PrepAway - Latest Free Exam Questions & Answers

Which of the following is a not a preventative control?

Which of the following is a not a preventative control?

PrepAway - Latest Free Exam Questions & Answers

A.
Deny programmer access to production data.

B.
Require change requests to include information about dates, descriptions, cost analysis and anticipated
effects.

C.
Run a source comparison program between control and current source periodically.

D.
Establish procedures for emergency changes.

Explanation:
To run a source comparison does not prevent any specific action from occurring.
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to
physical property, information, computer systems, or other assets. Controls help to reduce the risk of damage
or loss by stopping, deterring, or slowing down an attack against an asset.
To help review or design security controls, they can be classified by several criteria, for example according to
the time that they act, relative to a security incident:
Before the event, preventive controls are intended to prevent an incident from occurring e.g. by locking out
unauthorized intruders;
During the event, detective controls are intended to identify and characterize an incident in progress e.g. by
sounding the intruder alarm and alerting the security guards or police;
After the event, corrective controls are intended to limit the extent of any damage caused by the incident e.g.
by recovering the organization to normal working status as efficiently as possible.
Incorrect Answers:
A: Denying a programmer access to production data is an example of preventive control as it prevents the
programmer from accessing the data.
B: To make a change request to include extra information would prevent unauthorized changes from being
made.
D: By establishing procedure for emergency changes unauthorized changes could be prevented.

https://en.wikipedia.org/wiki/Security_controls


Leave a Reply