Sensitivity labels are an example of what application control type?

A.
Preventive security controls

B.
Detective security controls

C.
Compensating administrative controls

D.
Preventive accuracy controls

Explanation:
Sensitivity (Security) labels are attached to all objects; thus, every file, directory, and device has its own security
label with its classification information. A user may have a security clearance of secret, and the data he
requests may have a security label with the classification of top secret. In this case, the user will be denied
(prevented) because his clearance is not equivalent or does not dominate (is not equal or higher than) the
classification of the object.
The terms “security labels” and “sensitivity labels” can be used interchangeably.
Incorrect Answers:
B: Sensitivity labels are preventive, not detective, as the label may prevent the user or process from accessing
the resource.
C: A compensating control is a data security measure that is designed to satisfy the requirement for some other
security measure that is deemed too difficult or impractical to implement. Sensitive controls are preventive, not
compensating.
D: Sensitivity labels have nothing to do with accuracy. They are preventive.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
p. 222