensitive information without permission.

Integrity

• Ensures information and systems are not modified without authorization, whether maliciously or accidentally.
• Integrity is enforced through measures like hashing and integrity monitoring solutions.
• Threats to integrity can arise from attackers wanting to change data or from nonmalicious causes like power surges leading to data corruption.

Availability

• Guarantees that legitimate users can access information and systems when needed.
• Availability is supported by fault tolerance, clustering, and data backups.
• Threats to availability can stem from malicious attacks aiming to disrupt services or from accidental incidents like fires damaging data centers.

Description

Test your knowledge on the different categories of security controls, including technical, operational, managerial, and physical controls. This quiz covers definitions, examples, and the importance of each control type in maintaining security.