PrepAway - Latest Free Exam Questions & Answers

which control category?

Password management falls into which control category?

PrepAway - Latest Free Exam Questions & Answers

A.
Compensating

B.
Detective

C.
Preventive

D.
Technical

Explanation:
Preventive controls are put in place to inhibit harmful occurrences. Access control is an example of a preventive
control. Passwords are used in access control; therefore, password control is a preventive control.Preventive controls can be administrative, physical or technical.
Preventive Technical controls include:
Passwords, biometrics, smart cards
Encryption, secure protocols, call-back systems, database views, constrained user interfaces
Antimalware software, access control lists, firewalls, intrusion prevention system
Incorrect Answers:
A: Compensating controls are controls that provide an alternative measure of control. Password management
does not fall into the Compensating control category.
B: Detective controls are established to discover harmful occurrences. Password management does not fall into
the Detective control category.
D: Technical is a control type, not a control category. Password management is a technical control but it falls
into the Preventive control category.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 31


Leave a Reply